Senior Risk & Quality Advisor
81 Prinsep Road
JANDAKOT WA 6164
Phone: +61 8 6163 5000
2.1 "Personal Information" is information or an opinion, whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained. Personal Information collected may include (but is not limited to) the following:
2.2 What sensitive information do we collect about you?
We may also collect sensitive information about you including information about your health. Unless required by law, we will only collect sensitive information with your consent.
2.3 What information do we collect via our website?
We will not collect any Personal Information about users of our website except when they knowingly provide it (for example, when you fill out an online form) or as otherwise described below.
(i) Click Stream Data
When you visit and browse our website, our website host may collect information for statistical, reporting and maintenance purposes.
Subject to paragraph 3, the information collected by our website host is used to administer and improve the performance of our website and will not be used to identify you. The information may include:
Cookies are small text files that are transferred to a user's computer hard drive by a website for the purpose of storing information about a user's identity, browser type or website visiting patterns. Cookies may be used on our website to monitor web traffic, for example the time of visit, pages visited and some system information about the type of computer being used. We use this information to enhance the content and services offered on our website.
Cookies are sometimes also used to collect information about what pages you visit and the type of software you are using. If you access our website or click-through an email we send you, a cookie may be downloaded onto your computer's hard drive.
Cookies may also be used for other purposes on our website but in each case none of the information collected can be used to personally identify you.
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
We collect your Personal Information to allow us to conduct our business functions, market and sell our products and services.
We may collect your Personal Information when you:
We may also collect Personal Information about you via third parties (i.e. other organisations); however we will only collect your Personal Information in this way if it is unreasonable or impractical to collect this information directly from you and if we are otherwise permitted to do so.
We store Personal Information electronically and in hard copy depending on how the data was collected.
Any Personal Information that is collected via our website or which is held on our computer systems is protected by safeguards including physical, technical (firewalls, SSL encryption, etc.) and procedural methods.
Personal Information held in hard copy form is kept to a minimum and secured in locked safes and cabinets when not in use.
Some Personal Information is stored with third parties with whom we do business. We have strict privacy and confidentiality arrangements in place with those parties. We aim to keep all Personal Information secure at all times and only make it available to those at ATCO who require it to perform their job.
We do not collect sensitive or financial information about our users via our website.
If we find that we have no further need for your Personal Information we may remove it from our systems and destroy all record of it.
We use the Personal Information we collect about you for our business functions and activities, which may include the following:
We may collect and use your Personal Information for other purposes not listed above. If we do so, we will make it known to you at the time we collect or use your Personal Information.
We do not otherwise disclose your Personal Information without your permission, unless the disclosure is:
Depending on the nature of your engagement with us, we may disclose your Personal Information to our related entities, to third parties that provide products and services to us or through us, or to other third parties including:
We may also disclose your Personal Information to our website host or software application providers in certain limited circumstances, for example when our website experiences a technical problem or to ensure that it operates in an effective and secure manner.
Where we receive unsolicited Personal Information, we will check whether that Personal Information could have been collected by us from you on the basis that it is reasonably necessary for, or directly related to, one or more of our functions and activities.
If it is, we’ll handle this information the same way we do with other information we seek from you.
If not, we’ll ensure the information is destroyed or de-identified if it is lawful and reasonable to do so.
We’ll only keep your information for as long as we require it for our purposes. We’re also required to keep some of your information for certain periods of time under law.
When we no longer require your information, we’ll ensure that we take reasonable steps to destroy your information or ensure that it is de-identified.
We may also use your Personal Information for sending you information, including promotional material, about us or our products and services, as well as the products and services of our related entities and third parties, now and in the future. Such marketing activates may be via direct mail, email, SMS and MMS messages.
You can contact us using the contact details specified on page 1 above if you do not want to receive marketing information from us, and we will stop sending it to you.
You are entitled to access Personal Information that we hold about you. If you request access to your Personal Information, in ordinary circumstances we will give you full access to your Personal Information. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your Personal Information, we will provide you with reasons for the refusal.
We take all reasonable steps to ensure that any Personal Information we collect and use is accurate, complete and up-to-date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested, and properly update the information provided to us to keep it true, accurate, current and complete. Please contact us in any of the ways specified in in section 1 above if you believe that the Personal Information is inaccurate or incomplete, and we will use all reasonable efforts to correct the information.
ATCO takes reasonable steps to protect the Personal Information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when Personal Information held by ATCO is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, ATCO’s database containing Personal Information is hacked or an entity mistakenly provides Personal Information to the wrong person.If:
- there is unauthorised access to, or unauthorised disclosure of, Personal Information, and the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates; or
- Personal Information is lost in circumstances where unauthorised access to, or unauthorised disclosure of, the information is likely to occur, and if it did occur it would be likely to result in serious harm to any of the individuals to which the information relates,
then there has been an “eligible data breach” under the Australian Privacy Act 1988.
If ATCO has reasonable grounds to suspect that there may have been an eligible data breach in relation to Personal Information which it holds, ATCO will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, ATCO is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to Personal Information which it holds (or held), ATCO will comply with its notification requirements under the Australian Privacy Act 1988. This may mean that ATCO notifies individuals to whom the relevant information relates.
We will investigate your queries and complaints within a reasonable period of time (usually within 30 days) and will notify you of the outcome of our investigation.
If you are not satisfied with our response you may request that your query or complaint is referred to be dealt with under our internal complaints handling procedures.
In the event that the matter cannot be resolved, you may also address your query or complaint to the Office of the Australian Information Commissioner: