Scotwork Australia Privacy Policy
This is the privacy policy of Negotiating Skills Australia ACN 142 855 785 trading as Scotwork Negotiating Skills (we, our, us).
We recognise and respect the importance of your privacy and understand your concerns about the security of the personal information provided to us.
We are sensitive to privacy issues and take seriously the ongoing trust our clients and associates have placed in us. We have committed to compliance with the Privacy Act1988(Cth) (Privacy Act), including the Australian Privacy Principles (APPs), which detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.
Personal information is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.
Sensitive information, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.
We are committed to ensuring your privacy is protected. Any personal information you provide to us will only be used in accordance with this privacy policy.
THIS PRIVACY POLICY CONTAINS THE FOLLOWING INFORMATION
• What personal information we collect and hold
• How we collect and hold your personal information
• Why we collect, hold and use your personal information
• Where we collect the information from
• How we hold, store and keep secure your personal information
• Who we share the information with
• How we use your personal information
• Your rights to access and correct your personal information
TYPES OF PERSONAL INFORMATION WE COLLECT
We may collect, use and store different types of personal information about you, which we have grouped together as follows:
|
Contact
|
Your name, email address, telephone number, date of birth, residential, billing and/or postal address and occupation.
|
|
Financial
|
Your transaction and purchase information including bank account or credit card payment details
|
|
Social-demographic
|
Demographic information such as gender, post code preferences
and interests.
|
|
Contractual
|
Details about the products and services we provide to you.
|
|
Behavioural
|
Details about how you use our products and services
|
In certain circumstances, we may collect and maintain sensitive information, including health and medical details, dietary requirements and allergies, emergency contacts and next-of-kin details.
We will only use sensitive information in order to provide or facilitate medical assistance where first aid or emergency treatment is required, or as otherwise allowed under the APPs.
HOW WE USE YOUR PERSONAL INFORMATION
In general terms, we collect and use your personal information to:
• Deliver our services and meet our legal responsibilities
• Verify your identity where this is required
• ontact you by post, email or telephone
• Understand your needs relevant to the goods and services we provide and how they may be met by us
• Accurately maintain our records
• Process financial transactions
We rely on the personal information we hold about you to efficiently provide our services. For this reason, it is very important that the personal information we collect from you is accurate, complete and up-to-date. To ensure this, we may disclose your personal information to third parties who specialise in data cleansing. We will ensure that third parties to whom we disclose any personal information are bound by confidentiality and non-disclosure agreements, if they are not otherwise required to adhere to the Privacy Act. For the avoidance of doubt, we confirm that the third parties responsible for data cleansing on our behalf do not hold or use the personal information we share with them.
We will primarily collect, hold, use and disclose your personal information where it is reasonably necessary for us to carry out our organisation’s functions and activities. More specifically, the table below explains how we use your personal information and the reasons that we rely on in doing so. Where these reasons include legitimate interests, we explain what these legitimate interests are.
|
What We Use Your Information For
|
Our Reasons
|
Our Legitimate Interests
|
|
To deliver our services
|
Contractual performance Legitimate interests Legal obligations
|
Being efficient about how we fulfil our legal and contractual duties Complying with regulations that apply to us
|
|
To make and manage customer
payments
|
|
To manage fees, charges and
interest due on customer accounts
|
|
To collect and recover money that is owed to us
|
|
To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance and audit
|
Legitimate interests Legal obligations
|
Being efficient about how we fulfil our legal duties Complying with regulations that apply to us
|
|
To improve our products and services and keeping you informed of new services and information you may find of interest
|
Consent
Legitimate Interest
|
To ensure the financial viability of the business
|
|
To exercise our rights set out in contracts and agreements
|
Contractual performance
|
Fulfilling the terms of
contracts
|
As referred to in the table above, we may also use your personal information for related purposes which you would reasonably expect, such as providing you with details about other services offered by us, as well as any promotions or offers that may be of interest to you. You can opt out of receiving offers or information at any time by notifying us.
WHERE WE COLLECT YOUR PERSONAL INFORMATION FROM
We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. We also use a third party to assist in data cleansing and so may also receive personal information about you from third parties. Where appropriate and practicable, we will confirm with you if this information is inaccurate or incomplete and ask that you assist in updating it if necessary.
