Allied Pumps Privacy Policy

We respect your privacy and are committed to protecting the Personal Information you provide to us. This Policy sets out important information as to how we collect, store, secure and use your personal information in the course of our business. It tells you about your rights under the Privacy Act to the protection of your personal information.

We will review and update this Policy from time to time. The Privacy Officer will conduct a review of this Policy on each 3-year anniversary of the publication of this Policy and provide a report to our directors, recommending such changes as may be considered necessary and/or appropriate.

This Policy sets out:

  • the type of Personal Information which we collect;
  • how we gather Personal Information;
  • the use and disclosure of Personal Information which we collect;
  • how we secure and hold your Personal Information;
  • your Rights to access and correct your Personal Information;
  • contact details for responsible privacy officers within our business.
  1. GATHERING PERSONAL INFORMATION
  1. The Personal Information we Collect

1.1.1              We only collect the personal information that is necessary to lawfully and ethically carry on our business, to provide the information, products and services our customers and contacts request, to communicate efficiently with our customers and contacts, to keep our customers and contacts informed of products and services that are available from us, and to responsibly market our products and services. Our contacts include people who are employed by customers and people who may use, specify or recommend our products such as electrical contractors, builders, developers, architects, engineers, and their employees.

1.1.2              Unless we need particular information to supply the specific information, products or services you request, or to open a credit account for you, the personal information we might collect about you is limited to your name, gender, contact details, occupation, employer, relationship to or dealings with us or our customers, and details of your participation in our events and promotions and your purchases of our products and services.

1.1.2              If you apply to us to open a credit account we may collect information about your financial position and credit history.

  1. How we collect Personal Information

1.2.1       There are different ways in which we collect Personal Information from you. These include:

  • Direct Gathering

We will generally obtain Personal Information directly from you. We may require this information from you in order to provide information, products or services to you.

We may provide us with your Personal Information by meeting with us, filling out forms, corresponding with us or directly providing those to us in order to apply for our services, create accounts, subscribe to publications, enter promotions or provide us with our feedback.

  • Automated Gathering

In some cases, Personal Information may be gathered automatically through your interactions with our webpage. You may use many sections of our websites anonymously, but any information you choose to submit to us via our sites (eg: to book for an event, subscribe to a publication, enter a competition, participate in a promotion, or send us an email) will be treated in accordance with this Policy.

Our websites may use cookies to profile you and to tailor marketing material to your preferences. We may also record details of your visit to our sites such as your server address, domain name and browser type, the date and time of the visit, the information downloaded, and links from other sites followed to get to our sites -this information is anonymous and is only used for statistical and website development purposes.

You may require a Username and Password to access some sections of our sites. If you have a Username and Password, they will be used to identify you when you enter those sections.

  • Third Party Gathering

We may receive information from third parties, such as our customers or other contacts. For example, a customer who sells you our products may provide us with information about you. We will only gather information in this way if we are satisfied that those parties have the right to give us that information, and that we have the right to use it.

  1. How we Store Personal Information

1.3.1              Personal Information we gather is generally held by us electronically on our services. In some cases, we will ask external service providers to hold Personal Information. Where we do so, we will comply with the provisions of this Policy to ensure the external service provider maintains confidentiality.

Storage of Personal Information is also subject to the security measures described in this Policy.

  • USE AND DISCLOSURE OF PERSONAL INFORMATION
  • Use of Personal Information for Conducting our Business

2.1.1              We may use the Personal Information provided to us in order to provide the information, products or services which you have requested from us. This may include assessing and processing applications for credit, or to manage an account opened with us.

Change of Purpose

2.1.2              We will only use your Personal Information for the reasons set out in this Policy. If there is a change in our business, or we consider that we require your Personal Information for an additional or new purpose, we will only do so in accordance with the Privacy Act.

  • Use of Personal Information for Secondary Purposes

2.2.1              We may use the Personal Information provided to us in order to:

  • invite you to attend events hosted by us; or
  • provide information about promotions, competitions or other special offers. 

2.2.2              We are committed to giving you freedom in relation to your rights to privacy, particularly in relation to our contact with you for these purposes. If you tell us that you do not wish to receive this kind of correspondence from us, we will no longer use your Personal Information for the purposes set out in this clause.

2.2.3              We never disclose Personal Information that we hold about you to any entities outside our business (or its directly related companies) in order to allow them to market their products and services to you.

  • Disclosure of Personal Information

2.3.1              There are some circumstances, in which we will disclose your Personal Information to external parties. These are:

  • External Service Providers

In some cases, we may use external service providers to assist us in managing our databases, websites or to attend to our marketing communications. This may include the disclosure of some Personal Information to engage these external service providers.

Where we disclose your Personal Information to an external service provider, we will ensure that they are bound by obligations of confidentiality. We will only disclose information to the extent that it is necessary to provide the services we require from them.

  • Disclosure to Government Authorities

Under the Privacy Act, we may be required to disclose your Personal Information to certain authorities. We will only do so in the event that we are compelled to do so according to law. In some cases, we may do so without notice to you.

  • Disclosure under the Mandatory Data Breach Notification Scheme

Under Part IIIC of the Privacy Act, we are required by law to notify you and the Office of the Australian Information Commissioner if:

  • there is unauthorised access to, or unauthorised disclosure of, personal information we hold; and
  • a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;

OR

  • information is lost in circumstances where there is likely to be unauthorised access to, or unauthorised disclosure of, that information; and
  • if that unauthorised access or disclosure were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.

