Garage of Awesome Pty Ltd (ABN 83 144 000 653) (“GoA”) is committed to protecting the privacy of personal information. Personal information is defined under the Privacy Act 1988 (Cth) (“Privacy Act”). All people and organisations working with and for GoA are required to be familiar with and to comply with the obligations set out in this Policy. Your use of our web site and/or web services evidences your consent to GoA collecting, using and disclosure of personal information in the manner set out below. The personal information we collect includes, but is not limited to:
· Personal information for employment, customer and marketing purposes such as full name, postal address, phone and fax numbers and email addresses.
· Personal information relating to a person’s business or professional capacity such as ABN/ACN, position, organisation, postal address, phone and fax numbers and email addresses.
· Personal information for the purpose of organising, inviting and holding an event with GoA or its partner entities.
How we collect personal information
· Directly from the person and/or the company they represent that we are interacting with to provide advice, services, materials and/or resources, employment opportunities or company information. This information can be collected in hard copy forms, online or by email, post, facsimile, face to face, over the phone or through our partner channels, including wholesalers and partners.
· Enquiries made to external parties in order to provide advice, services, materials and/or resources, employment opportunities or company information, for example reference checks for employment purposes.
· From publicly available information ie LinkedIn, Facebook, etc.
How we store and secure personal information
· We take reasonable steps to maintain the security of personal information to protect it from un-authorised disclosures.
· Information in hard copy format is stored in our secure offices secured by swipe passes, lock and key cabinets or rooms, and password protected rooms.
· Information in electronic format is stored securely on our secure servers or in accredited systems that meet security and privacy standards.
The use of personal information
· GoA will not sell, rent or lease customer lists or other personal information to third parties. Personal information will not be distributed, shared or passed on to any third party unless consent has been granted by the individual or organisation, or GoA is required to do so by law.
· GoA uses this information to provide our core services to our customers, market our services and our brand to the industry and potential customers, recruit employees, have productive working relationships with our employees, and to engage with partners and third party service providers.
· We may share personal information with third parties such as our vendors or suppliers who provide us with goods or services, our clients (who may be located overseas) or our professional advisers, where permitted by the Privacy Act.
How to access or correct your personal information or make a privacy complaint
GoA is transparent and accountable for the limited personal information that we collect and aim to maintain the accuracy and quality of this information. Should you wish to access or correct your personal information we hold, please contact GoA via firstname.lastname@example.org. You may also use these contact details to notify us of a privacy complaint if you think we have failed to comply with our obligations under the Australian Privacy Principles. If a complaint is made, it will be thoroughly assessed in a timely manner and any breach will be rectified, where practicable and possible. All complaints will be taken seriously and will feed into continual processes for reviewing and improving privacy.
GoA may, at its discretion, update or revise this Policy from time to time.
Data Breach Reporting
The Privacy Act and General Data Protection Regulation (Regulation (EU) 2016/679) requires that reasonable and appropriate protection is made around information, including personal information and customer data (“Information”), and that certain data breaches are reported to the relevant authorities. GoA may collect and store Information to enable GoA to provide services to its customers. That Information may be held in various forms and transmitted through systems controlled by GoA or its customers.
In the event a data breach occurs or, a data breach is suspected, GoA will follow this Policy and the below Response Plan to contain, assess and respond appropriately.
1. Initial notification: If personnel become aware of an actual or suspected data breach, they must immediately notify the Privacy Officer with information regarding the data breach.
2. Preliminary assessment: The Privacy Officer shall notify the relevant personnel to collect and collate information regarding the data breach.
3. Assessment of Risk: The Privacy Officer in conjunction with management will assess the severity of the data breach based on the information received.
4. Notification: The Privacy Officer in conjunction with management will consider whether notification to the relevant authority and/or affected individuals is required and, if notification is required, make that notification.
5. Review: The Privacy Officer will then undertake an internal review of the circumstances to consider if further action is required.