1. Your privacy
Protecting your privacy and keeping your personal information confidential is very important to us. We’re bound by the Privacy Act 1988 (Cth) (“Privacy Act”), including the Australian Privacy Principles (“APPs”) set out in the Privacy Act, when we handle your personal information.
“We”, “us” and “our” refer to Business Automation Works Pty Ltd ACN 629 822 671 (ABN 16 629 822 671) and its related bodies corporate (as that term is defined in the Corporations Act 2001 (Cth)). “Your” and “you” refer to clients and other members of the public who have an interaction with us, in Australia.
2. This policy
- Personal information – see section 3
- Collection and access – see sections 4, 5 and 6
- Use of personal information – see sections 4 and 5
- Sharing of personal information – see section 7
- Storage and security – see sections 8, 9, 10 and 11 of this Policy
- Your rights and questions – see sections 12, 13 and 14
3. What is personal information?
Personal information means information or an opinion that identifies you, or could reasonably identify you as an individual, whether the information or opinion is true or not.
Personal information may come:
- directly from you;
- from other persons acting on your behalf;
- from third parties;
- from apps or services (including those services providers referred to in section 6) which we use to deliver our services; or
- from publicly available sources.
We use your personal information:
- to provide you with the products and services you’ve asked for (for example, to ensure we provide services to the correct user(s) and for the purposes you have requested);
- where we have legitimate interests to process the personal data and they’re not overridden by your rights;
- in accordance with a legal obligation; or
- where we have your consent.
4. What personal information we may collect
We collect information directly from you or from other persons acting on your behalf when you use our websites and/or sign up to our services.
We only collect personal information from you that is necessary to do business with you and to perform the service you have contracted us to do, and in accordance with this policy.
The personal information that we collect about you includes your:
- business name
- postal address
- email address
- telephone number
- personal correspondence; and
- various personal preferences.
Ways in which we access and use your personal information are as follows:
(Payment data) When you purchase a service from us, we also collect your payment information, such as your credit card or direct debit information and Australian business numbers (“ABNs”).
(Use of our services) We also collect some information about you automatically when you visit our websites or use our services, in particular your Internet Protocol (“IP”) address and device type.
(Navigation) We collect information when you navigate through our websites and services, including what pages you looked at and what links you clicked on. This information is useful for us as it helps us get a better understanding of how you’re using our websites and services so that we can continue to provide the best experience possible (e.g., by personalising the content you see). This information is used by us internally, but it may also be included as de-identified data in data sets provided to third party services providers.
We collect most personal information directly from you, when you:
- order and/or register for our service;
- activate and use our service;
- interact with our client support and sales teams;
- use our website or social media sites;
- register for marketing events, training and newsletters;
- interact with members of our authorised sales partner network;
- complete our surveys or product testimonials; or
- apply for a job with us.
In the above cases, you provide the information to us for the purpose of the relevant event or service, and you may decline to provide the information although this may prevent us from supplying services to you or limiting the services and functions you can access.
We may also collect personal information about you:
- from our third party sales partner network;
- that is publicly available from sources such as social media websites; or
- from third parties that provide us with marketing leads.
In some cases this information may be provided to us by a third party without a specific request from us, and in accordance with normal industry practice. If we don’t collect your personal data, we may be unable to provide you with all our services, and some functions and features on our websites may not be available to you. Whether we collect your information directly or whether it is provided by a third party and held by us, we will apply the same standards of security and protection to it, as set out in this policy.
Some of the activities we will do once we have your personal information include:
- verify your identity (including completion of a credit check where required, with your agreement provided when you accept our terms and conditiond);
- operate, protect, improve and develop our products and services;
- provide technical support to you and your authorised contacts;
- keep you informed about our products and services and those of our relevant business partners, and tailor this information to your needs and interests;
- enable secure access to our websites and service;
- analyse, aggregate and report on your usage of the service which we may share publicly or with third parties;
- respond to any feedback, queries or complaints;
- fulfil any legal and regulatory obligations; and
- process a job application that you’ve submitted.
5. Taxpayer records
When you contract to use our service, we also collect information on Australian taxpayers as provided by the Australian Taxation Office (“ATO”) in their notices to you. This information includes:
- unique identifiers such as tax file numbers (“TFNs”) and ABNs;
- names, addresses, telephone and facsimile numbers; and
- financial taxation information pertaining to tax payments and refunds due.
We require access to taxpayer notices provided to you by the ATO in order to enhance your administration and communication of Australian tax payment/refund information to your own clients.
Personal information contained in taxpayer records is collected, held, used or disclosed for the purpose of administering the taxation laws. Division 355 of Schedule 1 to the Taxation Administration Act 1953 (Cth) sets out the specific circumstances in which personal information contained in taxation records can be recorded, used or disclosed, and these requirements may be in addition to the requirements of this policy,
Where TFN information relates to an individual, rather than a corporation or other entity, the ‘Tax File Number Rules’ under the Privacy Act also applies to how we handle the information.
When personal information contained in taxpayer records is disclosed to us by you, on-disclosure rules apply to us, the recipient. The on-disclosure rules apply to the recipient recording, using or on-disclosing that information.
