Privacy Statement

Introduction

Data^#3 Limited (ABN 31 010 545 267) and its related bodies corporate (“Data^#3”, “we”, “our” or “us”) recognise that your privacy is important and are committed to protecting information that we collect from you in accordance with the Privacy Act 1988 (Cth), Australian Privacy Principles and certain applicable privacy codes (the Privacy Laws). For this reason, Data^#3 has adopted a policy which sets out how we collect, use, disclose and otherwise manage your information.

The following policy applies to the collection, storage, use and disclosure of your personal information by Data^#3. We also treat any other information received by Data^#3 in relation to you and your business, including information we may receive from third parties, such as our vendors, contractors and customers, in line with this policy (Privacy and Information Policy).

By accessing our websites, products and services, you accept the terms of this Privacy and Information Policy.

Collection of personal information

“Personal information” means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not. The type of information we may collect, use, disclose and hold in the course of conducting business includes personal information about:

• our clients and potential clients and their employees, and the goods and/or services used, intended to be used, and/or required by them;
• vendors, suppliers and their employees, and the goods and/or services provided by them;
• employees, prospective employees and contractors; and
• other people who come into contact with Data^#3 and the goods and/or services used, intended to be used or required by them.

In general, the type of personal information we collect and hold includes names, addresses, contact details, titles, e-mail addresses, occupation, details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to enquiries, information you provide to us through our customer surveys, information associated with Data^#3 marketing events and other information which assists us in conducting business, providing and marketing services and meeting legal obligations. We may also collect ‘sensitive information’, such as information about an individual’s criminal record or health information if it is essential for the purpose of the conduct of business, however, we will obtain your written consent prior to us obtaining such sensitive information from you.

If you access our website, we may collect additional personal information about you in the form of your IP address or domain name. Our website may contain links to other websites. We are not responsible for the privacy practices of or content contained in linked websites and any linked websites are not subject to our privacy policies and procedures.

Use of personal information

As a major provider of a range of information technology products, services and resource solutions, Data^#3’s primary purpose for collecting, holding, using and disclosing personal information is to facilitate the efficient provision of quality information technology products and services. Whilst much of this information may not be personal information, some of the information we collect, on its own or when matched with other information, may be personal information about you.

Specifically, we collect personal information so that we can:

• identify you, your company and conduct appropriate checks;
• understand your requirements and provide you with a product or service;
• set up, administer and manage our products, services and systems;
• manage, train and develop our employees and representatives;
• conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
• engage in administrative, marketing (including direct marketing), planning, product or service development, quality control and research activities of Data^#3, its contractors or service providers;
• audit and monitor the products and services we provide;
• manage complaints and disputes;
• understand your needs, your behaviours and how you interact with us, so we can engage in product and service research, development and business strategy including managing the delivery of our services and products via the ways we communicate with you;
• comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or co-operate with any governmental authority of any country (or political sub-division of a country).

We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If you do not agree to provide us with your personal information, this may limit our ability to provide our services and solutions to you effectively. If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services and solutions you, or they, are seeking.

How do we collect personal information

We generally collect personal information:

• from you directly when you provide your details to us;
• when you purchase our solutions, products and services;
• from you indirectly through emails, forms, face-to-face meetings, interviews, registration and attendance at seminars, business cards and telephone conversations and through use of the services and facilities available through www.data3.com, including receiving subscriptions, events, workshops, seminars, blogs and other social media;
• from outlets to which you contribute;
• when we purchase your products and services;
• when we respond to your inquiries and requests;
• when we obtain feedback from you about our solutions and services;
• when we conduct our administrative and business functions;
• when we market our products, solutions and services to you; and
• through your access and use of our websites.

We may also collect personal information from third parties including your representatives, credit reporting agencies, law enforcement agencies, other government entities and other publicly available sources of information.

Disclosure

We may disclose your personal information to our employees and related bodies corporate.

We may also disclose your personal information to:

• third party service providers, contractors, and suppliers with whom we have a commercial relationship for business, marketing, and related purposes;
• any organisation for any authorised purpose with your express consent;
• others where the disclosure is required by law, for example, to government agencies and regulatory bodies as part of our statutory obligations, or for law enforcement purposes; and
• an organisation that acquires all or part of our assets or businesses.

