1. WHY DO WE COLLECT PERSONAL INFORMATION?
- We collect personal information from you where it is reasonably necessary for a business purpose, including in order to supply you with services, ensure that we can improve our services to best meet your needs and to comply with our legal obligations.
- If you do not wish to receive marketing material from us or about our products, services or events, please email our Privacy Compliance Officer at the details below.
2. WHAT TYPE OF INFORMATION DO WE COLLECT AND HOW?The type of personal information we collect may include your name, address, date of birth, occupation, contact details (e.g. phone numbers and email addresses), payment details (e.g. bank account or credit card details) and financial information.
We may collect this information in a number of ways, such as:
- Directly from you – for example, where you complete your details in an order form or provide those details to one of our account managers;
- As a result of your use of our services – for example, when you pay your bill or use our services or self-service channels;
- From your online activity – for example, cookies and other digital identifiers;
- From third parties – for example, from your employer if you are an end user of one of our services or from a credit reporting agency in order to conduct a credit assessment or manage your credit situation with us.
- We will take reasonable steps to ensure that you know we have your personal information, how we received it and how we will use it.
- If you are unable to provide us with the details we ask for, we may not be able to provide you with a service that you wish to acquire or give you the level of service you expect.
3. HOW DO WE STORE PERSONAL INFORMATION AND WHO DO WE SHARE IT WITH?
- Information we hold about you is stored in secure electronic databases.
- We may share your personal information to appropriately qualified staff within our organisation and with third parties that we work with in order to supply you with the services you have ordered from us.
- We will only share your information with third parties where they require it in order to make services available or manage their relationship with you. In these cases, we will ensure that we have arrangements in place with those partners that limit their use or disclosure of your personal information.
- Credit and debt management
- In some circumstances, we may need to refer or sell an overdue debt to debt collectors or other companies, in which case, we will give them access to the personal information they need to handle the debt.
- Legal obligations
- We may provide third parties with personal information and cooperate with law enforcement bodies where we are permitted or required to do so by law. Scenarios where we may do this include where there is unlawful activity, serious misconduct or to mitigate a grave threat to life, health or safety.
- Others with your permission
- We will also disclose personal information to others where you have asked us to, reasonably expect us to do so or given us permission.
4. DO YOU DISCLOSE PERSONAL INFORMATION TO OVERSEAS RECIPIENTS?
- Our main business locations are in Australia and New Zealand, but some of our group companies may be based in other countries from time to time. Accordingly, we may need to share your personal information with overseas organisations.
- Where those organisations are based in countries that do not have the same or substantially similar privacy laws as those in Australia, we will take reasonable steps to ensure that they do not breach the Australian Privacy Principles.
- We may also store your information in the cloud or other types of networked or electronic storage. These services often involve diverse geographic locations, which change periodically for reasons which include data protection and processing efficiency. Where we use these services, it is not always practical for us to notify you of which country your personal information may be located in.
- New Zealand
Listed below are the countries where we are aware personal information that we share may be located:
5. NOTIFIABLE DATA BREACH - PRIVACY ACT 1998 (CTH)
Where we collected the personal information (e.g. customer contact details).
Our primary goal is to maintain information governance and security via compliance with the Privacy Act 1998 (Cth) (the Act). For personal information that we hold:
- a. If we suspect there has been a data breach, we will take appropriate remedial actions if possible, to contain the suspected breach.
- b. We will conduct an assessment within 30 days from when our suspicions arose. The assessment will follow our ISO 27001 procedure for Information Security Incident Management.
- c. If we determine there has been a breach and the assessment concludes there is a risk of serious harm, we will:
- i. notify affected persons in line with current standard processes, unless the incident is covered by an exception in the Act; and
- ii. notify the Australian Information Commissioner.
- d. We will review the incident and take appropriate actions to prevent future breaches.
In relation to Cloud and network services that we may provide to you, it is your responsibility to ensure that no personal information is stored or processed by our Cloud and network services. Just like the landlord of a storage shed does not take inventory of the tenant’s goods, we provide the place for you to store your data, but do not inspect it.
However, if we have reasonable grounds to believe that personal information may have been stored in our Cloud which has been compromised, we will notify you and share all relevant details of the alleged breach. We will undertake an assessment of the breach in accordance with our obligations under the Act and may assist you with your assessment and remedial actions under the Act.
6. HOW DO I ACCESS OR CORRECT MY PERSONAL INFORMATION?
- We will take all reasonable steps to ensure that the personal information we have about you is accurate, complete and up-to-date.
- You can access and correct any of your personal information by sending an email to our Privacy Compliance Officer at the details below. We will always confirm your identity before giving access to your personal information.
- Most of the time, we should be able to provide you with access free of charge. However, if your enquiry is complex or resource intensive and a handling fee applies, we will advise you of that fee and seek your consent before processing your request.
7. HOW DO I CONTACT YOU?Please let us know if you have any questions or concerns about this policy or our practices.
You can contact us by:
Phone: 02 8667 0423
Mail: Privacy Compliance Officer
Ethan Group Pty Ltd
Level 5, 13-15 Lyonpark Rd, North Ryde NSW 2113
If you would like further information or to complain about our privacy practices, please contact our Privacy Compliance Officer. Our general complaint handling policy also applies to complaints about privacy.
Our Privacy Compliance Officer will investigate the matter and try to resolve it in a timely way. If we are unable to resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, you may lodge a complaint with the Telecommunications Industry Ombudsman (if the matter is related to a telecommunications service) or the Office of the Australian Information Commissioner.
8. POLICY UPDATES
- We may update this policy from time to time and any changes will be reflected on this page.