ACCESSCR PRIVACY STATEMENT
AccessCR values the privacy of its users’ personal information. Please read this Privacy Statement carefully as it sets out how we collect, store, use and safeguard your personal and sensitive information in relation to our services on the Site (collectively, the “Service”). It describes our policy for dealing with personal and sensitive information that we collect about our users and people related to our business in compliance with the Australian Privacy Principles (“APPs”) in the Australian Privacy Act 1998 (Cth) (“the Privacy Act”) and the European Union’s General Data Protection Regulation (“GDPR”). It does not apply to the practices of companies that we do not own or control, organisations we might provide links to, or to individuals we do not employ or manage.
In this privacy statement, personal information and personal data are used interchangeably, and, sensitive information and sensitive personal data are used interchangeably, unless otherwise specifically mentioned.
By using the Site, you consent to our collection, use, storage and disclosure of your personal and sensitive information in accordance with this Privacy Statement. We may modify the terms of this Privacy Statement at any time, and by continuing to use the Site, you accept the terms of the Privacy Statement as it applies, and as amended from time to time without prior notification. Your continued use of the Site after any modification to this Privacy Statement will constitute your acceptance of such modification.
We want to be clear about our privacy practices so that you can make informed choices about the use of your personal information, and we encourage you to Contact Us at any time with questions or concerns.
To help ensure a rewarding experience for our visitors and members of our Service, this Privacy Statement details how we protect your personal information and our privacy obligations to you in compliance with the Privacy Act and GDPR. It will give you an understanding of:
- your rights
- the types of personal information we collect
- how we use personal information
- how and when we collect, use, store, disclose and otherwise handle personal information
- the purposes for which we collect, use and disclose personal information
- how we store your personal and non-personal information
- how you may access and seek correction of your personal information
- how to update your personal information
- how you can make a complaint, and how we deal with any such complaint
- how to contact us.
2 YOUR RIGHTS
For us to collect, hold and process your data, you must provide your explicit consent. We will ask for this consent whenever we ask for personal or sensitive information about you, and tell you why and how the information will be used. By consenting to this privacy statement, you are providing us permission to process your personal and sensitive information for the purposes outlined. We will endeavour not to keep information longer than is necessary. You may withdraw your consent at any time by contacting us using the details in section 11.
At any time that we hold information about you, you have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that AccessCR refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
3 TYPES OF INFORMATION WE COLLECT & HOW WE USE IT
We collect personal information from our Site visitors and members for a range of reasons. These reasons may include, for example, to communicate with you, personalise your experience, improve and develop our services, to provide you with support and improve customer service, to market or provide a service to you, to protect you, to analyse/collate/report on our community and outreach, or legal reasons.
A. Personal information provided to us directly
When you fill in a form or use a service on the Site, the personal information you provide helps us identify you.
The APPs requires us to manage personal and sensitive information in an open and transparent manner. We may collect personal and sensitive information from you with your explicit consent, such as name, e-mail address, phone number, age, address and other health or medical information that you provide or volunteer, to provide you with services. We collect personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access the Site and when we provide our Service to you. Your personal information will only be used and stored for the primary purpose for which it was collected and not for any other purpose. If you do not provide us with the information we request, we may not be able to supply you with our Service.
AccessCR will not disclose your personal information to any outside person or organisation without your authorisation, nor does it share its database.
From time to time, AccessCR publicises opportunities for people to get involved in activities, opportunities, surveys, competitions, and the like (collectively, “Project”). Certain activities will be sponsored by AccessCR and others will be externally sponsored. For each Project, the way data is collected, stored and handled will be made transparent at the time of participating in the Project. We will offer people the opportunity to decide on a case by case basis whether they wish to participate in a Project.
To safeguard your personal information, any information provided to AccessCR within Projects or through your interactions on the Site will be de-identified in any collateral or reports made public, unless you give your explicit permission for responses to be linked to your name in a private discussion with us.
There may be situations where you do not want to identify yourself in a Project. We will give you the option of dealing with us anonymously or by using a pseudonym where possible.
We may, with your consent, collect personal information about you or from your authorised representatives for the purpose of providing you with our Service, and marketing other services which we think may be of interest to you, or obtaining your feedback. For example, we may send you Service-related emails (e.g., updates of Website Terms and Conditions, Project information, confirmation of your participation, news, changes/updates to features of the Service and this Statement, and technical and security notices).
We may also use the personal information we collect, and you consent to us using your personal information:
- for purposes, necessary or incidental to the provision of our Service to you
- for internal operations, such as record keeping, database management, data analytics or training
- to provide you with information related to participating in a Project
- to establish and maintain a database of potential candidates willing to participate in a Project
- to manage, research and develop our Service
- to maintain and develop our business systems and infrastructure including testing and upgrading of these systems
- to communicate with you, including by email
- to run cookies on the Site
- to verify your identity, investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions.
We may be required to use and store personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime, loss prevention, or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, which may include laws outside your country of residence; (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; and (c) to protect our rights, privacy, safety, or property, or those of other persons.