Some of these organisations and service providers may not be required to comply with this policy. Except as set out above, Data^#3 will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the applicable Privacy Laws.

In the event of a security incident involving unauthorised access, use or disclosure of personal information where a third party with whom we share personal information is involved, we will seek to work cooperatively with them to protect the personal information we have shared with them.

Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

Cookies

In some cases we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of products or services you view so that, if you consent, we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.

Data quality, access and correction

You may request access to personal information we hold about you by making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making a request for access).

We may decline a request for access to personal information in circumstances prescribed by the applicable Privacy Laws, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).

If, upon receiving access to your personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We take reasonable steps to correct the information so that it is accurate, complete and up to date. If we refuse to correct your personal information, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint.

How do you make a privacy related complaint?

If you have any questions about privacy related issues or wish to complain about a potential breach of the applicable Privacy Laws or the handling of your personal information by us, please contact our Privacy Officer. We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Privacy Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made, usually within 30 days.

Address:          Data^#3 Privacy Officer, Level 1, 555 Coronation Drive, TOOWONG, QLD, 4066

Telephone:      1300 23 28 23

Facsimile:        1300 32 82 32

E-mail:             privacy@data3.com.au

Are we likely to disclose your personal information overseas?

We store and retain your personal information in Australia. However, we may disclose your personal information to the following overseas recipients:

• other companies or individuals who assist us in providing solutions and services or who perform functions on our behalf (such as third party service providers), including those located in the Philippines, USA, United Kingdom and other countries where we are engaged in business or related activities with you or your company or organisation;
• regulatory authorities;
• anyone else to whom you authorise us to disclose it; and
• anyone else where authorised by law.

Such access will be provided under secure protocols (see below for further information on how we manage other information about your business).

We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the requirements contained in the applicable Privacy Laws.

Information security and storage

As an information technology company, Data^#3 will use all reasonable endeavours to ensure the integrity and security of your personal information is maintained. Data^#3 also employs physical and administrative safeguards which we consider are consistent with Australian industry standards. We hold personal information in either paper-based records, in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. Data^#3 personnel are also contractually bound by confidentiality obligations.

Despite the high level of information security employed within Data^#3 and its commitment to your privacy, the company is unable to provide an absolute assurance that personal information will remain secure at all times. Data^#3 therefore does not accept any responsibility for incidences of unauthorised access to personal information, which is provided at your own risk. Likewise Data^#3 does not guarantee the security or privacy compliance of any websites that are accessible through links provided on any of its websites. In the event of a security incident we have in place procedures to promptly investigate the incident and determine if there has been a data breach, and if so, to assess if it is a breach that would require notification.  If it is, we will notify affected parties in accordance with the applicable Privacy Law requirements.

Data^#3 will take reasonable steps to destroy or de-identify your personal information held by the company on your request or if we no longer need your personal information, except where Data^#3 is required by law to retain the information.

Your personal information and our marketing practices

We might, from time to time, let you know – including via mail, SMS, email, telephone or online – about news, special offers, products and services that you might be interested in. We will use your personal information to engage in marketing unless you tell us otherwise. You can contact us to update your marketing preferences at any time.

Changes to our policy

We may change this policy from time to time. Any updated versions of this policy will be posted on our website. Please review it regularly. You will be deemed to have consented to such variations by your continued use of Data^#3’s products and services following such changes being made.

Openness

Data^#3’s Privacy and Information Policy is available on its website.

Anonymity

Data^#3’s personnel will respect a request for anonymity however some of Data^#3’s business processes cannot be completed effectively if you remain anonymous.

How we manage other information about your business

This Privacy and Information Policy applies to all information received by Data^#3 from third parties, including from its vendors, contractors and customers, whether or not such information falls within the meaning of “personal information”.

While Data^#3 will endeavour to comply with the obligations contained in this policy with respect to all information it collects, stores, uses and discloses in the course of its business, Data^#3 is not required to, and does not warrant or represent that it will in all instances, comply with the Privacy Laws to the extent that the information does not fall within the meaning of “personal information”.

General

This Privacy and Information Policy is effective as at 7 January 2022.