Personal information includes but is not limited to any of the following:
• your name;
• your contact details, including email address and telephone number;
• information you provide through customer surveys or similar mechanisms;
• details of products and/or services we have provided to you (including those you provide when making enquiries about our products and/or services and our response to your query);
• your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
• information about your access and use of our websites, including through the use of Internet cookies, your communications with our websites, the type of browser you are using, the type of operating system you are using, the domain name of your Internet service provider;
• additional personal information that you provide to us, directly or indirectly, through your use of our website, associated applications, associated social media platforms and/or accounts from which you permit us to collect information;
• demographic data such as your postcode, web-browsing preferences and interests; and
• any other personal information requested by us and/or provided by you or a third party.
At all times, ARA endeavours to only collect the personal information reasonably required for a particular purpose, function or activity carried on. Notwithstanding this, ancillary personal information may be collected.
Personal information may be collected directly from you, or from third parties.
Collection and use of personal information
The main way we collect personal information is when you give us such information, such as where you make an enquiry via our websites. Notwithstanding this, personal information can be collected in a number of different ways. Without limitation, the way we collect personal information may include collection by way of forms filled out (online and in physical format), surveys, emails, telephone conversations, social media applications and forums, online user-generated content, face-to-face meetings and interviews, and market research.
ARA may hold, use and disclose (in the circumstances set out below) your personal information for a number of purposes, including but not limited to the following:
• to contact and communicate with you;
• internal record keeping and administrative purposes;
• for analytics, market research and business development, including to operate and improve our websites, associated applications and associated social media platforms;
• to run competitions and/or offer additional benefits to you;
• to respond to queries you make about our products and/or services;
• for advertising and marketing, including to send you promotional information about our products and services and information about ARA or third parties that we consider may be of interest to you;
• to improve our products and/or services;
• with our legal obligations and resolve any disputes that we may have;
• to consider your employment application; and
As defined by section 6 of the Act, sensitive information includes information about your health, racial or ethnic origin, political opinion(s), association memberships, religious beliefs, criminal history, and genetic or biometric information.
Third party collection
• your authorised representative, if you have one;
• referees provided by you in support of your employment application; and
If you are a third party who has or provides personal information about another, you represent and warrant that you have obtained that person’s consent before providing the personal information to us. Under no circumstances should you provide us with another person’s personal information if you have not obtained their express consent.
Collecting information through our websites
Personal information may also be collected through your use of our website such as through cookies, web beacons and web analytics in accordance with standard practice. Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes. Cookies help analyse web traffic and enhance functionality on the website(s) visited. Cookies allow web applications to respond to you, and based on your cookies, the web application can be tailored to your needs, likes and dislikes by gathering and remembering information about your preferences.
Most Internet browsers allow you to choose whether to accept cookies or not. Some of our websites will allow you to accept cookies through the use of an ‘opt-in’ function. If you do not wish to have cookies placed on your computer, you may choose not to opt-in to cookies where this function exists. In the alternative, where this function is not available, if you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.
The cookies from our website are generally created by HubSpot, Google Analytics and SiteImprove (without limitation) and most commonly start with _ga, _gid, _gat_gtag, ___hssrc, __hssc, __hstc, hubspotuk.
Should you require a full list of the types and names of cookies generated through our website, please contact us by emailing firstname.lastname@example.org.
We may use web beacons on our websites from time to time. Web beacons (also known as Pixel Tags or Clear GIFs) are small pieces of codes placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
We use tools such as Google Analytics and SiteImprove to collect data about how you interact with our website (Web Analytics). The data collected through Web Analytics will include, without limitation; your device’s IP address, your device type, operating system and browser information, geographic location, search terms and pages visited, and the date and time when pages were accessed on our website(s). Web Analytics allows us to improve functionality on our websites based on the data collected, such as by distributing web traffic across multiple servers to optimise response times.
In some circumstances you may have the option of interacting with us anonymously or not identifying yourself such as by using a pseudonym, such as when you make an enquiry through our websites.
If you choose not to provide information such as your name and contact details, we may be unable to fulfil our functions and activities, including responding to requests for information about or products or services.
Disclosure of personal information
ARA may use and disclose your personal information; for the primary purposes for which personal information was collected, for reasonably expected secondary purposes which are related to the primary purpose, for purposes which you have consented to, and for other reasons permitted by the Act.
