This Policy was last updated on November 2018
Brentnalls SA ABN 74 705 292 014 ("Brentnalls SA", "we" or "us") is strongly committed to protecting the personal information and credit related personal information ("credit information") that we may hold about you. Our management, use and disclosure of personal information and credit information is governed by the Privacy Act 1988 (Cth) ("Act") (including Australian Privacy Principles ("APPs"), Part IIIA ("credit reporting provisions") and the Credit Reporting Privacy Code ("CR Code") ("collectively, "Privacy Law").
By voluntarily supplying us with your personal or credit information, you are agreeing to be bound by this Policy.
This Policy is periodically reviewed. Any amendments to this Policy will be notified to you by posting an updated version on our website, www.brentnalls-sa.com.au.
Please note that Brentnalls SA's website contains links to other websites. When a user has clicked on a link to another site, they leave the Brentnalls SA's site and are no longer protected by this Policy.
Collection of personal information
The personal information we may collect about you includes:
- contact information such as your name and address, telephone numbers, email address and date of birth;
- financial information, including bank account details and credit card details;
- business details, including Australian Business Number;
- tax file number (as authorised by law); and
- other information we may be required by law to collect to perform our services or voluntarily provided by you.
We may also collect and or hold the following sensitive information with your consent and if reasonably necessary for the purposes of providing our services to you:
- racial or ethnic origin;
- membership of a professional or trade association;
- membership of a trade union;religious beliefs or affiliations;
- criminal record; and
- political opinions, membership of a political association, philosophical beliefs.
If Brentnalls SA receives any personal information which it has not solicited from an individual it will take such steps as are necessary to lawfully destroy or de-identify the information if Brentnalls SA cannot establish that it could otherwise have lawfully obtained the information.
We may use 'cookies' or similar technologies to collect data. A cookie is a small file, typically of letters and numbers, downloaded onto a device when you access our website.
Brentnalls SA's website collects the following information from users:
- your server address;
- your top level domain name (for example, .com, .gov, .au etc);
- the date and time of your visit to the site;
- the pages you accessed;
- the previous site you have visited;
- the type of browser you are using; and
- if you use our client portal, a record of your last login.
Collection of credit related personal information
Brentnalls SA may collect, use, hold or disclose the following types of credit related personal information:
- identification information- name, date of birth, current or previous address, name of current employer, drivers licence number;
- type and amount of credit sought;
- publicly available information about an individual's creditworthiness;
- consumer credit liability information- name of credit provider, type of consumer credit, details of the consumer credit provided;
- default information;
- repayment history information;
- payment information in relation to an overdue payment;
- new arrangement information;
- court proceedings information;
- personal insolvency information; or
- opinion that a serious credit infringement has been committed by an individual.
Means of collection of personal and credit related personal information
Your personal and credit information may be collected in a number of ways, including:
- directly by our staff when you seek, or enquire about, our services;
- when you use our website;
- when you attend an event hosted by us;
- when you apply to be employed by us; or
- when you apply to provide services to us.
In some circumstances, where it is unreasonable or impracticable to collect information from you, we may collect information about you from a third-party source. For example, we may collect information from a publicly maintained record, from other parties who have a business relationship with you or from a government body.
In addition to the methods above, Brentnalls SA may collect credit information from other credit providers, subject to any restrictions at law. Brentnalls SA does not collect any credit information from credit reporting bodies.
You need not provide all the information requested by Brentnalls SA, but this may prevent us from providing some or all of our services to you.
Use, disclosure & purpose
We collect, hold and disclose your personal and credit information for the following purposes:
- as a necessary part of providing our services to you;
- to assist you in managing your financial and corporate affairs, including dealing with your bank accounts in accordance with your instructions;
- organising other services on your behalf from third parties related to our services;
- to inform you of new services and offers (unless as directed otherwise);
- to comply with statutory and contractual obligations placed upon us;
- where required under accounting and professional standards applicable to us;
- to determine sections of interest on our website and to optimise your experience with the site;
- in the selection process for employment at Brentnalls SA; and
- other purposes related to any of the above.
Brentnalls SA will only use your information for the purposes for which it was collected ("primary purposes") or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.
People we may disclose your information to include:
- government and associated bodies (including our professional body/ies) for the purpose of statutory reporting on behalf of you or your business or to comply with our accounting and professional standards;
- banks and other financial organisations for the purpose of initiating financing for you;
- other organisations to arrange services on your behalf; and
- third parties that provide goods and services to us or through us, such as marketing and digital agencies and our website host or software application providers.
