Privacy and information policy


Privacy statement – introduction

Data#3 Limited (ABN 31 010 545 267) and its related bodies corporate (“Data#3”, “we”, “our” or “us”) recognise that your privacy is important and we take privacy seriously. This policy sets out how we collect, store, use and disclose your personal information.

As Data#3 predominantly offers its products and services in Australia, this policy is designed to comply with the Privacy Act 1988 (Cth), Australian Privacy Principles and applicable privacy codes (the Privacy Laws).

For users in EEA, Switzerland and UK you may have additional rights under the EU or UK General Data Protection Regulation (GDPR) with respect to your personal data as set out in Annexure A.

For users resident in California, your rights under the California Consumer Privacy Act (CCPA) with respect to your personal data as set out in Annexure B.

We also treat any other information received by Data#3 in relation to you and your business, including information we may receive from third parties, such as our vendors, contractors and customers, in line with this policy (Privacy and Information Policy).

By accessing our websites, products and services, you accept the terms of this Privacy and Information Policy.

Collection of Personal Information

Personal Information” means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. The type of information we may collect, use, disclose and hold in the course of conducting business includes personal information about:

  • our clients and potential clients and their employees, and the goods and/or services used, intended to be used, and/or required by them;
  • vendors, suppliers and their employees, and the goods and/or services provided by them;
  • employees, prospective employees and contractors; and
  • other people who come into contact with Data#3 and the goods and/or services used, intended to be used or required by them.

In general, the type of personal information we collect and hold includes names, addresses, contact details, titles, e-mail addresses, occupation, details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to enquiries, information you provide to us through our customer surveys, information associated with Data#3 marketing events and other information which assists us in conducting business, providing and marketing services and meeting legal obligations. We may also collect ‘sensitive information’, such as information about an individual’s criminal record or health information if it is essential for the purpose of the conduct of business, however, we will obtain your written consent prior to us obtaining such sensitive information from you.

If you access our website, we may collect additional personal information about you in the form of your IP address or domain name. Our website may contain links to other websites. We are not responsible for the privacy practices of or content contained in linked websites and any linked websites which are not subject to our privacy policies and procedures.

Use of personal information

As a major provider of a range of information technology products, services and resource solutions, Data#3’s primary purpose for collecting, holding, using and disclosing personal information is to facilitate the efficient provision of quality information technology products and services. Whilst much of this information may not be personal information, some of the information we collect, on its own or when matched with other information, may be personal information about you.

Specifically, we collect personal information so that we can:

  • identify you, your company and conduct appropriate checks;
  • understand your requirements and provide you with a product or service;
  • set up, administer and manage our products, services and systems;
  • manage, train and develop our employees and representatives;
  • conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
  • engage in administrative, marketing (including direct marketing), planning, product or service development, quality control and research activities of Data#3, its contractors or service providers;
  • audit and monitor the products and services we provide;
  • manage complaints and disputes;
  • understand your needs, your behaviours and how you interact with us, so we can engage in product and service research, development and business strategy including managing the delivery of our services and products via the ways we communicate with you;
  • comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or co-operate with any governmental authority of any country (or political sub-division of a country).

We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If you do not agree to provide us with your personal information, this may limit our ability to provide our services and solutions to you effectively. If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services and solutions you, or they, are seeking.

How do we collect personal information

We generally collect personal information:

  • from you directly when you provide your details to us;
  • when you purchase our solutions, products and services;
  • from you indirectly through emails, forms, face-to-face meetings, interviews, registration and attendance at seminars, business cards and telephone conversations and through use of the services and facilities available through www.data3.com, including receiving subscriptions, events, workshops, seminars, blogs and other social media;
  • from outlets to which you contribute;
  • when we purchase your products and services;
  • when we respond to your inquiries and requests;
  • when we obtain feedback from you about our solutions and services;
  • when we conduct our administrative and business functions;
  • when we market our products, solutions and services to you; and
  • through your access and use of our websites.

We may also collect personal information from third parties including your representatives or colleagues, credit reporting agencies, law enforcement agencies, other government entities and other publicly available sources of information.

Disclosure

We may disclose your personal information to our employees and related bodies corporate.

We may also disclose your personal information to:

  • third party service providers, contractors, and suppliers with whom we have a commercial relationship for business, marketing, and related purposes;
  • any organisation for any authorised purpose with your express consent;
  • others where the disclosure is required by law, for example, to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes; and
  • an organisation that acquires all or part of our assets or businesses.

Some of these organisations and service providers may not be required to comply with this policy. Except as set out above, Data#3 will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the applicable Privacy Laws.

In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.

Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

Cookies

In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of products or services you view so that, if you consent, we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.

Data quality, access and correction

You may request access to personal information we hold about you by making a written request. We will respond to your request within a reasonable period and as required under the relevant Privacy Laws. We may charge you a reasonable fee for processing your request (but not for making a request for access).

We may decline a request for access to personal information in circumstances prescribed by the applicable Privacy Laws, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).

If, upon receiving access to your personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We take reasonable steps to correct the information so that it is accurate, complete and up to date. If we refuse to correct your personal information, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint.

