• clearly communicate the personal information handling practices of YESTECH ;
• enhance the transparency of YESTECH’s operations, and
• give individuals a better and more complete understanding of the sort of personal information that YESTECH holds, and the way we handle that information.
Part A — Our Personal Information Handling Practices
Our obligations under the Privacy (Enhancing Privacy Protections) Act 2012 (Cth)
We will only collect personal information from you or your authorized representative where such collection is necessary and directly related to our functions and activities.
Sometimes we may need to collect personal information from a third party or a publicly available source, but only if you have consented to such collection or would reasonably expect us to collect your personal information in this way, or if it is necessary for a specific purpose such as conducting a credit check or police check.
Use and disclosure
We only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities, and we do not give it to government agencies, private sector organizations or anyone else unless one of the following applies:
• the individual has consented
• the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
• it is otherwise required or authorized by law
• it will prevent or lessen a serious and imminent threat to somebody’s life or health
• it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
We take steps to protect the personal information we hold against loss, unauthorized access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions.
When no longer required, personal information is destroyed in a secure manner.
We have developed a Data Breach Response Plan and where we have reasonable grounds to believe that there has been an eligible data breach, we will provide a statement to the OAIC as soon as practicable, and we will also notify each of the individuals to whom the relevant information relates and each of the individuals who are at risk from the eligible data breach.
Access and correction
If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the amended Privacy Act or other relevant law to withhold the information, or not make the changes.
If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record.
Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us (see details below).
How to make a complaint
You can complain to us in writing about how we have handled your personal information. The YESTECH Privacy Officer will investigate your complaint and will endeavor to provide a written response within thirty (30) days of receipt of the complaint setting out YESTECH’s decision.
If you are dissatisfied with YESTECH’s response to your complaint you can take your complaint to the Office of the Australian Information Commissioner (“OAIC”). The Australian Information Commissioner may then investigate and attempt to conciliate the matter.
How to contact us
If you have any questions in relation to privacy, you can write to Office 2, Level 3, London Court, 54 St Georges Terrace, Perth, WA 6000 or email firstname.lastname@example.org
Part B — Information collected online by YESTECH
YESTECH provides information about its products and services on its website. When you visit the YESTECH website, the web server may record anonymous information such as the time, date and URL of the visitor. The information that is collected is very limited and is used to assist YESTECH to improve the structure of its website and monitor the performance of the website.
We do not use the information that is collected to personally identify you or anyone else.
Our website may use “cookies”. A cookie is a small text file that the website may place on your computer to improve your experience of the YESTECH website. You may choose to disable cookies in your browser but by doing so, you may be unable to access some advanced functions on the website.
Use and disclosure
We do not give personal information collected online to other agencies, organizations or anyone else without your consent unless you would reasonably expect, or have been told, that information of that kind is usually passed to those agencies, organizations or individuals, or the disclosure is otherwise required or authorized by law.
We will delete or correct any personal information that we hold about you on request. If you are on one of our automated email lists, you may opt out of further contact from us by clicking the ‘unsubscribe’ link at the bottom of the email.
We take all reasonable steps to manage data stored on our servers to ensure data security.