PRIVACY POLICY

1. OVERVIEW

1.1 Aliant Food Services and its related entities (referred to in this document as the Companyweus or our) recognise that your privacy is very important and we are committed to protecting your personal information we collect from you. The Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) and registered codes govern the way in which we treat your personal information. This Privacy Policy (policy) sets out how we collect, use, disclose and otherwise manage your personal information.

1.2 When used in this policy, the term ‘personal information’ has the meaning given to it in the Privacy Act. In general terms, ‘personal information’ is information or an opinion relating to an individual which can be used to identify that individual.

1.3 From time to time we will review this policy. We will notify you about any changes to our policy by posting an updated version of the policy on our website at www.aliant.com.au

2. COLLECTION

Types of information collected

2.1 We may collect and hold personal information about you, that is, information that can identify you and is relevant to providing you with the services you are seeking or related to our business functions and activities. The kinds of information we typically collect include:

a) your name, address, telephone number, email address, fax number and other contact information;           

b) age or birth date;

c) system access passwords;

d) profession occupation or job title;

e) where you are our employee, your personnel records including your employment agreement, pay records, leave records, tax status, criminal record checks, biometric data, health information, superannuation records, training records, and performance and disciplinary records;

f) personal information from your interaction with our websites, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data; and

 g) any other information we consider may assist us in providing or marketing our services.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous data or aggregated information about how users use our websites. We do not re-identify this information to turn it into personal information.

Method of collection

2.2 We collect personal information in a number of ways including:

a) when you provide information directly to us, in person, by phone or in writing (whether by email, or through surveys, competitions, promotions or other electronic means);

b) when you interact with, or place orders via, our websites, in which case we record information sent to us by your computer, mobile device or other device you are using to access the relevant site;

c) through your use of electronic devices including tablets, supplied by us to you, or otherwise connecting to our systems in order to facilitate and enable you to perform your duties or provide services to us;

d) when you complete an application, contract or purchase order with us;

e) during conversations or written (including electronic) correspondence between you and our representatives;

f) from third parties such as through our suppliers, service providers and operators of linked websites.

2.3 In some circumstances, personal information is provided to us by third parties such as data providers and brokers, credit reporting bodies, law enforcement agencies and other government entities or other organisations conducting activities on your behalf. With your expressed or implied consent, your personal information may be used and disclosed to us this way.

2.4 In respect of personal information which is provided to us by third parties, we seek assurances that all such personal information has been collected lawfully and in compliance with the Privacy Act and that all required consents have been obtained for, and disclosure statements made in respect of, the intended use of that personal information. However, we will not be responsible for, and accept no liability in respect of, any failure by a third party to do so.

Purpose of collection

2.5 We collect personal information about you so that we can perform our business activities and functions and provide you with services in a personalised, safe and efficient manner. The personal information that we collect and hold about you depends on your interaction with us.

2.6 Generally, we will collect, use and hold your personal information for the purposes of:

a) assessing applications;

b) providing products or services to you or someone else you know, including the administration of our rewards program and delivering rewards under that program;

c) monitoring, auditing and evaluating our products and services;

d) conducting business with you, developing our relationship with you and assisting you to develop relationships with our members;

e) communicating with you about our products and services;

f) providing you with promotional and marketing information about products and services that our related entities and other organisations that we have affiliations with have and that may be of interest to you;

g) conducting market research;

h) facilitating our internal business operations, including the fulfilment of any legal requirements;

i) assisting you in developing relationships with customers and suppliers and providing trade references upon request; and

j) dealing with any complaints or enquiries.

2.7 Where you are our employee, we may collect, hold, use and disclose your personal information for all purposes connected with our employment relationship or as otherwise authorised by you at the time of collection. This includes hiring you, training you, administering your personnel records (including pay and leave records), and managing your performance. It may also include the collection of your sensitive personal information (including health information) for purposes connected with managing and complying with our work, health and safety obligations.

2.8 We may also use your personal information (excluding your sensitive information which will only be used for the purpose for which it is collected) for other purposes related to those described above, and/or for a purpose for which you would reasonably expect it to be used, as permitted by applicable laws.

Cookies

2.9 We (or a third party providing services to us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a “Cookie” and together “Cookies”). A Cookie is a small file that may be placed on your computer when you visit our websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. If Cookies are disabled, we may not be able to provide you with the full range of our services.

2.10 Cookies may collect and store your personal information. This policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies.

2.11 Cookies may be used to provide you our services, including to identify you as a user of our website, remember your preferences, customise and measure the effectiveness of our services, promotions and marketing, analyse your usage of our services, and for security purposes.

2.12 You also may encounter Cookies used by third parties and placed on certain website pages that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.

2.13 Our website may also include links to third party websites (including links created by users or members) and applications and advertising delivered to our websites by third parties (“Linked Sites”). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information. For the avoidance of doubt Linked Sites are not subject to this Privacy Policy.

3. DISCLOSURE

3.1 Your personal information will not be shared, sold, rented or disclosed other than as described in this policy. We only use or disclose information about you for the purposes for which it was collected and as otherwise set out in this policy.

3.2 We may disclose personal information about you to:

a) any person or any organisation for any authorised purpose with your express consent;           

b) our personnel, including our employees, agents and contractors;

c) any Related Bodies Corporate (as defined by the Corporations Act 2001(Cth);           

d) when we act as agents, the principals for whom we act;

e) other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the services we provide to you, including:

       i) mailing houses;

       ii) market research organisations;           

       iii) specialist consultants; and

       iv) website analytics providers;

f) third party service providers who assist us in operating our business (for instance our IT service providers and entities who assist us to administer our rewards program);

g) travel agents in instances where you are given overseas holidays as part of our rewards program, including Turkey;

h) other organisations with whom we have affiliations so that those organisations may provide you with information about services and various promotions;

i) government and regulatory authorities and other similar organisations, as required or authorised by law; and

j) such entities that we propose to merge with or be acquired by.