How do you make a privacy related complaint?

If you have any questions about privacy related issues or wish to complain about a potential breach of the applicable Privacy Laws or the handling of your personal information by us, please contact our Privacy Officer. We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Privacy Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.

Address:          Data#3 Privacy Officer, Level 1, 555 Coronation Drive, TOOWONG, QLD, 4066

Telephone:      1300 23 28 23

E-mail:             privacy@data3.com.au

Are we likely to disclose your personal information overseas?

We store and retain your personal information in Australia. However, we may disclose your personal information to the following overseas recipients:

  • other companies or individuals who assist us in providing solutions and services or who perform functions on our behalf (such as third party service providers), including those located in the Philippines, USA, United Kingdom and other countries where we are engaged in business or related activities with you or your company or organisation;
  • regulatory authorities;
  • anyone else to whom you authorise us to disclose it; and
  • anyone else where authorised by law.

Such access will be provided under secure protocols (see below for further information on how we manage other information about your business).

We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the requirements contained in the applicable Privacy Laws.

Information security and storage

As an information technology company, Data#3 will use all reasonable endeavours to ensure the integrity and security of your personal information is maintained. Data#3 also employs physical and administrative safeguards which we consider are consistent with Australian industry standards. We hold personal information in either paper-based records, in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. Data#3 personnel are also contractually bound by confidentiality obligations.

Despite the high level of information security employed within Data#3 and its commitment to your privacy, the company is unable to provide an absolute assurance that personal information will remain secure at all times. Data#3 therefore does not accept any responsibility for incidences of unauthorised access to personal information, which is provided at your own risk. Likewise Data#3 does not guarantee the security or privacy compliance of any websites that are accessible through links provided on any of its websites. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach, and if so, to assess if it is a breach that would require notification.  If it is, we will notify affected parties in accordance with the applicable Privacy Law requirements.

Data#3 will take reasonable steps to destroy or de-identify your personal information held by the company on your request or if we no longer need your personal information, except where Data#3 is required by law to retain the information.

Your personal information and our marketing practices

We might, from time to time, let you know – including via mail, SMS, email, telephone or online – about news, special offers, products and services that you might be interested in. We will use your personal information to engage in marketing unless you tell us otherwise. You can contact us to update your marketing preferences at any time.

Changes to our policy

We may change this policy from time to time. Any updated versions of this policy will be posted on our website. Please review it regularly. You will be deemed to have consented to such variations by your continued use of Data#3’s products and services following such changes being made.

Openness

Data#3’s Privacy and Information Policy is available on its website.

Anonymity

Data#3’s personnel will respect a request for anonymity however some of Data#3’s business processes cannot be completed effectively if you remain anonymous

How we manage other information about your business

This Privacy and Information Policy applies to all information received by Data#3 from third parties, including from its vendors, contractors and customers, whether or not such information falls within the meaning of “personal information”.

While Data#3 will endeavour to comply with the obligations contained in this Policy with respect to all information it collects, stores, uses and discloses in the course of its business, Data#3 is not required to, and does not warrant or represent that it will in all instances, comply with the Privacy Laws to the extent that the information does not fall within the meaning of “personal information”.

General

This Privacy and Information Policy applies to the Data#3 commerce portal for non-AUD orders is effective as at 23 September 2024.

Annexure A

Processing of Personal Data (Residents of EEA, Switzerland and UK)

This section provides additional information to users based in the EEA, Switzerland and United Kingdom to comply with data protection laws. If you are a resident of these areas you may have additional rights under the EU or UK General Data Protection Regulation in respect of your Personal Data.

If there are any conflicts between this section and any other provision of this Privacy Policy, the part which is more protective of Personal Data will take precedence to the extent of the conflict.

In this Annexure A we use the terms Personal Data and Processing as defined in the GDPR. However, Personal Data is information about you (a “data subject”) the use of which is governed by applicable data protection laws. It will include any information from which you can be identified, directly or indirectly, in particular by reference to an identifier such as your name, an identification number, location data, an online identifier or other information about your identity.

Collection of Personal Data

The Personal Data we collect from our customers in the EEA, Switzerland and UK through the Data#3 Commerce Portal. We will be the controller of your personal data in the Data#3 system. Please see the following table which lists the Personal Data we collect, its category and the categories of third parties with whom we share Personal Data.

Category of Personal Data Examples of Personal Data we collect Categories of third parties with whom we share Personal Data
Profile or Contact Data
  • First and last name
  • Email address
  • Phone number
  • Company position
  • Office Location
  • Delivery address
  • Data#3 portal password
  • Service Providers
  • Business Partners
  • Parties you Authorise
Device Data
  • IP address of the computer used to access the site or portal
  • Location of the device used to access the site or portal.
  • Operating system used to access the site or portal
  • Service Providers
  • Parties you Authorise
Other identifying information that you voluntarily choose to provide
  • Identifying information in emails, letters, notes in the portal or other communication you send to us.
  • Service Providers
  • Business Partners
  • Parties you Authorise

We will collect this Personal Data from you, or from a business with which you have a relationship (including your employer or a related body corporate to the company you are employed by).

