Pia is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
What is ‘Personal Information’ and Why Do We Collect It?
Personal information is any information that identifies you or by which your identity may be reasonably determined. Personal information we may collect from you includes your name, address, location details, contact details, business details, telephone numbers, email addresses and other information relevant to your engagement with us.
For the purposes of General Data Protection Regulation (GDPR), “Personal Information” and “Personal Data” are interchangeable terms. Personal Data means any information relating to you such as a name, an identification number, location data, online identifier or to one or more specific to the physical, physiological, genetic, mental, economic, cultural, or social identity. Under GDPR you can be referred to as the “Data Subject” or as the “User” as you are the individual using the service.
We generally collect personal information directly from the individual through meetings, phone calls, website visits, email, social media, and surveys. Pia may obtain details about you from marketing databases or other sources that are publicly available such as websites, journals, and online directories. However, you will always have an opportunity to opt-out of receiving marketing from us.
We collect your personal information for the primary purpose of providing our services to you. We may also use your personal information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
We may also use your information to conduct marketing activities including targeted and non-targeted promotions. You may
unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
Website and Cookies
To ensure we are meeting the needs and wants of our website users, and to develop our online services, we may collect aggregated information by using cookies or similar electronic tools.
Cookies may be placed on your computer or internet-enabled device whenever you visit us online. This allows the site to remember your computer or device and serves several purposes.
You can accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, please be aware that if you do not accept cookies, you may not be able to fully experience some of our website’s features.
We do not use this technology to access any personal information of a user in our records and a user cannot be personally identified from a cookie. In our analytical reports, we may obtain other identifiers including public IP addresses, but this is for the purpose of identifying the number of unique visitors to our website and geographic origin of visitor trends and is not used to identify individual visitors.
We do not normally collect or store ‘sensitive information’ as defined in the Privacy Act 1988 (e.g. information about ethnic origin, religious beliefs, or health). However, where we are required to and it is practicable to do so, we will seek your consent before collecting your sensitive information and inform you of the purpose at the time.
Where reasonable and practicable to do so, we will collect your personal information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your personal information may be disclosed in several circumstances including the following:
Security of Personal Information
Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification, or disclosure.
When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to your Personal Information
You may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please contact us in writing.
Pia will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information.
In order to protect your personal information we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate, complete, and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
Maintaining the Quality of your Personal Information
This Policy may change from time to time and is available on our website.
Legal Basis for Processing Personal Data Under GDPR
We may process personal data under the following conditions:
- Consent: You have given your consent for processing personal data for one or more specific purposes.
- Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which Pia is subject.
- Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
- Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in Pia.
- Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by Pia.
If required, we will help to clarify the specific basis that applies to the processing, and whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter a contract.
Your Rights Under the GDPR
- Request correction of the personal data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your personal data. This right exists where we are relying on legitimate interest as the legal basis for our processing and there is something about your situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request erasure of your personal data. You have the right to ask us to delete or remove personal data when there is no good reason for us to continue processing it.
- Request the transfer of your personal data. We will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the service.
Exercising of Your GDPR Data Protection Rights
You may exercise your rights of access, rectification, cancellation and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible. You also have the right to complain to a Data Protection Authority about our collection and use of your personal data if required.
A: Level 2, Lamerton Building, 1 Lamerton Cres, Shellharbour NSW 2529