We do not directly disclose your personal information to overseas recipients. However, there may be instances where information is disclosed to overseas recipients through third parties (e.g. banks and other service providers etc) to which Brentnalls SA discloses your information. We do not disclose your credit information to any credit reporting bodies. Any credit information we collect and/or hold about you will be dealt with in accordance with this Policy.
Quality, access to & correction of information
You are entitled to have access to and seek correction of any information that we may hold about you. We require that requests for access to or to update or correct your information to be in writing outlining the details of your request. Such requests should be addressed to the Privacy Officer via the details provided in this Policy.
Brentnalls SA will take appropriate steps to verify your identity (or verify that you act as a legal guardian or authorised agent of the individual concerned) before granting a request to access your information.
We will respond to your request for access to your information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. Brentnalls SA will, on request, provide you with access to your information or update or correct your information, unless the Act provides an exception to us granting your request, including if:
- giving access would be unlawful;
- we are required or authorised by law or a court/tribunal order to deny access; or
- giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We will accept your request for correction of your credit information where we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your information.
If your request for correction of credit information is accepted we will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
We may charge a fee for providing information depending on the scope of information required and the resources involved. This fee will reflect the actual costs of providing information, depending on the complexity of each individual's request.
By supplying, or having previously supplied, your personal or credit information to us, you are agreeing to any or all of the uses outlined above. Where reasonable, we will also seek your consent verbally or in writing for such use of your information in the interests of openness. Subject to the Privacy Law, should we seek to use your personal or credit information for other uses not related to the above, we will seek your consent to do this.
From time to time we may also use your personal information to communicate with you in regard to offers and promotions for our or related services. You are entitled to request that such communications cease at any time and we make provision in our materials for you to advise us of this.
Storage of collected information
Your personal and credit information may be stored as manual files in a secured area, on our client portal website management system, on offsite and/or cloud based servers (including servers based overseas) or on computers with appropriate backup systems and security or in the possession of authorised Brentnalls SA staff and sub-contractors. Archived files are stored in secure on and off-site storage.
We take reasonable steps to protect your information from loss, misuse, interference, unauthorised access or alteration while it is held by Brentnalls SA and when disclosed by Brentnalls SA to third parties.
We aim to achieve this through:
- imposing confidentiality requirements on our employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to our systems;
- only providing access to personal or credit information once proper identification has been given;
- controlling access to our premises; and
- our website protection measures including our DPS secure payment arrangements.
The security of your personal and credit information is important to us. When you enter private information (such as credit card numbers) on our website, we encrypt that information using secure socket layer technology version 3 (SSL). When credit card details are collected, we simply pass them on to DPS in order to be processed as required. We never permanently store complete credit card details. We follow generally accepted industry standards to protect the personal and credit information submitted to us, both during transmission and once we receive it.
Dealing with us anonymously
Where lawful and practicable to do so, you can deal with us anonymously or using a pseudonym. You can deal with us anonymously or using a pseudonym when making a general enquiry about the services that we can offer to you including via telephone, our website or in person.
At the time you engage our services, it is no longer practicable for you to deal with us anonymously or using a pseudonym.
If you believe that Brentnalls SA has breached a term of this Policy or the Privacy Law, you may submit a written complaint. The written complaint can be emailed or posted to us using the contact details set out below. You must include contact details for us to contact you regarding your complaint.
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but not more than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may ask the Privacy Officer to be referred to a higher authority within the company, such as our Managing Partner. If you still remain unsatisfied
with the outcome, you may refer your complaint to the Office of the Australian Information Commissioner to be resolved.
If you wish to:
- gain access to your information;
- make a complaint about a breach of your privacy;
- contact us with a query about how your information is collected or used;
- contact us regarding any other matter concerning this Policy,
you can speak directly with our staff who will do their best to try to resolve your issue as simply as possible. Alternatively, you can write to us or send us an email so that our Privacy Officer can consider the matter. We will respond to you as soon as reasonably possible.
Our contact details are as follows:
Phone: (08) 8241 8444
Privacy Officer contact: Gavin Mitchell - firstname.lastname@example.org
Postal address: PO Box 174 Hindmarsh SA 5007
For more information on privacy see the Office of the Australian Information Commissioner's website at: http://www.oaic.gov.au.