We may collect personal information about you (or your business) directly or indirectly from you or from third parties as follows:
Personal information you give to us:
• When you contact us by telephone and email
• When accessing information on our website
• When completing surveys
• When attending live events e.g. seminars and conferences
• When purchasing our services
Personal information we collect when you use our services:
• Payment and transaction data
• Website analytics data which we use to evaluate and improve the performance of the site
• Records of articles, information that you have accessed on the website and our digital platforms, which we use to target Scotwork advertising on the site that is relevant to your interests.
• Video recorded on our training courses for the purpose of delivering the service and quality assurance.
Personal information from third parties that we work with:
• Social networks e.g. when you click on one of our LinkedIn or Google adverts.
• Companies and individuals that introduce you to us by referral
WHO WE SHARE YOUR INFORMATION WITH
We may share your personal information with the following third parties:
• Venues where we hold our training events so that we can meet our contractual obligations to you.
• Third party processors such as our external IT suppliers
• Consultants we engage to provide our services.
• Telemarketing companies we engage to assist with our marketing function
• Third parties who specialise in data cleansing. (We will ensure that third parties to whom we disclose any personal information are bound by confidentiality and non-disclosure agreements, if they are not otherwise required to adhere to the Privacy Act. For the avoidance of doubt, we confirm that the third parties responsible for data cleansing on our behalf do not hold or use the personal information we share with them.)
• Our subsidiaries and other Scotwork associated companies
We will ensure that third parties to whom we disclose are bound by confidentiality and non-disclosure agreements, if they are not otherwise required to adhere to the Privacy Act.
Our business is part of a worldwide group of companies. In the course of doing business with you, we are likely to disclose some of your personal information to overseas recipients within our corporate group. However, we will only do so where:
• It is necessary to complete the transaction you have entered in to with us; and
• You have provided consent; or
• We believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
• Such disclosure is otherwise permitted by law.
Our overseas affiliates are located in UK and Europe.
We may also disclose your personal information:
• Where we have sought your consent or in accordance with the Privacy Act or other legislation.
• To third parties (including government departments and enforcement bodies) where required or permitted by law.
HOW WE USE YOUR INFORMATION TO MAKE AUTOMATED DECISIONS
When providing our services, we sometimes use systems to make automated decisions based on personal information we have, or have collected from others, about you and/or your organisation. This helps us to ensure that our decision-making is as efficient as possible.
The types of automated decisions we make are as follows:
• To send information based on your preferences as indicated by our website analytics.
IF YOU CHOOSE NOT TO GIVE YOUR PERSONAL INFORMATION
If you choose not to give your personal information, it may prohibit us from fulfilling our contractual obligations to you and we may not be able to provide the services you have purchased.
You can be anonymous or use a pseudonym when dealing with us, unless using your true identity is a legal requirement or it is impracticable for us to deal with you on such basis.
HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means we will generally hold your personal information for a minimum of 7 years after the end of our relationship with you. We may also hold your personal information for marketing purposes for so long as we have your consent or are legitimately carrying out marketing activity. If you wish to know how long we may hold your particular personal information as a record of a particular matter then please e- mail the Privacy Officer at
info@scotwork.com.au.
WHERE WE HOLD YOUR PERSONAL INFORMATION
ELECTRONIC
We have physical, electronic and procedural safeguards in place and takes reasonable steps to ensure that your information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.
Your data is stored on Salesforce’s cloud technology which utilizes some of the most advanced technology for Internet security available today including Secure Socket Layer (SSL), encryption, a secure server environment and a firewall. [3] In addition to this, data is backed up nightly to tape and is stored on mirrored disks that are mirrored across different storage cabinets and controllers ensuring data reliability.
Additionally, when you register for our training programs your data is captured and stored in our Arlo cloud based course management platform. Arlo are committed to best practice compliance with respect to data storage and security. All data in Arlo is encrypted at rest and stored in AWS. AWS is the world’s leading provider of cloud storage and models best-practice data protection and privacy.[1] In addition to this, Arlo uses strict security for credit card payments (PCI-DSS certification).[2]
Your data may also held by Scotwork on Microsoft Azure Infrastructure in Australia and backed up on a daily basis. Microsoft security procedures meet rigorous industry standards for compliance such as ISO 27001, HIPAA, FedRAMP, SOC 1, SOC 2 and Australia IRAP.
[1] https://www.arlo.co/blog/arlo-training-management-has-opened-a-new-data-center-in-the-us
[2] https://www.arlo.co/why-arlo
[3] https://help.salesforce.com/articleView?id=000325217&mode=1&sfdcIFrameOrigin=null&type=1
PAPER
Any hard copy data (example course registration documents) is stored in our filing cabinets which are only accessible by authorized employees.
