1.1 The purpose of this Policy is to ensure that Poly, an entity that is subject to the Australian Privacy Principles contained in the Privacy Act 1988 and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (together Legislation), manages personal information in a manner that complies with the Legislation. For the latest versions of the Legislation, please see www.comlaw.gov.au
1.2 This Policy sets out Poly’s management and requirements in relation to the protection and proper handling of personal information collected from individuals. It also provides individuals with the opportunity to make inquiries about Poly’s compliance with the Legislation.
1.3 For further information in relation to privacy, please visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au
2.1 Individuals are not required to identify themselves when dealing with Poly unless:
Collection of Personal Information
3.1 Poly only collects personal information when it is reasonably necessary for Poly’s functions or activities. The types of personal information that Poly may collect includes, but is not limited to:
3.2 The circumstances for which Poly may collect personal information include, but are not limited to:
3.3 Poly generally does not collect sensitive personal information about an individual, such as:
3.4 However, Poly may collect sensitive personal information if it is necessary for Poly to deal with the individual and the individual has consented to Poly doing so.
3.5 Poly may also collect personal information about an individual from a third party who may be the individual’s agent when it is reasonably necessary to do so. Poly will take reasonable steps to inform the individual that Poly has the individual’s personal information, unless it is obvious to the individual from the circumstances that Poly holds such information.
Notification of Collection of Personal Information
4.1 At or before the time, or, if that is not practicable, as soon as practicable after, Poly collects personal information about an individual, Poly will notify the individual of the following matters unless it is obvious from the circumstances:
Use or Disclosure of Personal Information
5.1 Poly generally holds personal information about an individual that was collected for a particular purpose (Primary Purpose) and will not use or disclose the information for another purpose unless:
5.2 Poly may use the personal information for a purpose other than the Primary Purpose if:
5.3 Poly may use or disclose personal information for a purpose including, but not limited to:
5.4 Poly may disclose personal information to other Poly-related entities (together Poly Entities) and external parties in certain circumstances, including but not limited to:
5.6 Poly will not sell personal information to external entities for profit.
6.1 Poly may use or disclose personal information (other than sensitive personal information) about an individual for the purpose of direct marketing if:
6.2 Poly may use or disclose sensitive personal information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
6.3 If Poly uses or discloses personal information about an individual:
6.4 The individual may:
6.5 If an individual makes a request under paragraph 6.4, Poly will give effect to the request within a reasonable period after the request is made.
Cross-border Disclosure of Personal Information
7.1 Poly may disclose personal information to parties outside of Australia as Poly is a foreign-owned entity and has affiliates globally. Poly will limit the disclosure of personal information under circumstances that are necessary, and will do so in accordance with the Australian Privacy Principles. Poly will also take necessary reasonable steps to ensure that the recipients of personal information have an appropriate data management mechanism in place.
Security of Personal Information
8.1 Poly will take reasonable steps in the circumstances to protect the personal information:
8.3 Poly will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Access to Personal Information
9.1 An individual can make a request in writing to Poly to access that individual’s personal information which may be held by Poly, provided the individual provides Poly with proof, to Poly’s satisfaction, of the identity of the individual making the request.
9.2 Poly may impose a charge for processing such request if it is necessary for Poly to expend time and resources to answer the request – otherwise, making the request is free of charge.
9.3 If the request to access personal information is not permitted by the Legislation or an Australian law, Poly will deny the request and provide the individual with a reason for such decision.
Correction of Personal Information
10.1 An individual can make a request in writing to Poly to change the personal information held by Poly about that individual that the individual believes to be inaccurate, out-of-date, incomplete, irrelevant or misleading.
10.2 If Poly is of the view that the personal information should not be changed, Poly may refuse to do so by providing the individual with reasons for such a decision.
10.3 If the individual disagrees with Poly’s view in paragraph 10.2, the individual can request a statement to that effect to be linked to the individual’s personal information and Poly must make keep that statement so linked.
11.1 Poly has an internal complaints management system to deal with complaints in relation to the handling of any individual’s personal information.
11.2 Please forward any complaints in writing to: firstname.lastname@example.org
Changes in the Future