This Policy explains how Consilium Technology Pty Ltd (‘Consilium Technology’) and any group companies handle personal information, including how we collect, use and disclose personal information.
Consilium Technology is committed to complying with the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (‘The Privacy Act’) and, to the extent applicable, the EU General Data Protection Regulation (‘GDPR’). We are committed to being open and transparent about our information handling practices. We respect the confidentiality of the personal information we hold and take steps to safeguard that information.
Consilium Technology needs to collect personal information to provide services to our clients. We may collect and hold the following personal information:
Where it is practical to do so, we aim to collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party (such as a client we are providing services to). Also, we may collect personal information indirectly because it is included in a communication with us. Some examples of how we collect personal information include (but are not limited to):
We take the security of the personal information we hold seriously. All Consilium Technology staff handle personal information sensitively and in accordance with our obligations under the APPs or the GDPR (if applicable).
We take all reasonable steps to protect the personal information we hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.
If we no longer need the personal information we hold physical copies of, we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes. Personal information stored electronically may be stored securely indefinitely for IT back up and electronic audit trail purposes.
We use personal information in order to provide our clients with services, manage our business and our relationship with our clients, and to enhance the services we provide.
Where necessary, we may also use personal information for the purpose of confirming your identity or confirming a representation that you have made to us and complying with any applicable laws (for example any obligations we may have under legislation).
We may use personal information for audit or quality assessment purposes; billing and invoicing; and/or for staff training.
During project development for our clients, we may be provided with data that includes personal information. In that case, we take reasonable steps to ensure that the data used is de-identified to the extent that de-identification is possible and practicable.
We only use personal information in accordance with the APPs and, to the extent applicable, the GDPR, and while maintaining client confidentiality.
In order to provide our services and conduct our business, we may disclose personal information to third parties.
In some, limited circumstances this may include sensitive information as defined in the Privacy Act. We do not disclose sensitive information about you unless you agree, would reasonably expect us to do so or if it is permitted under the Privacy Act. or, to the extent applicable, the GDPR.
We may disclose personal information:
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
The legal basis for which we collect your personal information depends on the data that we collect and how we use it and we will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We shall comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
You can request to update or correct personal information we hold about you which you believe is inaccurate or out of date. To do so, you may contact us using the address under the ‘Contact details’ section.
If you have any concerns about our information handling practices you can contact us at [email protected] so that we can try and resolve the issue quickly and directly.
If we are unable to resolve your privacy complaint, you may contact the Office of the Australian Information Commissioner at:
GPO Box 5218, Sydney NSW, 2001, www.oaic.gov.au (telephone 1300 363 992).
You may request access to the personal information we hold about you, or make a privacy complaint, by contacting us at [email protected].