This Policy explains how Consilium Technology Pty Ltd (‘Consilium Technology’) and any group companies handle personal information, including how we collect, use and disclose personal information.
Consilium Technology is committed to complying with the Australian Privacy Principles (‘APPs’) in the Privacy Act 1988 (‘the Privacy Act’) and, to the extent applicable, the EU General Data Protection Regulation (‘GDPR’). We are committed to being open and transparent about our information handling practices. We respect the confidentiality of the personal information we hold and take steps to safeguard that information.
Consilium Technology needs to collect personal information to provide services to our clients and third parties. We may collect and hold the following personal information:
Where it is practical to do so, we aim to collect personal information directly from the individual it relates to. However, there may be circumstances where we need to collect personal information from a third party. Also, we may collect personal information indirectly because it is included in a communication with us. Some examples of how we collect personal information include (but are not limited to):
We take the security of the personal information we hold seriously. All Consilium Technology staff handle personal information sensitively and in accordance with our obligations under the APPs or the GDPR (if applicable).
We take all reasonable steps to protect the personal information we hold from misuse, interference and loss; and from unauthorised access, modification or disclosure. These steps include using electronic and physical security measures, including password protected software and hardware.
If we no longer need the personal information we hold, we take reasonable steps to destroy or de-identify that information. It may be necessary for us to retain personal information to comply with our legal obligations, or for insurance or audit purposes or for the purposes of machine learning and the development of algorithms and/or other instructions or software. Personal information stored electronically may also be stored securely indefinitely for IT back up and electronic audit trail purposes.
Much of the information we hold about you will be stored electronically in secure data centres located in Australia. We also store information in data centres of our contracted service providers (including cloud storage providers), and some of these data centres may be located outside Australia. Our contracted service providers or parties who we work with, that operate overseas, are likely to be located in, but not limited to, the United States, New Zealand, the Philippines, United Kingdom, Singapore and Malaysia.
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold both in Australia and overseas.
We use personal information in order to provide our clients with services, manage our business and our relationship with our clients and potential clients, and to enhance the services we provide.
Where necessary, we may also use personal information for the purpose of confirming your identity, confirming a representation that you have made to us, to directly offer you information, products and/or services that we believe may be of interest and value to you, complying with any applicable laws (for example any obligations we may have under legislation) and for the exception purposes specified in the Privacy Act.
We may also use personal information for audit or quality assessment purposes; billing and invoicing; and/or for staff training.
During project development for our clients, we may be provided with data that includes personal information. In that case, we take reasonable steps to ensure that the data used is de-identified to the extent that de-identification is possible, reasonable and practicable.
We only use personal information in accordance with the APPs and, to the extent applicable, the GDPR, and while maintaining client confidentiality.
In order to provide our services and conduct our business, we may disclose personal information to third parties.
In some, limited circumstances this may include sensitive information as defined in the Privacy Act. We do not disclose sensitive information about you unless you agree, would reasonably expect us to do so or if it is permitted under the Privacy Act or, to the extent applicable, the GDPR.
We may disclose personal information:
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
The legal basis for which we collect your personal information depends on the data that we collect and how we use it and we will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We shall comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
You can request to update or correct personal information we hold about you which you believe is inaccurate or out of date. To do so, you may contact us using the address under the ‘Contact details’ section.
If you have any concerns about our information handling practices you can contact us at [email protected] so that we can try and resolve the issue quickly and directly.
If we are unable to resolve your privacy complaint, you may contact the Office of the Australian Information Commissioner at:
GPO Box 5218, Sydney NSW, 2001, www.oaic.gov.au (telephone 1300 363 992).
You may request access to the personal information we hold about you, or make a privacy complaint, by contacting us at [email protected].