1. Collection and Storage of Personal Information and Data
We may collect personal information about individuals. Our usual approach is to collect personal information directly from the individual concerned.
For example, we collect personal information in circumstances including:
(a) when services are ordered;
(b) when owners corporations or managing agents provide information to us about a particular lot owner or tenant;
(c) when you complete an enquiry form in relation to our services;
(d) when you (whether on your own behalf or on behalf of another business) enter into an agreement with us for the supply of goods or services (either from us or to us);
(e) when you telephone us, visit our website or meet with us and make an enquiry to which a later response is requested and to do so requires your contact details;
(f) when we receive notices of acquisition notifying us that a lot for which we provide services has changed owners;
(g) where a lot owner appoints a representative to communicate with us about the services we provide for their lot; and
(h) when evaluating job applicants and personnel, including their contact details, employment history and educational qualifications.
We hold personal information in our own secure databases.
2. Use of Personal Information
We use the personal information collected from you for the purpose it was provided or collected (as indicated above), including in the following ways:
(a) to respond to enquiries received from you;
(b) to carry out our obligations arising from any contracts entered into between you and us;
(c) to perform authorised financial transactions with you;
(d) for administrative purposes in relation to the ongoing management of the services we provide to you;
(e) to communicate with you and provide you with information (whether by email, post or other means) about our services, where you have requested or consented to receiving this from us or where this provision is otherwise permitted under the Australian Privacy Principles;
(f) to notify you about changes to our services;
(g) to receive and address feedback or complaints from you;
(h) where you have overpaid for our fees and we require your bank account details to refund you;
(i) when an owners corporation has appointed us as an agent:
A. to identify and make contact with lot owners and/or tenants;
B. to coordinate with building managers and other relevant third party contractors in connection with the management of a building; and/or
C. to coordinate with Owners Corporation Committee members in connection with the management of a building, including to identify and make contact with lot owners and/or tenants.
(j) to receive personal information about that lot owner’s representative so that we can communicate with that representative;
(k) to undertake debt collection services when fees owed to us are in arrears;
(l) to verify your details before we provide you with security devices such as an FOB access card;
(m) to protect our legal interests and fulfil our legal, regulatory and tax obligations (if and to the extent necessary), including any obligations arising in connection with the Owners Corporations Act 2006 (Vic); and
(n) to carry out any other functions that are reasonably necessary for and incidental to the provision of our services to you.
3. Disclosure of Personal Information
We may disclose your personal information to any of our related group companies. They will only use it for the same purposes that we may under this policy.
We may provide personal information to third parties outside our group companies for limited purposes, such as to help us in providing services to customers.
Those persons and businesses may include:
(a) organisations who carry out credit, fraud and other security checks;
(b) couriers and delivery businesses (where we arrange to deliver goods to you or persons you have requested us to send deliveries to);
(c) our accountants, auditors or lawyers;
(d) debt collectors who are appointed by us to collect fees that are in arrears;
(e) where a third party has requested an Owners’ Corporation Certificate;
(f) where government authorities such as police request CCTV footage and request information about individual lot owners;
(g) where government authorities request information in connection with regulatory matters arising under the Owners Corporations Act 2006 (Vic);
(h) other lot owners, when we send out reports regarding which lot owners are in arrears in respect of their fees; and
(i) Owners Corporation committee members as appropriate for the purpose of assisting committee members to execute their duties.
We may also disclose your personal information to third parties outside our group of companies:
(a) where we have your express permission to do so;
(b) where it can reasonably be inferred from the circumstances that you consent to the disclosure to the third parties;
(c) if we or substantially all or some of our assets are acquired by a third party, in which case personal information which we hold about our customers may be one of the transferred assets (subject to the same constraints on use and disclosure as under this policy); and
(d) if we are under a duty to disclose or share your personal information in order to comply with any legal or regulatory obligation, in order to enforce or apply our terms and conditions, or to protect our rights, property, or safety of that of our personnel or customers. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services to you. We deal with third parties that are required to meet the privacy standards required by law (subject to the below paragraph below in relation to overseas disclosures) in handling your personal information, and use your personal information only for the purposes that we gave it to them.
4. Cross-Border Disclosure
Your personal information may also be processed by, or disclosed to foreign third parties operating outside of Australia. For instance, if you are a foreign lot owner residing overseas, we may be required to liaise with third parties who are not located in Australia in order to provide our services to you.
If we need to disclose your personal information to an overseas entity, we will firstly seek your express consent to the disclosure. We will only propose to share your personal information with an overseas party in circumstances where you would reasonably expect us to do so and if the disclosure is related to the purposes for which your information was collected. We will not disclose your personal information to third parties overseas if you do not provide your consent.
To assist you in making an informed decision about providing your consent, at the time of seeking your consent to overseas disclosure, we will explain to you that:
(a) by providing your consent, an overseas recipient will not be accountable for any breaches of the Australian Privacy Principles in connection with its handling of your personal information;
(b) you may not be able to seek redress for any such breaches of your privacy rights (for instance, if the overseas jurisdiction in question does not have comparable privacy laws to Australia);
(c) you may not be able to access or retrieve your personal information from the overseas recipient; and
(d) we are unable to and will not be taking any steps to ensure that any overseas recipients will comply with the Australian Privacy Principles.
5. European Union General Data Protection Regulation
To the extent that we collect, process or store data of European Union (EU) citizens or offer services to people in the EU, the European Union General Data Protection Regulation (GDPR) applies.
(b) the right to receive your personal data in a machine-readable format and send it to another entity (“data portability”);
(c) the right to complain about or query how we process your personal information;
(d) the right to obtain access to the personal data held about you;
(e) the right to ask for incorrect, inaccurate or incomplete personal data to be corrected;
(f) the right to request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers; and
(g) the right to have your personal information erased by us (for instance, where your personal information is no longer necessary for the purpose for which it was collected, or if you withdraw your consent).
You can exercise any of your rights described above by contacting us at email@example.com to notify us of the right you intend to exercise.
6. What do we do if there is a data breach?
In the event of a data breach, such as the unauthorised loss, use or disclosure of personal information, we will assess and respond in line with our applicable policies and procedures, which incorporate the requirements contained in the Privacy Law. Pursuant to our obligations under the Privacy Law, we will notify you where your personal information is involved in an eligible data breach that is likely to result in serious harm. Such notification will also include making recommendations about the steps you should take in response to the breach. Where required by law, the Australian Privacy and Information Commissioner will also be notified of a data breach.
7. Security of personal information
We take all reasonable steps to protect your personal information, including internal and external security, restricting access to personal information to those who have a need to know, maintain technological products to prevent unauthorised computer access and regularly reviewing our technology to maintain security. We use secured IT systems.
8. Contact Us
You have a right to access the personal information we hold about you and to raise concerns or complaints or ask for corrections. To raise privacy concerns, including to obtain a copy of the personal information we hold about you, please write to us at:
The Company Secretary
Bluestone OCM Pty Ltd
Phone: +61(03) 8525 2770
Please provide sufficient detail about the personal information in question to help us locate it. We will then use commercially reasonable efforts to promptly determine if there is a problem and take the necessary corrective action within a reasonable time.
Last update: 31/01/2019