USING OUR WEBSITE
Data you provide via our website will be used to:
• Improve our products and services
• Improve the performance of our website
• Direct emails to you with information on our services that you have indicated an interest in.
• Fulfil call-back requests made by you
We will seek your consent for information to be sent to you on the website and provide the opportunity to opt out of further contact with us at any point.
Please be aware that personal information provided by email may not be secure. If you have any concerns regarding the security of the personal information you provide to us via this means, please provide it in an alternate form, such as facsimile or in hard copy.
COOKIES
When you browse our website, contact us electronically, or engage with us on social media, we may also record geographical tagging, cookies, your IP address and statistical data from your activity. We may use your personal information to customise and improve your user experience on our website and other social media platforms. By using our website you agree that we can record this information from your device and access them when you visit the site in the future.
If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Please note that by deleting our cookies, disabling future cookies and/or not providing consent to the use of cookies by us you may not be able to access certain areas or features of our website.
YOUR RIGHTS
ACCESS TO YOUR INFORMATION
You have the right to request a copy of the personal information about you that we hold. In most cases, you will be able to gain access to personal and sensitive information held about you by us. We may provide you with this information verbally or in writing, as may be appropriate. Where we do not agree to provide you with details of personal information, we will give you written reasons for our decision.
CORRECTING YOUR INFORMATION
We rely on the personal information we hold about you to efficiently provide our services. We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.We will take reasonable steps to amend or correct your personal information to keep it accurate and up to date.
DELETION OF YOUR INFORMATION
You have the right to ask us to delete personal information about you where:
• You consider that we no longer require the information for the purposes for which it was obtained.
• We are using that information with your consent and you have withdrawn your consent – see Withdrawing consent to using your information below
• You have validly objected to our use of your personal information –see Objecting to how we may use your information below
• Our use of your personal information is contrary to law or our other legal obligations.
OBJECTING TO HOW WE MAY USE YOUR INFORMATION
You have the right at any time to require us to stop using your personal information for direct marketing purposes. In addition, where we use your personal information to perform tasks carried out in the public interest or pursuant to the legitimate interests of us or a third party then, if you ask us to, we will stop using that personal information unless there are overriding legitimate grounds to continue.
RESTRICTING HOW WE MAY USE YOUR INFORMATION
In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.
PORTABILITY
If we process personal information that you provide to us on the basis of consent or because it is necessary for the performance of a contract t o which you are party, and in either case that processing is carried out by automated means, then you have the right to have that personal information transmitted to you in a machine readable format. Where technically feasible, you also have the right t o have that personal information transmitted directly to another controller.
AUTOMATED PROCESSING
If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.
WITHDRAWING YOUR CONSENT TO US USING YOUR PERSONAL INFORMATION
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose(s) for which consent was given.
Please contact us in any of the ways set out in the Contact information and further advice section if you wish to exercise any of these rights.
DATA BREACHES
In Australia, if we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected customers as soon as practicable after becoming aware that such a data breach has occurred.
CHANGES TO OUR PRIVACY STATEMENT
We keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by contacting our Privacy Officer at
info@scotwork.com.au. We suggest that you visit our website regularly to keep up to date with any changes.
This privacy statement was last updated on 5th November 2020.
CONTACT INFORMATION AND FURTHER ADVICE
Scotwork Negotiation Australia
Privacy Officer
Suite 4 | Level 28 | 25 Bligh Street, Sydney NSW 2000 info@scotwork.com.au
+61 2 9211 3999
COMPLAINTS
We have procedures in place for dealing with your complaints and concerns about our practices in relation to the Privacy Act, and any alleged breach of this Policy. We will respond to your complaint in accordance with the relevant provisions of the APPs.
We seek to resolve directly all complaints about how we handle personal information. The Office of the Australian Information Commissioner requests you to contact us first. Our Privacy Officer can be contacted to discuss or attempt to resolve any complaints relating to the collection, storage and use of your personal information. For further information, please contact our Privacy Officer at
info@scotwork.com.au.
If for some reason we do not respond within 30 days of your contacting us or if you are unhappy with our response –you have the right to lodge a complaint with the Information Commissioner’s Office. This must be done in writing:
By downloading the privacy complaint form: https://www.oaic.gov.au/assets/privacy/privacy- complaints/Privacy-Complaint-Form.docx which can then be emailed (address below), faxed (02 9284 9666 or posted (GPO Box 5218, Sydney NSW 2001)
By email: enquiries@oaic.gov.au
LAST UPDATED: AUGUST 2021