Legal basis for processing Personal Data

Data#3 will only process your Personal Data if there is a lawful basis to do so. Lawful bases for processing include where you provide consent for processing, to comply with contractual obligations, to comply with a legal obligation, or for our legitimate interest.

Consent – We process Personal Data based on any consents you expressly grant to us at the time we collect the data.

Compliance with Contractual Obligations – We process the following Personal Data in order to comply with our obligations under contracts with you, including providing you our products and services. If you do not provide this Personal Data, it may result in your inability to access some or all portions of the goods and services we provide:

  • Profile or Contact Data
  • Payment Data

Legitimate Interest – We process the following Personal Data when we believe it furthers the legitimate interest of Data#3, for example, for the improvement of our services.

  • Device Data

Transfer and Recipients of Personal Data

Please refer to the section above titled ‘Collection of Personal Data’ for the categories of third parties who may receive your Personal Data.

  • Service Providers are parties who perform business functions on Data#3’s behalf, including hosting, technology and communication providers, security consultants and providers, and customer service providers.
  • Business Partners are parties who provide services through the Data#3 Commerce Portal in countries other than Australia, For EEA and UK Orders this is Bechtle AG and Bechtle Limited

We store and retain your personal data in Australia. If you are accessing our Services from outside of Australia, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal data in Australia or other countries as listed above in the section titled ‘Are we likely to disclose your personal information overseas?’. If you are a resident in the EEA, Switzerland or the UK, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take reasonable measures to protect your Personal Data in accordance with this privacy notice and applicable law. We have implemented measures to protect your personal data, including as set out above in the section titled ‘Information Security and Storage’.

Where your Personal Data is Transferred to our Business Partners, the relevant Business Partner becomes a controller of such data and will handle it in accordance with their privacy notices.

Retention of Personal Data

We retain personal data for as long as necessary to provide you with our services and perform the commercial purposes for collecting your Personal Data as described in this Privacy and Information Policy.

Your Data Subject rights

If you are an individual you will have certain rights with respect to your Personal Data including the below.

 

To exercise these rights, please contact: privacy@data3.com.au. The same applies if you have questions about data processing in our company. Please note that we may not be able to fully comply with your request in cases such as where it is frivolous or extremely impractical, if it negatively affects the rights of others or if not required by law. Where we cannot fully comply with your request, we will tell you why. In some cases we also may require further information from you in order to provide a full response. You also have the right to appeal to the data protection supervisory authority.

 

  • Access: You can request information about the Personal Data we hold about you and request a copy of such Personal Data.
  • Rectification:  If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. You may also be able to correct some of this information directly by logging on to your account.
  • Erasure:  You can request that we erase some or all of your Personal Data from our systems.
  • Withdrawal of Consent:  If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilise some or all of our Services.
  • Portability:  You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.
  • Objection:  You can contact us to let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as for direct marketing purposes.
  • Restriction of Processing:  You can ask us to restrict further processing of your Personal Data.
  • Right to File Complaint:  You have the right to lodge a complaint about Data#3’s practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. A list of Supervisory Authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

Annexure B California Resident Rights

If you are a California resident, you have the rights regarding your personal information set out in this Annexure B granted by the California Consumer Privacy Act (CCPA). In this section, where we refer to personal information, it is as defined in the CCPA.

You or your authorised agent may exercise the following rights by emailing your request privacy@data3.com.au and provide:

  • sufficient information to allow us to verify you are the individual who the Personal Data is related to; and
  • describes your request in sufficient detail so we may evaluate and respond.

 

Your Rights

Access: You have the right to request certain information about our collection and use of your personal information over the past 12 months. We you exercise this right, we will provide you the following information:

  • the Categories of Personal Information we have collected about you.
  • the categories of the sources from which the Personal Information was collected.
  • the business purpose for collecting your Personal Information.
  • the categories of third parties with whom we have shared your Personal Information.
  • the specific Personal Information we have collected about you.

 

Deletion: You have the right to request that we delete Personal Information we have collected about you. This right is subject to exceptions under the CCPA (for example, we may need to retain your Personal Information to provide you with services or complete a transaction you requested, or if deletion would involve a disproportionate effort. In such cases we may deny your request.

Correction: You have the right to request we correct any incorrect Personal Information it has collected about you. Under the CCPA this right is subject to certain exceptions (such as if we decide based on the totality of circumstances that the personal information we hold is correct). In such circumstances we may deny your request.

Processing of Sensitive Personal Information opt-out: California consumers have certain rights over the processing of their sensitive information. Data#3 does not collect sensitive categories of Personal Information of California residents.

Selling Opt-Out: California consumers have certain rights to opt-out of Data#3 sharing or selling their Personal Information to third parties for the purposes of direct marketing. Data#3 does sell customer’s personal information to third parties.

Data#3 will not discriminate against you for exercising your privacy rights.

Contact us

Speak to one of our solution experts today.

Talk to us

Contact us

Speak to one of our solution experts today.

Information provided within this form will be handled in accordance with our privacy statement.