Evolution Systems (the Company) is committed to providing you with the highest levels of professional service.
This policy applies to all clients, customers, suppliers and prospective employees. This Policy does not apply to acts and practices of the Company which relate directly to the employee records of the Company’s current and former employees.
What is personal information?
Personal information is any information that can be used to identify you. This includes any personal information or opinions about you, whether true or not, no matter how the information or opinions are recorded.
Sensitive information is a special category of personal information and includes, but is not limited to, information about your health, race or ethnic origin, political or religious beliefs, membership of a trade union or association, or criminal record. We will not disclose your sensitive information without your consent, unless there is a need to disclose such information in accordance with the Privacy Act or to comply with any other legislation.
Collection of personal information
The Company collects personal information necessary to lawfully and ethically carry on its business or to recruit future employees.
If you would like to access any of our services on an anonymous basis, please tell us. If this is possible and lawful, we will take all reasonable steps to comply with your request. However, we may not be able to provide the services or supply the product in question if we are not provided with the personal information requested.
What personal information do we collect and use?
The nature and extent of personal information collected by the Company varies depending on your particular interaction with the Company.
Personal information that we commonly collect and use includes your name, position, date of birth, current address, facsimile numbers, email address, telephone numbers, next of kin, tax file number, education details, Australian Business Number, bank details, business references, financial details, details about your business, drivers licence number and preferred means of contact, professional credentials, hobbies and interests.
The personal information that we collect and hold usually falls into one of the following categories:
- personal information, including name and contact information of persons consenting to receive marketing and other promotional material on their or their employer’s behalf;
- information and opinions from referees of prospective employees; and
- personal information about our customers, suppliers or their respective officers or employees, in the course of conducting our business.
We use personal information you provide only for purposes consistent with the reason you provided it, or for a directly related purpose.
We will not use your personal information in a manner contrary to the Privacy Act or this Policy.
How do we collect personal information?
Where possible, we collect your personal information directly from you. We collect information through various means, including interviews, appointments, forms and questionnaires. If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us.
In some situations we may also obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act.
When do we disclose your personal information?
We will use and disclose your personal information for the purpose for which it was collected. We may also use and disclose it for related or ancillary purposes, such as for the development and marketing of our products and services. We guarantee that we will not sell your personal information to any third party, except as permitted under the Privacy Act or by law.
For the purposes referred to in this Policy, we may disclose your personal information to external organisations including:
- your referees;
- your former employers;
- credit agencies;
- our professional advisors, including our accountants, auditors and lawyers;
- our Related Entities and Related Bodies Corporate (as those terms are defined in the Corporations Act 2001 (Cth)); and
- our contractors and suppliers.
Access to and correction of your personal information
We will take all reasonable steps to ensure that the personal information that we hold is accurate and up to date. You have a right to access and copy your personal information, subject to certain exceptions provided for in the Privacy Act. If you believe that personal information we hold about you is not accurate, complete or up to date, or your details are about to change, please inform us and we will take all reasonable steps to correct or update our records. We may charge a reasonable fee for photocopying any information requested by you.
Security of your information
We will take all reasonable steps to secure your personal information.
A person may use our website anonymously but any information which a person chooses to submit to us will be treated in accordance with this Policy.
Our internet service provider may record details of visits to our site and when visiting our site your visit may be logged and the following information collected:
- the visitor’s server address, domain name and browser type;
- the date and time of the visit to the site;
- the pages accessed and the documents downloaded;
- the previous website visited;
- the user’s operating system; and
- the links followed from other sites to get to the current site.
The information listed above is collected for statistical and research purposes only and will only be utilised internally by the Company.
In addition to the information that we store about our clients, we also store information on behalf of our clients as part of our hosting services. Data hosted by us on behalf of our clients will always be located within Australia.
Where we hold information on behalf of a client, it is the responsibility of our client to ensure that they operate within the guidelines of the Australian National Privacy Principles. For hosted data, we take reasonable steps to ensure that: our premises are secure; tape backups are stored securely; a state-of-the-art firewall is deployed; and that regular internal and external security reviews are conducted. The Company will provide specific details of these steps at our discretion upon request and receipt of a signed non-disclosure agreement.
Compliance. We are required to comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act.
