- “personal information” has the meaning in the Privacy Act 1988 (Cth) (Privacy Act) which (in summary) means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or otherwise;
- “sensitive information” has the meaning set out in the Privacy Act, and includes certain specific types of personal information such as health information, and information about a person’s racial or ethnic origin, sexual orientation or practices, criminal record, religious beliefs or affiliations, political opinions, membership of a political, professional or trade association, and biometric and genetic information.
Where applicable privacy laws provide for exceptions or exemptions, we may rely on those exceptions or exemptions in our information handling practices.
Collection and Storage of Personal Information and Data
We may collect personal information about individuals. Our usual approach is to collect personal information directly from the individual concerned. However, in certain cases we may collect personal information from publically available sources and third parties.
For example, we collect personal information in circumstances including:
(a) when services are ordered;
(b) when owners corporations or managing agents or building managers or other service providers provide information to us about a particular lot owner or tenant;
(c) when you complete an enquiry form in relation to our services;
(d) when you (whether on your own behalf or on behalf of another business) enter into an agreement with us for the supply of goods or services (either from us or to us);
(e) when you telephone us, visit our website or meet with us and make an enquiry to which a later response is requested and to do so requires your contact details;
(f) when we receive notices of acquisition notifying us that a lot for which we provide services has changed owners;
(g) where a lot owner appoints a representative to communicate with us about the services we provide for their lot;
(h) if you attend a premises we manage, we may record certain contact details so that we can comply with applicable laws, and we may also record your image and/or voice if we have surveillance systems operating at those premises;
(i) when evaluating job applicants and personnel, including their contact details, employment history and educational qualifications.
We hold personal information in secure databases.
Types of Personal Information we collect
The types of personal information we collect about you depends on the circumstances in which the information is collected. Typically, the types of personal information we may collect include (but is not limited to) your name, business or residential postal address, email address and phone number. If we enter into contracts with you, request or receive services from us or have any other commercial dealings with us, we may also collect your signature, date of birth, credit card and /or banking details, financial position and billing information.
If you attend a premises we operate or manage, we may:
- collect certain contact details that you provide to us (which may be via digital check-in apps), including the date and time of attendance, so that we can comply with applicable laws (such as public health directives). We only collect the information required by such laws, and use and disclose it in accordance with applicable laws; and
- record your image and/or voice through the use of Closed-Circuit Television (CCTV) systems footage of you via our CCTV devices, for the purposes of managing security of the premises and health and safety of occupants and the public generally.
If you are an individual contractor to us, we may also collect information relevant to your engagement with us including qualifications, length of engagement, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of your usage of our equipment (e.g. phones, computers and vehicles).
If we have or in the future make available any mobile applications for you to download and use, we may:
- record details of your device details and operating systems; and
- if you have provided us with permission to access your device location when using our app, we may collect information about your geographical location.
If you access our website or apps, we may utilise cookies to collect additional information about your use of our website and apps. Please see our cookies policy available here for further details of the types of information collected and how you can control what information is collected.
We only collect sensitive information about you with your consent, or otherwise in accordance with the Privacy Act. The main types of sensitive information we may collect include:
- details of injuries (ie. health information) that may occur on our premises;
- details of disabilities so we can accommodate any special requirements;
- details of an individual’s membership of professional associations and affiliations with relevant industry bodies or organisations.
If you do provide sensitive information to us for any reason, you consent to us collecting that information and to us using and disclosing that information for the purpose for which you disclosed it to us and as permitted by the Privacy Act and other relevant laws.
In addition to the types of personal information identified above, we may collect personal information as otherwise permitted or required by law.
If you do not wish to provide us with your personal information, we may not be able to accommodate your request (for example, provide you with a requested service).
Use of Personal Information
We use the personal information collected from you for the purpose it was provided or collected (as indicated in sections 1 and 2 above), including in the following ways:
(j) to respond to enquiries received from you;
(k) to carry out our obligations arising from any contracts entered into between you and us;
(l) to perform authorised financial transactions with you;
(m) for administrative purposes in relation to the ongoing management of the services we provide to you;
(n) to communicate with you and provide you with information (whether by email, post or other means) about our services, where you have requested or consented to receiving this from us or where this provision is otherwise permitted under the Australian Privacy Principles;
(o) to notify you about changes to our services;
(p) to receive and address feedback or complaints from you;
(q) where you have overpaid for our fees and we require your bank account details to refund you;
(r) when an owners corporation has appointed us as an agent:
A. to identify and make contact with lot owners and/or tenants;
B. to coordinate with building managers and other relevant third party contractors in connection with the management of a building; and/or
C. to coordinate with Owners Corporation Committee members in connection with the management of a building, including to identify and make contact with lot owners and/or tenants.
(s) to receive personal information about that lot owner’s representative so that we can communicate with that representative;
(t) to undertake debt collection services when fees owed to us are in arrears;
(u) to verify your details before we provide you with security devices such as an FOB access card;
(v) to protect our legal interests and fulfil our legal, regulatory and tax obligations (if and to the extent necessary), including any obligations arising in connection with the Owners Corporations Act 2006 (Vic); and
(w) to carry out any other functions that are reasonably necessary for and incidental to the provision of our services to you.