Unless an exemption under the Privacy Act 1988 (Cth) applies, we will notify you of any breach of your privacy. We will also share the existence and nature of the breach with the Office of the Australian Information Commissioner.

That notification will take the form of a Breach Statement and may contain details of the information (including the information itself) which has been effected by the unauthorised disclosure, access or loss.

  • Merger

In the event that we are involved in a merger, acquisition or sale of all or a part of our assets, you will be notified as to any change in the ownership of our business and any consequent change to the entity holding or using your Personal Information.

  • Permitted General Exceptions

Under the Privacy Act, there are a number of permitted general exceptions to the requirement for non-disclosure of Personal Information. These exceptions include disclosures where:

  • it is unreasonable or impracticable to obtain the individual’s consent to the collection, use or disclosure and we reasonably believe that the collection, use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health or safety;
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in and we reasonably believe that the collection, use or disclosure is necessary in order for the entity to take appropriate action in relation to the matter;
  • we reasonably believe that the collection, use or disclosure is reasonably necessary to assist any APP entity, body or person to locate a person who has been reported as missing and the collection, use or disclosure complies with the rules made under section 16A(2) of the Privacy Act; and
  • The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim.

In some cases, we may disclose Personal Information to overseas recipients in accordance with the provisions outlined above. Those recipients may be located in any country.

  • SECURING PERSONAL INFORMATION
  • Measures to Protect Personal Information

3.1.1       We adopt security measures to protect your Personal Information. This is to ensure that the risk of unauthorised access (whether internal or external) is minimised. These measures can be divided into 3 types:

  • Protection from Internal Risks

To guard against the risk of unauthorised access, loss or disclosure of information from internal sources, we:

  • permit access to information to only those staff who require such access in order to perform their duties;
  • train staff in the use of information-technology, systems and software;
  • keep records of the equipment and storage devices maintained by us to prevent unauthorised removal;
  • implement policies and procedures with respect to the use of information, including procedures as to how work is performed to ensure consistency with privacy principles.
  • Protection from External Risks

To guard against the risk of unauthorised access, loss or disclosure of information from external sources, we:

  • maintain security at our premises;
  • ensure information-technology is password protected so that access to our premises does not permit access to your information;
  • prohibit third-party personnel from accessing areas of our premises in which information is stored; and
  • do not permit the reproduction of information for removal from our premises.
  • Cyber Risks

To guard against the risk of unauthorised access, loss or disclosure of information from cyber attack or intervention, we:

  • maintain updated information-technology platforms;
  • regularly change passwords;
  • protect our systems, communications and servers using proprietary encryption software, which is updated (or replaced) regularly;
  • maintain firewalls and scanning tools to detect attempts by outside sources to access our systems, network or information-technology;
  • prohibit access using our information-technology to harmful websites; and
  • do not permit the installation of third-party platform software capable of displacing control of our systems.

       In addition, we destroy any information held which is no longer required by us.

  • YOUR RIGHTS
  • Correcting and Updating Your Personal Information

4.1.1              Under the Privacy Act, you have the right to ask us for access to the personal information we hold about you. You may also ask us to correct that information.

4.1.2              Where you request us to access your personal information or to correct it, we must respond to that request within 30 days. If you have requested a correction, we must take reasonable steps to do so if we agree that it requires correction, subject to any legal obligations preventing us from doing so.

  • Requesting Alternate Formats of this Policy

4.2.1              In accordance with APP 1.6, you may request access to this Policy in an alternate format. You may do so by contacting our Privacy Officer, using the details provided in this Policy.

  • Contacting Us

4.3.1              You may contact us using the following details in order to ask questions, make a complaint or otherwise discuss matters arising out of, or in connection with, this Policy and your privacy:

Postal:                         C/- The Privacy Officer, 2 Modal Crescent, Canning Vale WA 6155 Australia

Email:                          sales@alliedpumps.com.au

Telephone: [08 9350 1000]

  • How we Handle Complaints

4.4.1              Where a complaint is made to the Privacy Officer in accordance with this Policy, the complaint will be considered by our Privacy Officer and a response provided within 14 days.

4.4.2              In the event that the complaint is unable to be resolved in consultation with you, the parties may refer the dispute to an external dispute resolution provider. If the complaint remains unresolved, or the parties fail to agree on an external dispute resolution provider, the complaint may be referred to the Office of the Australian Information Commissioner.

  1. Interpretation

Unless otherwise stated, the following words have the corresponding meaning set out below:

  • APP means the Australian Privacy Principles, as set out in the Privacy Act.
  • Notifiable Data Breach means a data breach which is likely to result in Serious Harm.
  • Personal Information has the same meaning as under the Privacy Act, as amended from time to time. It includes information or opinion (in any form) about an identifiable individual, or an individual who is reasonable capable of identification, whether the information or opinion is true or not.
  • Policy means this Allied Pumps Privacy Policy, as updated from time to time.
  • Privacy Officer means the person appointed by us to manage actions, complaints or procedures arising out of, or in connecting with, this Policy.
  • Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
  • Serious Harm means harm of a serious nature, having regard to the criteria set out in section 26WG of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth);
  • We, Us and Our means Allied Pumps Pty Ltd.
  • Inconsistency with the Privacy Act

It is intended that this Policy is consistent, and complies, with the Privacy Act and the APP. In the event of any inconsistency, however, the Privacy Act and APP are to prevail to the extent of that inconsistency.