Customers & Website Users
Ecoult is bound to comply with the Privacy Act 1988 and the Australian Privacy Principles (“APPs”) that regulate the handling of personal information about individuals.
1. Management of Personal Information
(a) Information Ecoult collects
From time to time Ecoult will collect personal information from customers, research houses, technicians, website users and other individuals (for example business contacts, referrers and potential new customers). The type of personal information that may be collected will depend on Ecoult’s relationship with the person, and the circumstances of collection. Information collected from individuals may include the following:
- residential address, business address, email address, facsimile number and contact telephone numbers;
- employment information;
- bank account details and credit / debit card details; and
(b) How Ecoult collects information
How we collect personal information will largely depend on whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from you.
We may collect information about you when you:
- engage Ecoult for the provision of services;
- purchase goods from Ecoult;
- purchase Ecoult goods from a third party;
- use Ecoult goods;
- supply goods to Ecoult;
- request information from us;
- interact or conduct business with Ecoult;
- telephone, email or write to us;
- contact us through our website; or
- have a face to face meeting with a representative of Ecoult.
As well as collecting information directly from an individual, there may be occasions when Ecoult collects information from a third party, which will supplement the information held by Ecoult.
We may collect personal information from:
- entities that are Related Bodies Corporate (as defined in the Corporations Act 2001 (Cth)) of Ecoult; and
- independent sources.
We will however only collect information from third parties where it is not reasonable and practical to collect the information from you directly.
(c) Gathering and combining personal information
Improvements in technology enable organisations to collect and use personal information to get a more integrated view of customers, and to allow them to provide better products and services to customers.
We may combine customer information made available from a variety of sources. This enables us to analyse the data in order to gain useful insights, which can be used for the purposes mentioned in Section 1(f) of this Policy.
(d) Unsolicited Information
Sometimes we may be provided with your personal information without having sought it through our normal means of collection. We refer to this as “unsolicited information”. Where we collect unsolicited information we will only hold, use and or disclose that information if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we will destroy, permanently delete or de-identify the information as appropriate.
(e) How Ecoult stores information
Personal information is stored and held in a combination of hard copy and electronic customer files maintained by Ecoult.
Personal information is only accessible by officers and employees of Ecoult (on a need to know basis), unless it is disclosed to another party in accordance with this Policy.
Ecoult takes all reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure by using industry standard software protection programs.
(f) How is personal information used?
Personal information is used by Ecoult for the purpose of conducting our business.
Our uses of personal information include, but are not limited to:
- establishing your identity;
- managing our relationship with you;
- providing you with updates in relation to our products and services;
- conducting and improving our business, and improving the customer experience;
- complying with our legal obligations, and assisting government and law enforcement agencies and/or regulators;
- identifying other products and services that we think may be of interest to you; and
- communicating with you about the products and services that we offer.
(g) Direct Marketing
Ecoult maintains a database of contacts including contact details of customers, referrers and potential new customers. Ecoult may on occasion engage in direct marketing with individuals, pursuant to which its products and services are marketed to customers and potential new customers.
We may on occasion engage in direct marketing activities, however, we do not disclose your personal information to any third party marketing companies. In respect of any marketing materials obtained from Ecoult, we will include an opt-out provision pursuant to which you can elect to opt-out of receiving any future marketing materials.
(h) Sensitive Information
We only collect sensitive information reasonably necessary for one or more of the uses specified in Section 1(f) of this Policy if we have the consent of the individuals to whom the sensitive information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health or safety or another permitted general situation (as defined in Section 16A of the Privacy Act 1988 (Cth)).
(i) Disclosure of information
Personal information may be disclosed to employees and agents of Ecoult, to enable them to provide services to the customer.
It may be necessary for us to disclose your personal information to certain third parties in order to assist us with one or more of our functions or activities, or where permitted or required by law. Third parties may include:
- entities that are Related Bodies Corporate (as defined in the Corporations Act 2001(Cth)) to Ecoult;
- those to whom we outsource certain functions, for example information technology support;
- auditors and insurers;
- government and law enforcement agencies and regulators; and
- entities established to help identify illegal activities and prevent fraud.
We may disclose your personal information from time to time, only if one or more of the following apply:
- you have consented;
- you would reasonably expect us to use or disclose your personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- where another permitted general situation applies (as defined in Section 16A of the Privacy Act 1988 (Cth)); or
- disclosure is reasonably necessary for a law enforcement related activity.
(j) Cross-border disclosure of personal information
Ecoult may send personal information to overseas entities that provide cloud storage services. The country where the recipients are likely to be located is the United States of America.
We may only transfer personal information to a foreign recipient (including when an overseas entity accesses the information in Australia) if:
- we reasonably believe that:
- the recipient is subject to law, or a binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the APP’s; and
- there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or
- the disclosure is required or authorised by or under an Australian law or a court/tribunal order; or
- the transfer is necessary for the performance of a contract with the individual (from which the information was collected); or
- the transfer is for the benefit of the individual (and the other APP requirements are met); or
- if the individual consents to the transfer.
Where disclosure is to be made to a known overseas entity, we will take reasonable steps to assess the privacy laws of the country where information will be disclosed to determine whether the overseas recipient is required to comply with privacy laws that are at least as stringent as the APP requirements in relation to information. We may enter into a written contract with the overseas recipient to enable us to enforce protection of the personal information that we provide to the overseas recipient, and ensure that the overseas entity does not breach the APPs.
(k) Security of information
Ecoult will take reasonable steps to protect the personal information Ecoult holds from any misuse, loss, modification, disclosure or unauthorised access. For example, personal information is retained in secure hard copy and electronic files, and is only accessible by staff on a need to know basis.
(l) Information that is no longer required
If Ecoult no longer needs the personal information for any purpose for which it may use or disclose the information, and the information does not need to be retained under an Australian law, or court order, Ecoult will take reasonable steps to destroy or permanently de-identify the information.
2. Who can I contact for further information, to gain access to my personal information or to make a complaint?
(a) Contact Details
Individuals are able to contact Ecoult and request further information about this Policy, request access to their personal information or make a request that personal information be corrected and/or updated. Individuals are also able to make a complaint about any aspect of this Policy, and/or any aspect regarding the collection or use of information by Ecoult, including the following:
- the kind of information collected by Ecoult;
- the collection process;
- the purpose for which information is collected;
- how information is held; or
- use or disclosure of information by Ecoult.
Further information can be requested, access to information can be requested and complaints can be made using the contact details set out below.
Smart Storage Pty Ltd t/as Ecoult
Suite 402, Grafton Bond Building, 201 Kent Street
Sydney, NSW 2000 AUSTRALIA
Telephone: +612 9241 3001
(b) Request for correction of information
If an individual requests Ecoult to correct personal information held in respect to that individual, Ecoult will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regarding to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
Ecoult will respond to a request for correction of personal information within a reasonable period after the request is made. If Ecoult refuses to correct the personal information as requested by an individual, Ecoult will provide the individual with a written notice that sets out:
- the reasons for the refusal except to the extent that it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal.
If Ecoult refuses to correct the personal information, it will keep with the record an indication that the person has requested that the information be corrected.
Complaints in relation to this Policy or the collection of personal information will be investigated by Ecoult within a reasonable period after the complaint is received. Following an investigation, a response will be provided by Ecoult to the individual.
Ecoult may vary this Policy as business requirements or the law changes. Ecoult will review this Policy on a regular basis and update the Policy as required.