Your personal information gives you authorised access to our websites so that you can update your details, access online help or use our services. You may be able to authorise other people (such as your employees) to access, add and manage information on your behalf.
Our websites may contain links to third party websites, which don’t belong to us and are beyond our control. Please note we’re not responsible for and can’t guarantee the privacy of these third party websites.
The information collected by these technologies give us and third party collectors the ability to deliver customised advertising content, measure advertising effectiveness, evaluate the use of our websites and other websites and provide other services relating to website activity and internet usage. We and third parties may also transfer collected information to others if required by law, or where those other parties process the information on our behalf. The services we may use from time to time include Google Analytics, Google AdSense, DoubleClick, Yahoo, Adobe, Bing, Kenshoo, Microsoft, Segment and Keen.
7. How we can share your data
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
- other companies in our group of companies;
- third party service providers and partners who assist and enable us to use the personal data to, for example, support delivery of or provide functionality on the website or services, or to market or promote our goods and services to you;
- regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure;
- other people where we have your prior consent,
and in respect of TFNs and information according to specific legal restriction on use, and solely for the purpose of providing our services and only to the extent necessary for that purpose.
8. Holding your personal information and keeping it safe
We typically hold the personal information that we collect either on electronic databases or as hard copy documents. Electronic databases may be hosted on hardware owned and controlled by us, or on cloud-based services subject to their conditions of use and security technologies.
The security of your personal information is fundamental to the way that we do business. We take all reasonable steps to protect the personal information that you give us from unauthorised access, use or disclosure, in line with industry standards and applicable legal requirements.
We do this by employing a range of security measures to protect the personal information that we hold which, depending on the nature of the information, may be in addition to measures ordinarily used by comparable services. For example, we use a secure redaction technique to hide tax file numbers.
We apply industry-best security methods, including information technology and physical security audits, penetration testing and industry best practice risk management and system security technologies to protect the personal information we hold.
Our staff may not access personal information contained in the taxation records they receive unless they are doing so:
- in the course of exercising powers or performing functions under or in relation to the taxation laws or service we provide;
- in accordance with the processes of a court or tribunal; or
- under the Freedom of Information Act 1982 (Cth).
Whilst we take all reasonable measures to protect your personal information when it’s in our hands, it’s important to note that we’re unable to guarantee the security of the internet as a whole. If you’re using our product and services online, please ensure that you’re doing so in a secure environment. In addition, if you use email to send and receive your personal information, please be aware that the information may be less secure in transit.
Security is a priority for us when it comes to your personal data. We’re committed to protecting your personal data and have appropriate technical and organisational measures in place to make sure that happens. For more information about security, check out our security policy at www.businessautomationworks.com.au.
9. International data management
When we share data, it may be transferred to, and processed in, countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located.
These countries may have laws different to what you’re used to. Rest assured, where we disclose personal data to a third party in another country, we put safeguards in place to ensure your personal data remains protected.
10. How long do we keep your information for
The length of time we keep your personal data depends on what it is and whether we have an ongoing business need or legal obligation to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal data for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
11. Third party connections
These connections are in 3 categories:
Microsoft Office 365\Azure AD and Google Suite can be used to authenticate to our services. We collect data from these providers to facilitate authentication. This data may include:
We do not capture nor have access to passwords
Practice Management Systems
We can have considerable visibility over data depending on the practice management system. We only seek to retrieve the data essential for the running of our services. More information regarding the data that is or may be accessed by us can be found in our online documentation for each connector.
Document Management Systems
In order to provide automated services we require access to document management systems.
12. Your rights
It’s your personal data and you have certain rights relating to it. When it comes to marketing communications, you can ask us not to send you these at any time – just follow the unsubscribe instructions contained in the marketing communication, or send your request to firstname.lastname@example.org.
You also have rights to:
- know what personal data we hold about you, and to make sure it’s correct and up to date;
- request a copy of your personal data, or ask us to restrict processing your personal data or delete it; or
- object to our continued processing of your personal data.
You can exercise these rights at any time by sending an email to email@example.com.
If you’re not happy with how we are processing your personal data, please let us know by sending an email to firstname.lastname@example.org. We will review and investigate your complaint, and try to get back to you within a reasonable time frame. You can also complain to your local data protection authority. They will be able to advise you how to submit a complaint.
If you’re someone who doesn’t have a relationship with us, but believe that your personal data has been entered into our websites or services, you’ll need to contact the person who entered the data for any questions you have about your personal data (including where you want to access, correct, amend, or request that the user delete, your personal data).
13. Questions, concerns and complaints
Once we have received your complaint, we will investigate and respond to you as quickly as possible. We’ll try to resolve your complaint as quickly as possible, and in any event within 30 days of hearing from you. If your complaint takes longer to resolve, we’ll keep you informed of our progress with the investigation.
If you aren’t satisfied with our handling or resolution of your complaint, you can lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”). For more information please visit the OAIC website.
Business Automation Works Pty Ltd ACN 629 822 671 (ABN 16 629 822 671)