1 What personal information do we collect?
(a) When we are contacted or we provide or services, the personal information we collect may include a person’s name, contact numbers, email address, residential or business address, financial details, insurance details, credit card details and other personal data. This may include sensitive information (as that term is used in the Privacy Act).
(b) When our server is accessed, it automatically records information the browser sends when it connects to our website. This information may include:
(i) the accessing party’s Internet Protocol (IP) address, domain name, browser type and language;
(ii) information about usage and online activities (for example, by way of cookies) including when our website is accessed, other sites accessed from our website, content upload and download and usage of the services available on our website; and
(iii) information provided through use of any downloading facilities on our website.
2 How do we collect the personal information?
(a) We collect personal information:
(i) from the individual;
(ii) from our clients when we provide services to them. This includes personal information about their customers and clients ( Your Clients);
(iii) via a filesharing arrangement with a client and when a client provides access to their CRM and software systems and third party websites to enable us to provide the services;
(iv) when sent to us by email or other communication from third parties;
(v) from publicly available sources of information;
(vi) when we are required to do so by law; and
(vii) from our own records.
(b) We are committed to ensuring the information we have is accurate and up to date. We update personal information when we are advised there has been a change and at other times as necessary.
3 Provision of personal information to us by our Clients
If you provide us with the personal information of another person (including Your Clients):
(a) you must disclose to that person that you are providing personal information (including sensitive information) to us and that the information may be disclosed off-shore in accordance with clause 7; and
(b) you represent and we accept it on the basis that you represent that Client and authorised to do so and that the relevant person has consented to the disclosure to us.
4 How we use your personal information?
(a) Generally, we will collect, use and hold personal information to:
(i) provide our services, including services involving Your Clients;
(ii) facilitate our internal business operations, including the fulfilment of any legal requirements;
(iii) advise you of additional services or information which may be of interest;
(iv) provide your contact details to our partners who have agreed to provide you with any services;
(v) analyse our services and customer needs with a view to developing existing and new products and services;
(vi) maintain and update our business infrastructure and systems;
(vii) complie statistical data
(viii) promote and advertise our business, products and services.
(b) If we do not collect the personal information we will not be able to provide the services or provide any assistance requested.
(c) If the personal information provided to us is incomplete or inaccurate, we may be unable to provide our services or our services may be adversely affected.
5 Disclosing your information
We can disclose personal information we have about you to third parties in certain circumstances including:
(a) if you or Your Client agree to the disclosure;
(b) to employees, contractors and service providers, who assist us in operating our business and providing our services and those service providers of yours that you require us to work with;
(c) If you or Your Client would reasonably be expected to consent to information of that kind being passed to a third party;
(d) using it for the purposes we collected for which it was (e.g. to provide our services or respond to a query);
(e) where disclosure is required or permitted by law;
(f) to our related entities;
(g) if disclosure will prevent or lessen a serious and imminent threat to someone’s life or health; or
(h) where it is reasonably necessary for the enforcement of the criminal law, a law imposing a pecuniary penalty or for the protection of public revenue.
6 Disclosure of personal information off-shore
(a) We provide services to you and Your Clients under our Client Services Agreement. These services are performed in the Philippines.
(b) The services include:
(i) administration support;
(ii) updating client databases and client records;
(iii) researching clients existing financial products;
(iv) preparing client invoices;
(v) preparation of insurance quotes;
(vi) preparation and lodgement of insurance, superannuation, investment and other product applications;
(vii) following up and organising where applicable medical reports, medical tests and financial reports to provide to underwriters for new insurance applications; and
(viii) preparation of disclosure documents.
(c) To provide our services we receive personal information from you about Your Clients. This may include sensitive information.
(d) We have security processes in place for the protection of that personal information, including supervising staff, disabling USBs and harddrives, staff training, use of password protection and employee investigation software and use of dedicated client specific drive (or folder or desktop) that is hosted in Australia.
(e) Back up of information and storing occurs in Australia to restrict or prevent any personal information being download or stored in the Philippines. Further details of our security systems are available by contacting our Privacy Officer.
(f) The overseas recipient may not be subject to any privacy obligations or to any principles similar to the Australian Privacy Principles. The overseas recipient may also be subject to a foreign law which could compel disclosure of personal information to a third party, for example, an overseas authority.