3.3 The third party service providers and travel agents may be based overseas or use overseas infrastructure to perform services for us. In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where you would reasonably expect us to and the purpose is related to the purpose of collection). Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information

3.4 We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Privacy Act and the APPs or equivalent privacy laws. However, we note that some service providers may not be required to comply with this policy.

3.5 We sometimes handle personal information relying on exemptions under the Privacy Act. These include exemptions in relation to (i) employee records; (ii) related bodies corporate; (iii) provision of services to State or Territory authorities; and (iv) overseas operations relating to personal information of non-Australians. Any permitted handling of personal information under such exemptions will take priority over this policy to the extent of any inconsistency.

4. FAILURE TO PROVIDE INFORMATION

4.1 If you do not provide us with your personal information, or the information you provide is incomplete or inaccurate, some or all of the following may happen:

a) we may not be able to provide the requested products or services to you, either to the same standard or at all; or

b) we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or

c) we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful; or

d) if you are a prospective employee, we may not be able to hire you; or

e) if you are our employee, it may be a breach of your employment conditions to not provide us with the information; or

f) if you are a contractor to us, you may not be able to provide your services to us.

5. STORAGE AND SECURITY

5.1 We store, protect and process your personal information by taking reasonable steps. The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure. Personal information is destroyed or de-identified when no longer required for any of the purposes for which it may be lawfully used or disclosed.

5.2 When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

5.3 After you cancel your account with us, we will retain your information for as long as we reasonably need it for the purposes outlined in this policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or permitted by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to delete all of your information.

5.4 As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online or that it will not be disclosed in a manner that is inconsistent with this policy. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

6. NOTIFIABLE DATA BREACHES

6.1 In the event that there is a data breach, we will take all reasonable steps to contain the suspected or known breach where possible. We will take immediate steps to limit any further access or distribution where possible.

6.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach.

6.3 If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made.

6.4 Where we are aware of reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

6.5 We will review the incident and take action to prevent future breaches.

7. ACCESS AND CORRECTION

 7.1 You may request access to personal information we hold about you, by making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making a request for access).

7.2 We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons). For example, we may need to refuse access if granting access would unreasonably interfere with the privacy of others or would result in a breach of confidentiality.

7.3 If, upon receiving access to your personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.

7.4 If we refuse to correct your personal information, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint. We will also, where requested by you, take reasonable steps to attach to or associate with the information a statement of the correction sought but not made, or a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

8. CREDIT REPORTING PRIVACY POLICY

 8.1 This Credit Reporting Privacy Policy describes our practices in connection with information we collect and hold about individuals when providing commercial credit, in particular:

a) information we collect and hold about individuals who are directors of a company, when providing commercial credit to that company;

b) information we collect and hold about individuals who provide a personal guarantee to us in relation to commercial credit we provide to a company; and

c) information we collect and hold about individuals who are obtaining that credit for their own business purposes as sole traders or partners in a partnership.

8.2 In this Credit Reporting Privacy Policy, “credit-related personal information” means one or more of “credit information”, “credit eligibility information”, “credit reporting information” or “regulated information”, as those terms are defined in the Privacy Act 1988.

8.3 When you apply for or obtain or guarantee credit from us, the credit-related personal information that we collect from you includes information that identifies you, such as your name, postal address, email address and date of birth and your driver’s license number.

8.4 We may exchange credit-related personal information about you with credit reporting bodies (CRBs) for the purposes of assessing commercial credit applications from you or companies of which you are a director, and also to assess whether to accept a guarantee from you.

8.5 We may use the information we collect from and about you for account management and administrative purposes directly related to the provision or management of the commercial credit we provide to you or to companies of which you are a director.

8.6 We may also report defaults in payment terms or guarantee commitments in relation to commercial credit to CRBs. We may also disclose your credit-related personal information to any guarantor of your obligations to us.

8.7 We may also use the information we collect from and about you to:

a) collect overdue payments;           

b) assign debts; and

c) create assessments and ratings of your creditworthiness.

8.8 We may disclose your credit-related personal information to our related bodies corporate and third party suppliers and service providers located outside Australia, for the purposes set out in this Credit Reporting Privacy Policy. For information about the following topics in relation to our handling of credit-related personal information please refer to the applicable section of this policy (of which this Credit Reporting Privacy Policy comprises a part):

a) Correction of Personal Information – see section “ACCESS AND CORRECTION”;

b) Personal Information breaches – see section “NOTIFIABLE DATA BREACHES”;

c) Transfer of information overseas – see section “DISCLOSURE” and

d) Security – see section “STORAGE AND SECURITY”;

e) Complaints – see section “CONTACTING US OR MAKING A COMPLAINT”.

9. CONTACTING US OR MAKING A COMPLAINT

If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principles or a privacy code that applies to us or if you have any concerns about how we have treated your Personal Information, please contact us, as set out below, and we will take reasonable steps to investigate the complaint and respond to you.

Contact: Company Director

Post: Aliant Food Services, 12 Judds Court, Slacks Creek, Qld 4127

Email: orders@aliant.com.au

 

If you feel that your complaint or concerns have not been satisfactorily resolved, you can contact the Office of the Australian Information Commissioner at:

Post: GPO Box 5218 SYDNEY NSW 2001

Email: enquiries@oaic.gov.au 

Phone: 1300 363 992

Email: www.oaic.gov.au

10. MORE INFORMATION

For more information about privacy in general, you can visit the Office of the Australian Information Commissioner website at www.oaic.gov.au.