Last modified: 15 February 2023
It also explains how to contact us to correct, update or delete any personal data provided to us, or make a complaint if you have concerns. We are compliant with the Australian Privacy Principles and General Data Protection Regulation (EU) 2016/679 (GDPR).
We only collect and process personal data about you where we have a lawful basis to do so. This includes when you have given consent, your use of our service (where processing is necessary for the performance of our service with you) and our legitimate interests (including security threats or frauds, risk of harm to self or others, compliance with applicable laws, and enabling us to run our service).
Unless otherwise indicated by the context, words importing the singular include the plural and vice versa.
WHAT IS PERSONAL DATA?
Personal data is data about an individual who can be identified (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.
WHEN AND HOW DO WE COLLECT YOUR PERSONAL DATA?
We collect most personal data directly from you when you sign up to use our services and provide us with information about yourself so that we can provide you with our services. We also collect personal data from you when you engage with us, such as by making an enquiry, using our chatbot, applying for a role with our team and in other circumstances.
Your consent for our collection, use and disclosure of your personal data may be express (e.g. you agree to the use of your information by entering information into a text field in our survey) or implied by an action you take or do not take (i.e. because you make an enquiry with us and disclose information to us for that purpose).
WHAT PERSONAL DATA DO WE COLLECT?
We collect demographic and other personally identifiable information. We may collect the following types of personal data to assist us in providing services to you:
- mailing or street address;
- email address;
- telephone number and other contact details;
- sex or gender;
- relationship status;
- job history and academic qualifications;
- your device ID, device type, geo-location information, computer and connection information, statistics on page views, traffic to and from the sites, ad data, IP address and standard web log information;
- details of the services we have provided to you or that you have enquired about, including any additional information necessary to deliver those services and respond to your enquiries;
- any additional information relating to you that you provide to us directly through our website or indirectly through your use of our website or online presence or through other websites or accounts from which you permit us to collect information;
- information you provide to us through surveys; or
- any other personal data that may be required in order to facilitate your dealings with us.
We may collect these types of personal data either directly from you, or from third parties. We may collect this information when you:
- register on our website;
- communicate with us through correspondence, chats including our chatbot, or when you share information with us from other social applications, services or websites; or
- interact with our site, services, content and advertising.
You can choose not to provide us with your personal data, but you may not be able to take advantage of some of the features of our website or services.
PRIVACY FOR CHILDREN
Our website is viewable to persons under the age of 16 (Children), but Children are not permitted to create an account with us or use our services.
If you are a person under 16 years of age, you agree to notify your parent or guardian and ensure that this individual or those individuals (at least one person over 16 years of age) provides us with consent to your use of the service and/or creation of an account by emailing us at PrivacyOfficer@immigrationsaustralia.com.au
If you are a parent or guardian and you are aware that your Children have provided us with personal data without your consent, please contact us at PrivacyOfficer@immigrationsaustralia.com.au. If we become aware that we have collected personal data from Children without verification of parental or guardian consent, we will take steps to remove that information from our servers and records.
WHY DO WE COLLECT YOUR PERSONAL DATA?
We may collect your personal data when required by law but generally we collect personal data from you (or about you) to allow us to:
- create and manage user accounts
- supply you with information about our services;
- supply you with service offerings;
- provide payment services to you;
- ensure your use of our services is safe and secure;
- send administrative information;
- marketing and advertising to you;
- respond to enquiries and offer support;
- request user feedback;
- improve user experience;
- post-customer testimonials;
- enforce terms and conditions and policies;
- protect our community from abuse and malicious users;
- respond to legal requests and prevent harm;
- communicate more effectively with you about our services; and
- ensure your experience with us is a positive one.
Personal data collected or received by us will only be used for the purpose for which it was provided.
WHEN DO WE DISCLOSE YOUR PERSONAL DATA?
We may collect, hold, use and disclose your personal data for the following purposes:
- to enable you to access and use our website or services;
- to operate, protect, improve and optimise our website or services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
- to send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
- to consider your employment application.
TO WHOM DO WE DISCLOSE YOUR PERSONAL DATA?
- our employees and related bodies corporate;
- third party suppliers and service providers (including providers for the operation of our website and/or our business or in connection with providing our products and services to you);
- businesses with whom you interact with via our services;
- professional advisers, dealers and agents;
- payment systems operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
AGGREGATED INFORMATION & DIRECT MARKETING
We do not sell your personal data. We may aggregate the information that you and others make available to us and share it with third parties.
We may use, sell, license, and share this aggregated information with third parties for research or other purposes such as to improve our services or to help our partners understand more about the users of our services.
We and/or our carefully selected business partners may send you direct marketing communications and information about our service and products. This may take the form of emails, SMS, mail or other forms of communication, in accordance with the laws of your country. You may opt-out of receiving marketing materials from us by contacting us using the details set out below or by using the opt-out facilities provided (e.g. an unsubscribe link).You can object to us using your information for these purposes.
WHAT IF YOU DON’T WANT US TO COLLECT YOUR PERSONAL DATA?
You are not obligated to provide us with your personal data. You may choose whether to use our website, use our services and/or communicate with us.
Where practicable, we will allow you to use a pseudonym or to not identify yourself (unless this is impractical or against the law (including the Privacy Act)).
While it is your choice not to provide your personal data to us, this may impede our ability to provide you with all the desired functionality of our website, our services or to properly communicate with you and provide you with the assistance you seek.