By providing personal information to us, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Statement and any other arrangements that apply between us. We may use technologies and third-party services to collect and store that information, including but not limited to:
The APPS require us to correct our personal records of personal information if they are inaccurate, out-of-date, incomplete or misleading, in accordance with the APPs. If your personal information changes, please Contact Us to reflect the change.
B. Cookies and similar technologies
We may collect and process non-personal information about you when you visit the Site using cookies and similar technologies. Non-personal information is information about you or your activities which cannot be used to personally identify you.
We understand that you may want to know more about cookies. Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org. Please click below for detailed information on how to disable and delete cookies in some commonly used browsers:
You can also configure your Internet browser to accept or reject all cookies, or notify you when a cookie is set. If you disable cookies from being stored in your browser, you may not be able to use the full functionality of the Site.
For your information, we maintain a list of the cookies that we are aware are currently used on our website, which you can request at any time.
C. Third-party analytics tools and third-party remarketing tools (non-personal information)
We also share information about your use of the Site with our trusted website developers, social media, advertising and analytics partners. Third-party cookies may be placed on your computer by a service provider to us, for example, to help us understand how our Service is being used. Third-party cookies may also be placed on your computer by our business partners to advertise the Service to you elsewhere on the Internet.
We may use third-party analytics tools to:
- analyse usage trends on the Site including the tracking and reporting of website traffic, ad conversion tracking, traffic analysis and marketing optimisation
- collect this data in aggregate form so that it cannot identify any individual.
Third-party analytics tools collect non-personal information such as how often you visit our Site, the web pages you visit, add-ons, and other analytics data that assists us in improving our Service. These tools might include but are not limited to:
- Google Analytics (Google Inc.)
- Google AdWords conversion tracking (Google Inc.)
- Google Tag Manager (Google Inc.)
Information about your web usage behaviour is held by Google and is subject to its Privacy Statement which can be located at Google’s Privacy and Terms.
- Facebook Ads conversion tracking (Facebook, Inc.)
Information about Facebooks Ad conversion tracking can be located at Facebook’s Terms for Conversion Tracking.
We may use third-party remarketing tools to position targeted ads to visitors that have already visited our Site or to advertise to our users that we already have an existing relationship with. We use our email database to create Custom Audiences on social media and online platforms to promote our Service.
These third-party remarketing tools might include but are not limited to:
- AdWords Remarketing (Google Inc.)
- Facebook Custom Audience (Facebook, Inc.)
- Facebook Remarketing (Facebook, Inc.)
We reserve our rights to modify, add or remove any third-party analytics tools and third-party remarketing tools. By using our Site, you consent to the processing of any non-personal data these tools will collect in the way and for the purposes described above.
4 ACCESS TO YOUR PERSONAL INFORMATION
You may Contact Us to correct or update the personal information that you have provided to us when you subscribed to any of our services, or completed any of our surveys or applications forms. We may need to obtain proof of your identity before implementing your request and may refuse to provide you with certain information where permitted or required by law.
We request that you keep your information as current as possible so that we may continue to improve our Service.
In certain circumstances, the law permits us to deny you access to your personal information if:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety
- access would have an unreasonable impact on the privacy of others
- the request is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings
- access would reveal the intentions of a party in relation to negotiations or prejudice those negotiations
- access would be unlawful
- access may prejudice enforcement activities or a security function.
5 DISCLOSURE OF INFORMATION
Except for the purposes provided in this Privacy Statement, we will not disclose any information that is obtained from you to third parties without your express written permission. We may also disclose personal information to the following parties (either within or outside Australia), when:
- they are our employees, agents, business partners or joint venture entities or partners who are required to follow data privacy laws and security policies when handling personal information;
- they are entities providing services to AccessCR including legal services, financial services, IT services, data providers, storage services, customer relationship management and mailing houses;
- they are sponsors of a Project subject to your consent, or for which you have generally or specifically registered;
- they are authorised by you to receive information held by us;
- they are third parties you authorise to act on your behalf or that are otherwise connected with you (such as your legal representative or other authorised agent or attorney);
- as part of any investigation into you or your activity for breach of these terms and conditions or for any alleged unlawful activity where we reasonably believe that disclosure is necessary to any relevant authority or enforcement body, or your Internet service provider or network administrator; or
- there is a change of control in our business or a sale or transfer of business assets. We may transfer AccessCR and disclose its databases, to the extent permitted by law, to a potential purchaser of our business who will be bound by a confidentiality agreement with us and the privacy laws.
We will disclose your personal information where required to do so by law, court order or subpoena or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security of or integrity of the AccessCR community.
6 DATA SECURITY
We are the data controllers as we are collecting and user your data. We oversee the management of personal information in accordance with this Privacy Statement, the APPs and the Privacy Act, and GDPR. We have also taken reasonable steps to ensure the security of your personal information. We employ appropriate technical, administrative and physical procedures to protect personal information from misuse, interference and loss, unauthorised disclosure or alteration.
We use trusted third parties as our data processors for technical and organisational purposes, including for event registrations, payments, email marketing and referral management. We make reasonable efforts to ensure our data processors are GDPR compliant, and where appropriate have data processing agreements in place with them.
You acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose your personal information to in accordance with this policy or any applicable laws). The collection and use of your information by such third parties may be subject to separate privacy and security policies.
You also acknowledge that the security of communications sent by electronic means or by post cannot be guaranteed. We do not, for example, have any control over what happens between your device and the boundary of our information infrastructure. You provide information to us via the Internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control. No data transmission over the Internet can be guaranteed to be totally secure. You as an individual are responsible for the security of and access to your own device. If you suspect any misuse or loss of, or unauthorised access to, your personal information, or any other privacy breach please let us know immediately.
For international users of the Site, you agree that the personal information you provide to us will be dealt with under Australia’s privacy laws, particularly in relation to handling medical and health information.
7 THIRD PARTY INFORMATION
We may link to or otherwise make available third-party information on the Site.
Please note that we are not responsible for the privacy practices of other websites including websites that are linked to the Site. It is the responsibility of the individual Internet user to make decisions regarding the relevance, accuracy, currency and/or reliability of information found on linked sites. Please read the terms and policies of third-party sites before accessing or using such sites. The inclusion of a link on this Site does not imply any endorsement of the linked site by us.
8 AMENDMENT OF THIS PRIVACY STATEMENT
If and when we amend this Privacy Statement in any way, we will make all reasonable efforts to bring those changes to the attention of our visitors and members. An updated version of our Privacy Statement will be maintained on the Site so that you remain aware of our policies. The updated version will become effective on the date it is posted, which will be listed on the page as the new effective date. We encourage you to check our Site from time to time to view our current statement.
9 LIMITATION OF LIABILITY
Your use of the Site and its content is at your own risk.
We will take all reasonable steps to keep your personal information secure but to the maximum extent permitted by law, we exclude all liability for the consequences of any unauthorised access to your information. This includes (but is not limited to) loss or damage you or your clients might suffer because of any of the following:
- reliance on the completeness, accuracy, suitability or currency of the Site (including third-party material and advertisements), irrespective of any verifying measures taken by us, as the material on the Site is for general information and interest only;
- failure of performance, error, omission, interruption, deletion, defect, delay in operation or transmission, virus or other harmful component, loss of data, communication line failure, unlawful third-party conduct, or theft, destruction, alteration or unauthorised access to records;
- accessing any sites or servers maintained by other organisations through links on the Site or any communication from the Site. Links are provided for the convenience of users of the Site only and without responsibility for the content or operation of those sites (unless otherwise stated, linked sites and the services are not endorsed by us and your linking to any such site is at your own risk);
- the provision of credit card or other financial information, the failure to complete (or delay in completing) any transaction, or other loss or damage arising from any e-commerce transacted or attempted to be transacted on the Site (if any), or
- defamatory, threatening, offensive or unlawful conduct of third parties or publication of any materials relating to or constituting such conduct.
Although we take all appropriate security measures to protect your information, we cannot guarantee the security of information transmitted over the Internet. Please do not send sensitive or confidential information to us by email as transmission over the Internet cannot be completely guaranteed. We assume no responsibility for any loss of confidentiality or for the security of any information that you transmit to us electronically. We make no warranties or representations, express or implied, that material on the Site does not infringe intellectual property rights of any person anywhere in the world.
10 CONTACTING US AND OPTING OUT
You can contact us by email or phone. When you contact us, you can elect if you wish to provide us with personal information other than your e-mail address. The personal information you provide us will only be used for the purpose you disclosed it, for example, for answering your inquiry or for providing information about our Service.
Subject to the exceptions set out in the Privacy Act, you may seek access to and update the personal information we hold about you. We will require you to verify your identity and to specify what information you require. A fee may be charged for providing access, however, we will advise you of the likely cost in advance. We request that you keep your information as current as possible so that we may continue to improve our Service to you.
If we use your personal information to market and promote our Service with your consent, you may notify us at any time that you do not wish to receive marketing or promotional material by contacting us directly or through the “Unsubscribe” mechanism in our marketing or promotional emails.
Our contact details can be found online at: http://www.accesscr.com.au
To build a better and stronger community, we welcome feedback about privacy issues and will attend to all questions and complaints promptly.
Please email us if you have any questions or concerns about our collection, use or disclosure of personal information. If you would like to seek access to personal information we hold about you, or if you have any questions or complaints about how we collect, use, disclose, manage or store your personal information, you can contact the department that collected your personal information in the first instance, or write to: AccessCR – Level 40, 100 Miller Street, North Sydney NSW 2060, Australia.
We will aim to resolve any complaints within 14 days.
If you remain dissatisfied, you may refer your complaint to the following:
- If in Australia, the Office of the Australian Information Commissioner:
Director of Compliance, Office of the Australian Information Commissioner, Sydney NSW 2001
- If in the European Union, the European Data Protection Supervisor (https://edps.europa.eu/) or your National Data Protection Authority.
© 2020 ACCESSCR. ALL RIGHTS RESERVED.
Privacy Statement last updated 12 Jan 2020.