Who does this Privacy Statement apply to?
This Privacy Statement (“this Statement”) applies to “ESIC Hub Pty Limited” (“we” or “us”). We want you to know that we are committed to protecting your privacy and handling your personal information in an open and transparent way.
What does this Privacy Statement cover?
This Statement explains how we collect, handle and protect personal information when:
- We provide professional services to our clients
- You use “this Website”.
Importantly, by using this Website you are agreeing that we may collect and handle your personal information in accordance with this Privacy Statement.
Are all areas of this Website covered by this statement?
Certain areas of this Website have separate privacy statements that apply to personal information collected via those pages. A separate statement may be necessary because of the nature of the personal information being collected and to provide additional detail about how we handle information collected via that page.
What laws apply to us?
When handling personal information we must comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle – that is, from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information and have it corrected if it is incorrect.
We take our obligations under the APPs seriously. Therefore, in addition to this statement, we also:
- Include terms and conditions in our agreements with our clients, which describe how we handle personal information during the delivery of our professional services.
What personal information do we collect?
Information we collect when we provide professional services to our clients
We may be provided with personal information directly by our clients to enable us to deliver professional services or to perform due diligence checks before we agree to provide services. This information may relate to clients’ employees, members or customers or it may relate to third parties (for example, the spouses and dependants of a client’s employees, members or customers).
The types of personal information we may be provided with include, but are not limited to:
- Contact details
- Dates of birth
- Employment records
- Financial records
- Complaint details.
We may also be provided with sensitive and special categories of personal information directly by our clients to provide professional services. This may include:
- Government identifiers such as drivers’ licences, passport and Medicare numbers and visa/work permit status
- Tax file numbers
- Health records
- Information about racial or ethnic origins
- Information about criminal convictions
- Membership of a political association or membership of a trade union.
Where we are provided with personal information by a client, we take steps to ensure that the client has complied with the relevant obligations under the Privacy Act in relation to that information; this may include for example the client has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to collect, use and disclose that information.
We also collect personal information (such as contact details and account details) from suppliers, contractors and third party service providers that we engage to help us operate our business.
We may also collect personal information that is publicly available.
Information we collect via this Website
This Website only collects:
- Personal information that is specifically and voluntarily provided by visitors
- Standard internet log information, including your IP address, browser type and language, access times, and referring website addresses.
Where you do choose to provide personal information via this Website, it may include:
- Your name
- Current job title
- Company address
- Email address or
- Telephone and fax numbers.
We may also collect personal information contained in content that you provide when using this Website; for example, postings on any blogs, forums, wikis and other social media applications.
We do not usually seek sensitive information from visitors using this Website. However, if we do, we will obtain your consent to collect and use such information.
Log information, cookies, and web beacons
Protecting children’s privacy
We understand the importance of protecting children’s privacy in the interactive online world. This Website is not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or store information about anyone under the age of 13.
How do we use your personal information?
How do we use personal information collected from our clients?
We use the personal information that we collect from our clients to provide them with agreed services. We have a contract with each client that governs the provision of our services and sets out the purposes for which we may use any information that the client provides to us (including any personal information). We do not use that information for any other purposes, unless it is necessary to comply with a legal or professional right or duty.
Because we provide a wide range of different types of services to our clients, the way we use personal information also varies. For example, we might use personal information:
- About a client’s customers to help the client improve the quality of the services they offer
- Collected by a client as part of their ordinary business activities in the course of helping that client restructure their business
- Collected by a client as part of their ordinary business activities to help that client manage their cyber-security and other business risks.
How do we use information collected via this Website? Do we use it to market goods and services to you?
We will not use your personal information collected via this Website to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy statement).
We may use your personal information collected via this Website:
- To provide you with promotional materials, thought leadership or communications about services provided by us or other ESIC Hub associates that we feel may be of interest to you
- To manage and improve this Website
- To tailor the content of this Website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you
- To seek feedback on our services
- For market or other research purposes (however, we will only ever report aggregated results of any research we undertake, and will never include your personal information in those results unless we explicitly ask for your consent).
At times, you may choose to register or create a user profile on this Website – for instance, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this Website and related services offered to you. You may request at any time that we discontinue sending you emails or other communications generated in response to your registration on this Website.
Are there any other ways we use your personal information?
We may also use personal information to protect our rights and those of our users or to comply with a legal or professional right or duty.
When will we disclose your personal information?
We will only disclose your personal information as set out below. Importantly, we will never disclose or sell your personal information to third parties for advertising or other purposes.
We may disclose personal information collected from our clients or via this Website to:
- Third parties that we engage to assist us in providing professional services to our clients or in the operation of our business (i.e. our subcontractors, advisors and suppliers).
Where we disclose your personal information to third party service providers, we will at all times remain responsible for their handling of that information. This includes taking steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss.
We may also be required to disclose personal information to law enforcement, regulatory government agencies, or to other third parties:
- To comply with legal or regulatory obligations or requests or
- Where there is a legal or professional right or duty to disclose.
By providing information through this Website, you are agreeing to us disclosing your personal information as set out in this Privacy Statement.
Blogs, forums, wikis, and other social media
This Website hosts various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively ‘social media applications’). Importantly, any personal information that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any social media applications will be handled in accordance with this Statement.
How do we protect your information?
We hold personal information in hard copy and electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:
- Staff education and training to ensure our staff are aware their privacy obligations when handling your personal information
- Administrative and technical controls to restrict access to personal information to only those people who need access
- Technological security measures, including fire walls, encryption and anti-virus software
How can you access your personal information, or seek to have it corrected?
You may access your personal information, or seek to have that information corrected if you believe that it is incorrect, at any time.
To request access, or to correct your personal information, please contact ESIC Hub at [email protected]. Our team will then get in contact with you (either by phone or via email) and will work with you to provide you with access to your information or to determine whether it requires correction.
Alternatively, visitors who have chosen to register with this Website (for example, to receive the latest media releases or blog posts) may access their user profile, correct and update their details, or unsubscribe at any time. Visitors who have any problem accessing their profiles, or would like to request a copy of their personal information should contact ESIC Hub at [email protected]
Who can you contact if you have further questions or if you wish to make a complaint?
Who should you contact?
If you have any questions or concerns regarding your privacy, or if you would like to make a complaint, please contact ESIC Hub at [email protected]
How do we handle complaints that we receive?
We take all the privacy complaints we receive seriously.
We will acknowledge the receipt of a complaint and will work with you to resolve it.
What if you are not satisfied with how we have handled your complaint?
If you believe that ESIC Hub Pty Limited has not adequately handled your privacy complaint, you may complain to the Office of the Australian Information Commissioner (OAIC) whose contact details are as follows:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
Where can I find out more about my privacy rights?
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
What is our process for making changes to this Privacy Statement ?
We may modify or amend this Privacy Statement from time to time.
To let you know when we make changes to this Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Therefore, we encourage you to periodically review this Statement to be informed about how we are protecting your information.