Collection and use of personal information
Disclosure of personal information to third parties
Our responsibilities as a ‘controller’ under the GDPR
Storage and security
...
By providing us with personal information, you consent to the disclosure of your personal information to third parties who reside outside Australia and, if you are a European Union (EU) citizen, to third parties that reside outside the EU. Where the disclosure of your personal information is solely subject to Australian privacy laws (and not subject to the GDPR), you acknowledge that we are not required to ensure that those third parties comply with Australian privacy laws.
Our responsibilities as a ‘controller’ under the GDPR
Controllers are defined by the GDPR as natural or legal persons, a public authority, agency or other body to which personal information or personal data has been disclosed, whether via a third party or not, and who determines the purposes and means of processing personal information. We are a controller under the GDPR as we collect, use and store your personal information to enable us to provide you with our services.
As a controller, we have certain obligations under the GDPR when collecting, storing and using the personal information of EU citizens. If you are an EU citizen, your personal data will:
be processed lawfully, fairly and in a transparent manner by us
only be collected for the specific purposes we have identified in the ‘collection and use of personal information’ clause above and personal information will not be further processed in a manner that is incompatible with the purposes we have identified
be collected in a way that is adequate, relevant and limited to what is necessary in relation to the purpose for which the personal information is processed
be kept up to date, where it is possible and within our control to do so (please let us know if you would like us to correct any of your personal information)
be kept in a form which permits us to identify you, but only for so long as necessary for the purposes for which the personal data was collected
be processed securely and in a way that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage. We also apply these principles to the way we collect, store and use the personal information of our Australian clients.
Specifically, we have the following measures in place, in accordance with the GDPR:
Data protection policies: We have internal policies in place which set out where and how we collect personal information, how it is stored and where it goes after we get it, in order to protect your personal information.
Right to ask us to erase your personal information: You may ask us to erase personal information we hold about you.
Right to ask us to restrict data processing: You may ask us to limit the processing of your personal information where you believe that the personal information we hold about you is wrong (to give us enough time to verify if the information needs to be changed), or where processing data is unlawful and you request us to restrict the processing of personal information rather than it being erased.
Notification of data breaches: We will comply with the GDPR in respect of any data breach.
Our responsibilities as a ‘processor’ under the GDPR
Where we are a processor, we have contracts containing certain prescribed terms in our contracts with controllers. Depending on circumstances, we can be a controller or processor or controller and processor. In addition to:
our contractual obligations with controllers (where we are solely a processor);
our legal obligations under the GDPR as a controller (where we are both a controller and processor) as a processor we also have the following responsibilities under the GDPR:
not to use a sub-processor without the prior written authorisation of the data controller;
to co-operate with supervisory authorities;
to ensure the security of our processing;
to keep records of processing activities;
to notify any personal data breaches to the data controller; and,
to employ a data protection officer and appoint (in writing) a representative within the European Union if required by the GDPR. (We are currently not required to take these measures).
...
Your rights and controlling your personal information
| Anchor | ||||
|---|---|---|---|---|
|
Choice and consent: Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. If you are under 16 years of age, you must have; and warrant to the extent permitted by law to us that you have, your parent or legal guardian’s permission to access and use the Site and they (your parents or guardian) have consented to you providing us with your personal information. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the services offered on or through it.
...