WHAT IF YOU DON’T WANT TO RECEIVE FURTHER EMAIL COMMUNCATIONS FROM US?
Should you wish to remove yourself from our database, you may do so at any time by contacting us at firstname.lastname@example.org or by using the unsubscribe link in any of our email communications.
HOW CAN I ACCESS, DELETE, CORRECT AND/ OR UPDATE PERSONAL DATA YOU HAVE COLLECTED?
At any time, you may contact us and request your personal data be modified. We will make all reasonable efforts to correct your personal data once we have verified your identity.
We will act in good faith and make reasonable efforts to deal with all requests for access to personal data as quickly as possible and no later than the prescribed time required by law. Requests for a large amount of information, or information which is not currently in use, may require further time and patience on your part before a response can be given.
We will provide you your personal data in a structured, commonly-used, machine-readable format.
In some cases, we will refuse to give you access to personal data we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy, prejudice an investigation of unlawful activity, reveal our intentions in relation to negotiations with you so as to prejudice those negotiations, prejudice enforcement-related activities conducted by, or on behalf of, an enforcement body, reveal evaluative information generated within our business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal data relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that unlawful activity, or misconduct of a serious nature, is being or may be engaged in against us and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access, we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. Further, we will provide details of how you may make a complaint about our decision.
In some instances, you may request that we delete some or all of your personal data. Please note, however, that we may need to retain certain information for record keeping purposes or to comply with our legal obligations. If you ask to delete information which we are permitted by law or have compelling legitimate interests to keep, we may not be able to fully meet your request.
HOW DO WE STORE AND PROTECT YOUR PERSONAL DATA?
For us to provide excellent service, we are required to store some personal data and take care to ensure this information is treated as private and confidential.
We have taken the necessary measures to ensure the personal data we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your account or as otherwise need to operate our service.
Our third party data storage centre is equipped to ensure our working environment has reliability and security for your data. However, we cannot be held liable for events outside our control, particularly with respect to third parties who act as repositories of your information.
Our website is protected by security certificates and are built considering all modern security stands where possible. We will take reasonable steps to maintain the integrity and security of any personal data we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal data.
Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal data as best as possible we cannot guarantee the security of any information that you transmit to us or receive from us. The transmission and exchange of information is carried out at your own risk.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable and provide recommendations as to what steps you should take to mitigate any serious issues.
For EU residents, where we employ data processors to process personal data on our behalf, we do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal data against unauthorised use, loss and theft.
We engage with third parties to perform some core business services, including facilitating our payment services, processing our customers’ payments, storing our data and hosting our website. Some of these third parties store information overseas (including the United States of America, United Kingdom, Europe and India), under privacy laws that differ to the Australian Privacy Principles.
We will disclose your information only when necessary and to countries that have laws which protect information in a way substantially similar to the Australian Privacy Principles or to organisations that voluntarily abide by the Australian Privacy Principles or who use standard data protection clauses approved or adopted by the European Commission and the UK Government.
By using third party providers, you acknowledge that there is a risk in using these providers. You agree to review all applicable terms and conditions of these providers and make an informed assessment as to whether you wish to use those services and be bound by those terms.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology. While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
COOKIES THAT WE USE
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies by searching for each browser and each browser version’s instructions.
Blocking all cookies will have a negative impact upon the usability of many websites, including ours. If you block cookies, you will not be able to use all the features on our website.
DATA PROTECTION LEGISLATION FOR THE EUROPEAN UNION (EU) AND THE UNITED KINGDOM (UK)
Data Protection Legislation means 1) the European Union legislation relating to personal data including the EU General Data Protection Regulation (EU GDPR) and 2) the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018 which apply to a party relating to the use of personal data.
We will comply with the principles of data protection set out in the Data Protection Legislationfor the purpose of fairness, transparency and lawful data collection and use.
We process your personal data as a Processor and/or to the extent that we are a Controller as defined in the Data Protection Legislation.
We must establish a lawful basis for processing your personal data. The legal basis for which we collect your personal data depends on the data that we collect and how we use it.
We will only collect your personal data with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal data if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal data if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal data from you that is considered “Sensitive personal data” under the Data Protection Legislation, such as personal data relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the Data Protection Legislation.
You must not provide us with your personal data if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal data of children.
YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION
If you are an individual residing in the EU or the UK, you have certain rights as to how your personal data is obtained and used. We comply with your rights under the relevant Data Protection Legislationas to how your personal data is used and controlled if you are an individual residing in the EU or the UK. Except as otherwise provided underthe Data Protection Legislation, you have the following rights:
- to be informed how your personal data is being used;
- access your personal data (we will provide you with a free copy of it);
- to correct your personal data if it is inaccurate or incomplete;
- to delete your personal data (also known as “the right to be forgotten”);
- to restrict processing of your personal data;
- to retain and reuse your personal data for your own purposes;
- to object to your personal data being used; and
- to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
ENQUIRIES, REQUESTS & COMPLAINTS
If you think that your personal data held by us may have been compromised in any way or you have any other privacy related complaints or issues, you should also speak with our Privacy Officer.
We will ensure that legitimate claims are investigated and a formal response is provided to you, within a reasonable time. If any corrective action is required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you within a reasonable time.
If we do not resolve your enquiry, concern or complaint to your satisfaction or if you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commissioner whose contact details are below.
Telephone 1300 363 992
Postal Address GPO Box 5288, Sydney, New South Wales, 2001, Australia.
DATE OF CURRENT VERSION: 15 February 2023