Investigation and assessment. If we become aware that a Data Breach in respect of Personal Data held by us may have occurred, we will:
- investigate the circumstances surrounding the potential Data Breach to determine whether a Data Breach has occurred; and
- if a Data Breach has occurred, carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
Undertaking. If we become aware that there has been an eligible data breach in respect of Personal Data held by us, and the Personal Data relates to you or you are at risk from the eligible data breach, we will ensure that either we, or a relevant APP entity that is the subject of the same eligible data breach:
- prepare a statement that complies with subsection 26WK(3) of the Privacy Act;
- provide a copy of the statement to the Office of the Australian Information Commissioner (OAIC); and
- if it is practicable, notify you of the contents of the statement, or otherwise publish a copy of the statement on the Website and take reasonable steps to publicise the contents of the statement, as soon as practicable after the completion of the preparation of the statement.
Complaint. If you have a complaint about how we collect, use, disclose, manage, otherwise Process or protect your Personal Data, or consider that we have breached applicable Data Protection Laws and Regulations or the APPs, please contact us using our contact details below. We will respond to your complaint within 14 days of receiving it.
Response and resolution. Once the complaint has been received, we may resolve the matter in a number of ways:
- Request for further information: We may request further information from you. Please provide us with as much information as possible, including details of any relevant dates and documentation. This will enable us to investigate the complaint and determine an appropriate solution.
- Discuss options: We will discuss options for resolution with you and if you have suggestions about how the matter might be resolved you should raise these with our Privacy Officer.
- Investigation: Where necessary, the complaint will be investigated. We will try to do so within a reasonable time frame. It may be necessary to contact others in order to proceed with the investigation. This may be necessary in order to progress your complaint.
- Conduct of our employees: If your complaint involves the conduct of our employees we will raise the matter with the employee concerned and seek his or her comment and input in the resolution of the complaint.
Notice of decision. After investigating the complaint, we will give you a written notice about our decision.
OAIC. You are free to lodge a complaint directly with the OAIC online, by mail, fax or email. For more information, please visit the OAIC website at oaic.gov.au.
Please forward all correspondence in respect of this Privacy Notice to:
Evolution Systems Pty Limited
604/247 Coward Street
New South Wales 2000
Tel: +61 2 9304 4400
Email: [email protected]
Interpretation + Definitions
Personal pronouns: Except where the context otherwise provides or requires:
- the terms we, us or our refers to Evolution; and
- the terms you or your refers to a user of a Platform, a Customer to whom we supply Deliverables and Services or any other relevant Data Subject from, or concerning, whom we collect their Personal Data directly, or indirectly.
Terms defined in the Privacy Act have the meaning given to them in the Privacy Act.
Defined terms: In this Privacy Notice unless otherwise provided, the following capitalised terms shall have their meaning as specified:
APPs means any of the Australian Privacy Principles set out in Schedule 1 of the Privacy Act.
Customer means the person so named or contemplated as the customer, whether pursuant to a Proposal or by some other means of contracting with Evolution.
Data Breach means unauthorised access, modification, use, disclosure, loss, or other misuse of Personal Data controlled or Processed by us.
Data Protection Laws and Regulations means any and all applicable laws relating to the Processing of Personal Data, data security and privacy applicable to the performance of an Agreement of which the Data Processing Service Schedule forms part or in another relevant context, including applicable guidance and codes of practice, codes of conduct issued by the OAIC, any other relevant supervisory authority, Member States of the European Union or the European Data Protection Board (as may be applicable), or any applicable association and including to the extent applicable the GDPR, the Privacy Act 1988 (Cth) and corresponding privacy laws and regulations in each state and territory of Australia, such laws as amended from time to time.
Personal Data means any information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in material form or not, about an individual whose identity is apparent, or can be reasonably ascertained, from the information or opinion.
Platforms means all or any of the relevant platforms, electronic interfaces and websites that are owned, provided and/or operated from time to time by us (including, but not limited to, the Website), regardless of how those sites are accessed by users (including via the internet, mobile phone, mobile application, web browser or any other device or by other means).
Process means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (subject to applicable laws).
Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.
Privacy Notice means this Privacy Notice as amended from time to time.
Proposal means a document expressed to be a Proposal, work order, purchase order, services order, services estimate or other contractual proposal, quote or order (in each case in writing) for goods and/or services to be supplied by Evolution and includes any of its Schedules and Annexures. It may also include or reference terms and conditions specific to relevant goods and/or services by way of a relevant Service Schedule.
Service Schedule means a document by that name which details terms and conditions specific to a particular Service or other deliverable.
Website means www.evolutionsystems.com.au and any other websites established and used by us from time to time.