This policy sets out how Two Steps Forward Consulting ABN 16 313 358 025 (we) collect, hold and disclose personal information. We take privacy seriously and are committed to complying with the Australian Privacy Principles in the Privacy Act 1988 (Cth).
Why do we collect personal information?
We collect personal information to:
- provide products to our customers
- communicate with our customers, suppliers and other business contacts
- manage and account for our products
- manage credit provided to our customers
- inform our customers and other business contacts about product and industry developments
- market our products and send invitations to our events
- manage our employees and contractors
- generally carry on our business
What personal information do we collect?
We collect an individual’s name and contact details, and information about the individual’s occupation, employer and relationship with us or our customers and potential customers, and about the individual’s relationship with our other business contacts.
We also collect the information necessary to provide the specific products our customers require, as well as credit card and payment information.
How we collect personal information
We collect personal information direct from an individual when that individual meets with us, communicates with us by letter, telephone, email or fax, gives us a business card, subscribes to our publications, registers for or attends our events or submits information through our websites, blogs or other social media outlets.
We also collect personal information from information provided to us when an application is made for us to supply products on credit to a customer, or when a personal guarantee is provided in respect of an application for credit.
We may also collect information about an individual from our customers, potential customers and their business contacts, from the individual’s employer and from publicly available records or a third party eg a provider of an employment or other reference.
Anonymity and pseudonyms
Individuals have the right not to identify themselves, or to use a pseudonym when dealing with us. However, if we request personal information and it is not provided, we may not be able to provide products to or otherwise assist the relevant individual.
General use and disclosure
We use and disclose personal information for the primary purpose for which it was collected, related purposes and other purposes authorised by the Privacy Act. In general, we use and disclose personal information for the purposes set out above.
Use and disclosure for direct marketing
We will only use an individual’s personal information to market products or to send invitations to events where we give that individual an opportunity to request us not to use the information for such purposes. We will not use an individual’s personal information for such purposes if the individual requests us not to do so.
To whom do we disclose personal information?
We may disclose personal information:
- to our employees
- to other persons in connection with the provision of our products including our customers, suppliers and their contractors and other business contacts
- to anyone else whom the individual authorises us to disclose the information
- as otherwise authorised by the Privacy Act
Who else can access this information?
Our contractors may have access to some personal information we collect. For example, contractors may distribute some of our publications and develop and maintain our computer systems, electronic records, websites, blogs and other social media outlets.
Our auditors, insurers and legal and other professional advisers may also access our records to protect our interests and to ensure that we comply with our obligations.
Disclosure to overseas recipients
We will generally not disclose personal information to overseas recipients without consent unless required or authorised by law. Where required in order to provide specific products our customers require, we may disclose personal information to overseas recipients however, only to the extent required for such purposes.
How do we keep personal information secure?
We take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. We store hard copies of this information in access-controlled premises, and digital versions on secure servers. We require all persons authorised to access digital information to use logins and passwords to access such information.
We require all our contractors and others to whom we disclose personal information or whom may have access to personal information we collect, to keep such personal information private and to protect such personal information from misuse and loss and from unauthorised access, modification or disclosure.
Any credit card details provided to us for the purposes of making any payment are destroyed when processing the payment is finalised. We use Secure Sockets Layer (SSL) technology and industry standard 128 – bit encryption in our payment system.
Unless we are prevented to do so by the law, we de-identify or destroy securely all personal information we hold when no longer reasonably required by us.
In the event that we become aware of any actual or potential unauthorised access to or disclosure of personal information about an individual, or any loss of such information which may lead to unauthorised access or disclosure, we will promptly investigate and where appropriate, take remedial action and notify the individual affected in accordance with the Privacy Act
Integrity of personal information
We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete and that the personal information we use or disclose is accurate, up to date, complete and relevant, having regard to the purpose of such use or disclosure.
To that end, we encourage you to contact us to update or correct any personal information we hold about you.
Accessing your personal information
You may request access to personal information we hold about you. We may require you to verify your identity and to specify what information you require.
We deal with all requests for access to personal information as required by the Privacy Act. We may charge a fee where we provide access and may refuse to provide access if the Privacy Act allows us to do so.
Correction of personal information
We take reasonable steps to correct all personal information we hold to ensure that, having regard to the purposes for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
You may request corrections to personal information we hold about you. We deal with all requests for correction to personal information as required by the
Privacy Act. We may refuse to correct personal information if the Privacy Act allows us to do so.
If you are not satisfied with the outcome, then you may make a complaint to the Office of the Australian Information Commissioner (OAIC). For information about how to make such a complaint, please refer to the OAIC website http://www.oaic.gov.au/.
To request access to or correction of personal information, to request not to receive marketing material or invitations from us, or to make a privacy complaint to us, please contact us at firstname.lastname@example.org