- 1.1. Elphinstone Pty Ltd (Elphinstone) is committed to respecting and safeguarding the privacy of individuals and all personal information we collect and use.
- 1.2. Elphinstone complies with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act) and all other applicable laws governing privacy.
02.Type of Personal Information we collect
- 2.1.Elphinstone collects personal information and, in some limited circumstances, sensitive information, about individuals who may include customers and prospective customers, employees of customers and prospective customers, consultants, suppliers, candidates for employment and employees.
- 2.2.‘Personal information’ is any information or an opinion about an identified, or reasonably identifiable individual such as name, address, telephone number or email address.
- 2.3.‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s: (a) race or ethnic origin; (b) political opinions, membership or association; (c) membership of a political organization; (d) religious beliefs or affiliations; (e) philosophical beliefs; (f) membership of a professional or trade association or trade union; (g) sexual orientation or practices; (h) criminal record; (i) health or genetic information; and (j) biometric information.
- 2.4.The types of personal information Elphinstone may collect include your name, address, telephone number, job responsibilities, email address, qualifications, employment history, bank and superannuation account details, credit card details, drivers’ licence and other occupational license details, photographs, details of your usage of our website and consumer credit information (provided that the collection is expressly consented to and for a purpose relating to an application for consumer credit).
- 2.5.Elphinstone aims to collect information only as reasonably necessary and some of the types of personal information listed above will not be relevant to your interaction with us. In addition, Elphinstone will seek to limit the amount of sensitive information we collect from you.
03.Why is personal information collected?
- 3.1.As an overarching principle, Elphinstone collects personal information where we believe it is necessary to do so in order to effectively carry on our business activities. For example, the information may enable us to provide you with goods and services and to improve or personalise our services to meet your needs.
04.How is personal information collected?
- 4.1.Personal information may be collected through your interactions and transactions with Elphinstone. Examples of this are when you place an order for goods or services, apply for credit from us, are a candidate for employment with us or an employee.
- 4.2.We prefer to collect personal information from the person to whom the information corresponds unless it is unreasonable or impractical to do so. We may collect information from other sources such as online platforms, emails and other correspondence, credit providers or credit reporting bodies, regulatory bodies, government offices or publicly available sources.
- 4.3.We will generally only collect sensitive information about you with your consent or if authorized by law. By providing us or a third party authorised by us with personal information and sensitive information, you consent to our collection and use of it for the purposes set out in this policy.
05.What are the consequences of not providing personal information to us?
- 5.1.Wherever it is lawful and practicable to do so, you will have the option to not identify yourself when transacting with Elphinstone.
- 5.2.In some circumstances, however, if you do not provide us with the personal information requested, it may affect our ability to continue our relationship with you. For example, we may be unable to provide you with goods or services.
06.How and why is the information used or disclosed?
- 6.1.Personal information will be used or disclosed by us for the primary purpose for which it is collected, which in most cases is for the carrying on of our business activities. We may also use the personal information for a secondary purpose related to the primary purpose, for which you would reasonably expect us to use the collected information.
- 6.2.Some other purposes for which we collect, hold, use or disclose personal information may also include to: (a) market or otherwise promote our business; (b) record details of incidents for insurance purposes; (c) disclose personal information or sensitive information (such as biometric information) to allow or facilitate the use of technology platforms by employees or otherwise in relation to your employment; (d) contact family if requested or required; (e) obtain professional advice; (f) manage your customer account or credit account, including assessing or approving applications for credit; or (g) comply with our obligations under applicable laws.
- 6.3.If you will not permit us to share your personal information with third-party service providers as described above, we may sometimes be unable to provide certain goods or services to you or continue our relationship.
- 6.4.Your personal information may also be used for direct marketing purposes. Please note that you may opt-out at any time from marketing communications, including targeted advertising messages, by following an ‘opt-out’ option provided in the relevant communication, or by contacting us by email, phone or post in accordance with section 14 below.
