Issued: 1 April 2020. Updated August 2021
1. Open and transparent management of personal information
We will manage personal information in an open and transparent manner. In doing so, we ensure that individuals are notified at the time of collecting their personal information:
- what type of personal information is being collected;
- who that personal information will be disclosed to; and
- how we use that personal information.
The types of personal information we collect depends on the nature of our engagement with you. What personal information we collect and store: V-NET collects personal information from our clients, customers of our clients, our suppliers, employees, contractors and job applicants.
The types of personal information we may collect include contact information (such as your name, date of birth, address, email address, IP address, mobile phone number, emergency contact information), details and copies of your identity documentation (such as your licence), banking details, employment history and details of any complaints.
We ensure all our employees, agents, and contractors are trained at regular intervals to ensure they understand our obligations under the Privacy Act, including the APPs.
2. Anonymity and pseudonymity
Generally we are not able to deal with customers who do not wish to identify themselves. However, where possible and appropriate we will provide information of a general nature to unidentified individuals.
3. Collection of personal information
We collect personal information for the following purposes:
- to conduct our business;
- to provide and market our services;
- to communicate with an individual;
- to consider employment applications;
- to comply with our legal obligations;
- to help us manage and enhance our services;
- to protect individuals and ourselves from error or fraud; or
- to provide individuals with the products or services they have requested.
Where possible, we will try and collect personal information directly from the individual.
4. Unsolicited personal information
If we receive unsolicited personal information, we will determine whether we could have collected that personal information by lawful and fair means, and whether it is related to one of the purposes of collecting personal information above. We will do this by looking at our relationship with the individual and whether the personal information relates to our relationship with them.
If we could not have collected the personal information by lawful and fair means, or the personal information does not relate to one of our purposes for collecting the personal information, we will destroy the personal information.
5. Notification of the collection of personal information
When we first collect personal information from an individual, we will notify them that we have collected their personal information and notify them about:
- the purposes of the collection of their personal information;
- those entities that we usually disclose personal information to;
- what happens if the individual chooses not to provide us with personal information;
- direct marketing that may be undertaken by us or any related companies;
- when we are required to collect personal information under an Australian law,
- any disclosure of personal information that we make to an overseas entity.
If we know that as part of our relationship with the individual we will disclose their personal information to another identifiable entity, we will notify the individual of the following matters at the time we first collect their personal information:
- the identity and contact details of that organisation;
- why their information may be disclosed to the organisation.
If the information is collected from another entity, or the individual may not be aware that the entity has collected their personal information, we will explain to the individual at the commencement of dialogue either:
- the name of the entity that provided their information; or if this is not practical
- the kinds of entities from which it collects this information.
6. Use or disclosure of personal information
The purpose of collecting an individual’s personal information will be outlined to them.
If during our relationship with the individual we wish to use an individual’s personal information for an additional purpose, we will obtain their consent unless the purpose is related to the primary purpose, or we are permitted under law to do so.
As part of providing our services, we may disclose your personal information to third party suppliers and contractors of services, other companies in the V-NET group, banks or other financial institutions, customers, our professional advisers and our external service providers that provide services to us. In these cases, we expect these organisations to protect the privacy of that personal information.
7. Direct marketing
We notify individuals at the time of collecting their personal information that their personal information will be used by us and any associated businesses for the purposes of direct marketing.
In all our direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. If the direct marketing communication is an email we will provide an ‘unsubscribe’ function within the email.
We will keep appropriate records to ensure those individuals that have made requests not to receive direct marketing communications do not receive them. We do not apply a fee to unsubscribe from direct marketing communications.
We do not sell personal information. We do not use sensitive information for the purposes of direct marketing.
If we purchase personal information for the purposes of direct marketing we will conduct appropriate due diligence to ensure appropriate consents from the individuals have been obtained.
8. Cross-border disclosure of personal information
Generally we do not disclose personal information overseas.
We may use cloud storage and IT servers that may be located overseas to store the personal information we hold. Our IT servers are located in China, Australia and the United States.
We will notify the individual of any proposed disclosure of personal information that we make to an overseas entity.
10. Quality of personal information
V-NET will take reasonable steps to ensure personal information that it keeps is accurate, up-to-date and relevant to the purposes for which it is to be used.
If we become aware that personal information is inaccurate, out-of-date or incomplete, we will update our systems accordingly.
11. Security of personal information
We hold personal information in both hard copy and electronic formats. In some cases, we engage third parties to host electronic data (including data in relation to the services we provide) on our behalf. We take security measures to protect the personal information we hold which includes physical controls (for example, security passes to enter our offices and storage of files in lockable cabinets) as well as technological controls (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates).
We also have policies and processes which govern document retention and data breach incidents. We endeavour to ensure that personal information is kept as current as possible and that irrelevant or excessive data is deleted or made anonymous as soon as reasonably practicable. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons.
12. Access to personal information
Under the APPs, you may be able to obtain a copy of the personal information that we hold about you. The APPs provide some exceptions to your rights in this regard. To make a request to access this information, please contact us in writing at firstname.lastname@example.org . We will require you to verify your identity and specify what information you require. We may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.
We will endeavour to respond to written requests within 30 days after a request is received by us.
13. Correction of personal information
We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date.
Please contact V-NET if you believe that the information we hold about you requires correction or is out-of-date.
Rights of individuals located in the European Union:
In addition to the Privacy Act, individuals located in the European Union (EU) may also have rights under EU based rules known as the General Data Protection Regulation (GDPR). The key obligations under the GDPR include Notice, Individual Rights, and Retention. Each user has a right of confirmation (to confirm whether or not Personal Information concerning the user is being processed), access (the right to request what Personal Information is stored about the user and obtain a copy of that said information), erasure (the right to request that any Personal Information concerning the user be erased without delay when no longer required, or when the user withdraws consent), rectification (the right to rectify any inaccurate information concerning the user), portability (the right to receive the Personal Information concerning the user, which was provided to us, in a readable format), object (the right to object the processing of the Personal Information concerning the user unless we can demonstrate compelling legitimate grounds for the processing which overrides the interests, rights, and freedoms of the user/data subject, or for the establishment, exercise or defence of legal claims), restriction of processing (the right to restrict processing where the accuracy of the Personal Information is contested by the user/data subject for a period enabling the controller to verify the accuracy of the Personal Information; or the processing
is unlawful and the user/data subject opposes the erasure of the Personal Information and requests instead the restriction of their use instead; or we, the controller, no longer need the Personal Information for the purposes of the processing, but they are required by the user/data subject for the establishment, exercise or defence of legal claims), as set out in Articles of the General Data Protection Regulations of the EU.
If you believe that V-NET has breached one or more of its privacy obligations, your complaint (including a summary of the privacy concern or alleged breach and copies of any relevant documentation) shall be addressed to one of the contacts provided in V-NET Contact Details section below.
V-NET will investigate the complaint and will endeavour to respond to you within 30 days. V-NET will take immediate steps to redress proven privacy concerns or breaches.
Lodging a complaint with the Australian Information Commissioner – personal information: If you do not receive a response from V-NET after 30 days or if you are not satisfied with the response, you can then lodge a complaint with the OAIC (telephone: 1300 363 992 | at www.oaic.gov.au).