2. Disclosure of Personal Information
We may disclose your personal information to any of our related group companies. They will only use it for the same purposes that we may under this policy.
We may provide personal information to third parties outside our group companies for limited purposes, such as to help us in providing services to customers and to operate our business and manage our buildings.
Those persons and businesses may include:
(a) organisations who carry out credit, fraud and other security checks;
(b) couriers and delivery businesses (where we arrange to deliver goods to you or persons you have requested us to send deliveries to);
(c) our accountants, auditors, insurers, lawyers and other professional advisers;
(d) debt collectors who are appointed by us to collect fees that are in arrears;
(e) where a third party has requested an Owners’ Corporation Certificate;
(f) where government authorities such as police request CCTV footage and request information about individual lot owners;
(g) where government authorities request information in connection with regulatory matters arising under the Owners Corporations Act 2006 (Vic);
(h) other lot owners, when we send out reports regarding which lot owners are in arrears in respect of their fees;
(i) Owners Corporation committee members as appropriate for the purpose of assisting committee members to execute their duties;
(j) Other service providers/ contractors providing services to the buildings we manage (for example building managers);
(k) any third parties to whom you have directed or permitted us to disclose your personal information (e.g. referees); and
(l) such other persons as otherwise permitted or required by law.
We may also disclose your personal information to third parties outside our group of companies:
where we have your express permission to do so;
(m) for the purposes for which we collected it (and related purposes which would be reasonably expected by you);
(n) where it can reasonably be inferred from the circumstances that you consent to the disclosure to the third parties;
(o) if we or substantially all or some of our assets are acquired by a third party, in which case personal information which we hold about our customers may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy); and
(p) if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, in order to enforce or apply our terms and conditions, or to protect our rights, property, or safety of that of our personnel or customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services to you. We deal with third parties that are required to meet the privacy standards required by law (subject to the below paragraph below in relation to overseas disclosures) in handling your personal information, and use your personal information only for the purposes that we gave it to them.
If you post information to certain public parts of our website or to our social media pages, you acknowledge that such information may be available to be viewed by the public. You should use discretion in deciding what information you upload to such sites.
3. Cross-Border Disclosure
Your personal information may also be processed by, or disclosed to foreign third parties operating outside of Australia. For instance, we may engage the services of companies and people located overseas to assist with our service delivery. Also, if you are a foreign lot owner residing overseas, we may be required to liaise with third parties who are not located in Australia in order to provide our services to you. The countries in which such third party recipients are located depend on the circumstances. In the ordinary course of business, we may disclose personal information on a confidential basis to our service provider located in the Philippines that provides us with back office support and administrative services and to otherwise assist us with service delivery.
From time to time we may also engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider.
By providing your personal information to us, you consent to us disclosing your personal information to any such overseas recipients for purposes necessary or useful in the course of operating our business, and agree that Australian Privacy Principle 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles under the Privacy Act, that entity will not be bound by, and you will not be able to seek redress under, the Privacy Act.
4. European Union General Data Protection Regulation
To the extent that we collect, process or store data of European Union (EU) citizens or offer services to people in the EU, the European Union General Data Protection Regulation (GDPR) applies.
(b) the right to receive your personal data in a machine-readable format and send it to another entity (“data portability”);
(c) the right to complain about or query how we process your personal information;
(d) the right to obtain access to the personal data held about you;
(e) the right to ask for incorrect, inaccurate or incomplete personal data to be corrected;
(f) the right to request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers; and
(g) the right to have your personal information erased by us (for instance, where your personal information is no longer necessary for the purpose for which it was collected, or if you withdraw your consent).
You can exercise any of your rights described above by contacting us at firstname.lastname@example.org to notify us of the right you intend to exercise.
5. What do we do if there is a data breach?
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Law. Pursuant to our obligations under the Privacy Law, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of a data breach.
6. Security of personal information
We take all reasonable steps to protect your personal information, including internal and external security, restricting access to personal information to those who have a need to know, maintain technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We use secured IT systems.
We will also destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
We collect information in relation to employees as part of their application and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies. Such information may include contact details, qualifications, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of usage of our equipment (e.g. phones, computers and vehicles).
Under the Privacy Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship. We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.
8. Accessing and correcting your personal information
You may contact us (see section 12) to request access to the personal information that we hold about you and/or to make corrections to that information, at any time. On the rare occasions when we refuse access, we will provide you with a written notice stating our reasons for refusing access. We may seek to recover from you reasonable costs incurred for providing you with access to the personal information we hold about you.
We are not obliged to correct any of your personal information if we do not agree that it requires correction and may refuse to do so. If we refuse a correction request, we will provide you with a written notice stating our reasons for refusing.
We will respond to all requests for access to or correction of personal information within a reasonable time.
9. Resolving personal information concerns
When contacting us please provide as much detail as possible in relation to your question, concern or complaint.
We take all complaints seriously, and will respond to your complaint within a reasonable period. We request that you cooperate with us during this process and provide us with any relevant information that we may need.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992
10. Contact Us
We can be contacted as follows:
The Company Secretary
Bluestone OCM Pty Ltd
Phone: +61(03) 8525 2770
Last update: October 2020