Our commitment to protect your privacy
Our business is bound by the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP). Our business is an APP entity as defined in s 6(1) of the Act. We understand how important it is to protect your personal information. This document sets out our Privacy Policy commitment in respect of personal information that you may provide to us. Any personal information we collect about you will only be used for the purposes indicated in our policy, where we have your consent to do so, or as otherwise required or authorised by law. Our commitment in respect of personal information is to abide by the Privacy Act 1988 (Cth) and any other relevant law. Please ensure that you read this Privacy Policy and the associated Terms and Conditions The personal information we collect about you is necessary to enable us to provide the services set out in this Privacy Policy. If you do not allow us to collect your personal information, we may be unable to assist you with your request.
Personal information
We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. When we refer to personal information we mean information or an opinion about you, from which you are, or may reasonably be, identified. This information may include (but is not limited to) your name, date of birth, driver’s licence number, phone number, email address, address, and nationality. It is not common practice for us to collect sensitive information about you (such as information about your health, religion, trade union membership, political opinion, sexual preference or criminal record). We will only collect sensitive information about you with your consent.
Personal information is collected from our clients in the following ways:
– by providing it to us directly;
– by authorising third parties to provide it to us;
– by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf.
How is personal information received and held?
Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email.
For what purpose is personal information collected, held, used and disclosed?
All data processed by the business is done on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:
– to offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent;
– to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
– to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
– to comply with applicable laws.
How can personal information be accessed or corrected?
Clients may access their personal information and seek correction of it at any time by applying to our office in person or in writing.
Clients will be formally identified before releasing or amending any personal information.
Is personal information disclosed outside of Australia?
Where necessary we will disclose personal information to overseas recipients, including a related body corporate. The likely countries that information might be sent to include [Insert locations].
What is the complaints process relating to personal information?
If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a complaint may be made by the client to:
– our customer services team; or
– the Office of the Australian Privacy Commissioner.
Data breaches
All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.
What is an eligible data breach?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
(i) there is unauthorised access to, or unauthorised disclosure of, the information;
(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
(b) the information is lost in circumstances where:
(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
(j) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;…
If there is a suspicion of a breach
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:
– the business’s details;
– a description of the breach;
– the kind or kinds of information concerned; and
– recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
Exception to reporting
Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.
Further information and complaints
You may request further information about the way we manage your personal information or lodge a complaint by contacting our Privacy Officer(s) on the contact details below.
We will deal with any complaint by investigating the complaint, and providing a response to the complainant within 15 business days, provided that we have all necessary information and have completed any investigation required. In cases where further information, assessment or investigation is required, we will seek to agree alternative time frames with you.
Contact details
Our contact details are below and we will respond to your query as soon as possible.
Kango Tech
Suite 505, 22 Market Street,
Sydney, NSW 2000
+61 2 8045 5370
Change in our privacy policy
We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market practices.
As a consequence we may change this Privacy Policy from time to time or as the need arises.