(g) If you consent to the disclosure and the overseas recipient handles the information in breach of the Australian Privacy Principles, you will not be able to seek redress under the Privacy Act, may not be able to seek redress in the overseas jurisdiction and we will not be accountable for the overseas recipient’s actions under the Privacy Act.
7 Considerations when you send information to us
(a) While we do all we can to protect your privacy and the privacy of Your Clients, including investing in specialist security software, no data transfer over the Internet is 100% secure.
(b) If you provide personal information to us electronically, there are ways you can help maintain the security of the information. These include:
(i) always close your browser when you have finished your user session;
(ii) do not provide personal information by using a public computer;
(iii) never disclosing your user name and password to another person; and
(iv) not sending information to a VBP employee’s gmail or other web-based mail account, or any other means of transferring client information other than file sharing (e.g. dropbox) specifically provided by VBP.
(c) You are responsible for all actions taken using your username, email or password. If at any time you believe your username or password have been compromised, change your password and contact us immediately.
8 How your information is stored
(a) We take reasonable steps to securely store personal details and information. This includes electronic and physical security measures.
(b) When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.
9 How you can update, correct, or delete your personal information
(a) You and Your Clients have a right to request access to personal information which we hold about you and Your Clients and to ask us to correct it if you believe it is inaccurate or out of date.
(b) You and Your Clients may request the source of any information we collect from a third party. We will provide this at no cost, unless under the Privacy Act or other law there is a reason for this information being withheld.
(c) You or Your Clients may request access to your personal information or correct any inaccurate or out of date information by contacting our Privacy Officer on email@example.com
(d) If there is a reason under the Privacy Act or other law for us not to provide you or Your Clients with information, we will give you or Your Clients a written notice of refusal setting out:
(i) the reasons for the refusal except to the extent it would be unreasonable to do so; and
(ii) the mechanisms available to you to complain about the refusal.
(e) You or Your Clients should also contact us immediately if:
(i) someone has gained access to you or Your Client’s personal information;
(ii) we have breached our privacy obligations or your or Your Client’s privacy rights in any way; or
10 Your authority and opting out
(b) We do not use personal information of Your Clients for marketing purposes.
(c) If at any time you no longer wish to receive any additional marketing material from us or do not want your information disclosed for direct marketing purposes, email firstname.lastname@example.org and we will remove your details from our marketing database.
(d) If you close your account or opt out, we will remove or de-identify personal information as soon as reasonably possible. We may, however, retain personal information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.
11 Limitation of liability
(a) To the extent permissible by law and subject to our obligations under the Privacy Act, we will not be liable to you or to any third party for any loss or damage (including but not limited to consequential loss or loss of profits) or claim arising from our collection, disclosure, management and use of personal information in accordance with this policy.
(b) Where liability is not able to be excluded by law, to the extent allowed by law and without limiting your rights under Australian Consumer Law, our liability to you in any circumstances will be limited to re-performance of any services we have provided to you.
(c) Links on our website or websites we set up for you may take you outside our network. These links are provided in good faith. However, we are not responsible for third party sites and accept no responsibility for the content, accuracy, security or function of third party sites.
(ii) contacting our Privacy Officer at mailto:email@example.com or by mail to our address at PO Box 8642, Gold Coast Mail Centre, Qld 9726.
(d) We endeavour to ensure that any complaints about privacy breaches will be dealt with quickly, seriously and confidentially. To help us investigate your complaint quickly and efficiently we will ask you or Your Client(s):
(i) put your complaint in writing; and
(ii) provide us with your name and contact details, the nature of the complaint, any information that may assist with the complaint, any copies of any documentation which supports your complaint and the outcome(s) that you seek.
(e) Our Privacy Officer is able to:
(i) acknowledge receipt of and read your complaint;
(ii) investigate your complaint, having regard to the information you have provided us and any other information which may be available, that could assist us in investigating your complaint, including requesting further information from you;
(iii) notify you of our findings and any actions we may have taken or propose to take in regards to your complaint;
(iv) if possible, discuss options to resolve the problem or dispute arising; and
(v) provide you with information on how to make a complaint to the OAIC if you are unhappy with the outcome of the investigation.
(f) More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the OAIC by:
(i) website – www.oaic.gov.au;
(ii) mail – GPO Box 5218 Sydney NSW 2001; or
(iii) email – firstname.lastname@example.org