Dependent on the circumstances, we may disclose personal information to:
• our employees, contractors and/or related entities;
• our existing or potential agents or business partners;
• sponsors or promoters of any competition we run;
• anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
• credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
• courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
• third party service providers for the purpose of enabling them to provide their services, including (without limitation) information technology service providers, data storage, web-hosting and server providers, debt collectors, advertising providers, maintenance or problem-solving providers, professional advisors and payment systems operators; and
• third parties to collect and process data, such as Google Analytics or other relevant businesses (this may include parties that store data outside of Australia).
We may disclose your personal information (other than sensitive information) for the purpose of direct marketing where it is reasonably expected that we would use or disclose your personal information for that purpose and where there are simple mechanisms through which you can request to ‘opt out’ or otherwise elect not receive direct marketing communications.
In certain circumstances, subject to the APPs, your personal information may be disclosed to overseas recipients where we are of the reasonable belief that the overseas recipient is subject to laws or a binding scheme that provides privacy protections substantially similar to that of the APPs, or where we take reasonable steps to ensure that the overseas recipient will not breach the APPs in relation to that information, such as by contractually obliging the overseas recipient not to do so.
Links to other websites
We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, our data, including personal information collected from you is stored in our private cloud server and in secure digital storage locations across ARA’s office locations. Data may be backed up and/or archived subject to AES 265bit encryption.
If you are receiving communications from us (including marketing communications) which you no longer wish to receive ‘opt-out’ using the opt-out facilities provided in the communications, or if this is unavailable, please contact us by emailing email@example.com.
In accordance with your rights under the APPs, you may request the details of the personal information that we hold about you.
To obtain access of the personal information held, please contact us by emailing firstname.lastname@example.org outlining your request and include; your name, contact details and the personal information you wish to access. We will endeavour to respond to your request within thirty (30) days (or more, if reasonable in the circumstances) and will supply access to personal information in digital form. An administrative fee may be payable where personal information is requested to be sent by post or similar means.
We may request identification from you prior to providing personal information to ensure that you are requesting your personal information only and not that of another.
ARA may refuse to grant access to personal information requested where:
• giving access would pose a serious threat to the life, health or safety of a person, or public health or safety generally;
• giving access would have an unreasonable impact on the privacy of other individuals;
• the request is frivolous or vexatious;
• the information requested relates to existing or anticipated legal proceedings and would be accessible through discovery in those proceedings;
• giving access would reveal the intentions of ARA in relations to negotiations with you in a way that would prejudice those negotiations;
• giving access would be unlawful;
• a law or an order of a Court or Tribunal compels ARA to deny access;
• there is reason for ARA to suspect that unlawful activity or misconduct of a serious nature relating to its functions or activities has been, is being, or may be engaged in, and giving access would likely prejudice the taking of appropriate action relating to the matter;
• giving access would likely prejudice one or more enforcement related activity of an enforcement body; or
• giving access would reveal evaluative information generated by ARA in connection with a commercially sensitive decision-making process.
Where we refuse to grant access to personal information for any of the above reasons (or cannot give access in the manner requested), we will provide written notice stipulating the reasons we refused to grant access and the mechanisms available to you to lodge a complaint about our refusal.
If you believe that any personal information we hold about you is incorrect, out of date, incomplete, irrelevant or misleading, please contact us by emailing email@example.com outlining your request and include; your name, contact details and details of the personal information you wish to correct.
We will take all reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading, or out of date.
We may request identification from you when dealing with a correction to ensure that only your personal information is dealt with and not that of another.
If you wish to complain to us about how we have handled your personal information, please contact us by emailing firstname.lastname@example.org outlining the full details of the complaint you wish to make along with your name and contact details.
Once your complaint has been received, we will investigate the complaint. Further information may be required from you to allow us to investigate the complaint thoroughly.
We will endeavour to provide written notice informing you of the findings of our investigation within thirty (30) days (or more, if reasonable in the circumstances) of receipt of your complaint.
Notwithstanding the above, if you remain dissatisfied, you can contact the Office of the Australian Information Commissioner to make a written complaint through any of the following methods:
• by emailing email@example.com;
• by mail sent to GPO Box 5218, Sydney NSW 2001; or
• by fax, sent to 02 9284 9666