- 6.5.We will not sell your personal information to any third party for their unrelated independent use. However, we may engage third party service providers to perform functions for us such as supplying goods for resale to our customers, mailing correspondence, delivering goods sold, providing IT services, undertaking external audits and carrying out market research. Sometimes it may be necessary for us to disclose your personal information to those third parties so they can perform their functions for us and we will disclose your personal information to them whenever required or permitted by law to do so. Where it is appropriate to do so, we will also rely on the related bodies corporate exemption in the Privacy Act and other applicable exemptions in the Privacy Act or in other legislation.
- 7.1.If you apply to work with us, we collect the details that you include in your application and during any interview process with us, as well as from your referees, our recruitment agencies and from public sources. We may also ask you to provide us with additional personal information (including as part of a criminal history check and medical testing, as required by our pre-employment screening policy).
- 7.2. We may disclose your personal information to and/or collect your personal information from our related bodies corporate and our service providers to help us with the recruitment process.
- 7.3. We will not use the above information for any purposes other than assessing and progressing (if applicable) your employment application.
08.Accuracy, access to and correction of personal information
- 8.1. Elphinstone will take all reasonable steps to ensure the personal information collected, used or disclosed is accurate, complete and up to date. When providing us with personal information or updating your information it is your responsibility to supply the correct information and to inform us when your personal information changes. From time to time, we may contact you to check that your personal information is up to date.
- 8.2. You are entitled to request access to, or correction of, your personal information that is held by us by contacting us directly. If you request access to your personal information, we will generally agree to provide it. We may decline to do so in the circumstances set out in the Australian Privacy Principles. If we decline your request for access to your personal information, we will provide our reasons to you.
- 8.3. Employee records typically fall outside of the disclosure requirements of the Privacy Act. If you are or were an employee of Elphinstone, we will generally provide you with access to information that you have provided to us, unless it is impractical to do so. If we decline your request for access to your personal information, we will provide our reasons to you.
09.How personal information is kept secure
- 9.1.Elphinstone will take all reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure. This includes appropriate physical and electronic security technology, settings and applications and by conducting appropriate staff training.
- 9.2. If your personal information is no longer required, we will take steps to permanently destroy or de-identify the information.
- 9.3. If a privacy breach is apparent, all efforts will be made to contain the breach, evaluate the risks associated with the breach and prevent future breaches. Where a data breach occurs and serious harm to affected individuals is likely, we will notify those individuals and the Office of the Australia Information Commissioner in accordance with our obligations.
- 10.1.Elphinstone may disclose personal information to overseas recipients in order to provide its services and products and for administrative and other business management services. The countries in which those third parties are located will depend on the circumstances but typically will include the United States of America and Singapore.
- 10.2.Before disclosing any personal information to an overseas recipient, Elphinstone takes reasonable steps in the circumstances to ensure that the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy protection scheme. In all cases, we aim to ensure that we deal only with businesses that value privacy and data in the same way that we do.
11.Dealing with personal information on Elphinstone’s website
- 11.1.Some personal information is automatically received and sometimes collected from you when you visit our website. Elphinstone and the host of the website (Site Host) receive and may collect the name of the domain from which you access the internet, the internet protocol address of the computer you are using, the browser software you use and your operating system, the date and time you access the website, the geographic location from which you access the website and the internet address of the website from which you link directly to our website. Elphinstone or the Site Host may use this information to monitor the use of the website. All the information automatically captured provides the Site Host and us with the ability to enhance the experience of our customers and to determine aggregate information about our user base and their usage patterns.
- 11.4.In general, you can browse our website without revealing any personal information other than information automatically collected. However, once you register and login or otherwise provide more specific personal information, you are no longer anonymous to Elphinstone and the Site Host. During registration, you may give Elphinstone or the Site Host general identity information about yourself (eg. your name, company name, business address, business telephone number or business email address) and more detailed information for specific purposes (eg. special interest in products or industries, or your job responsibilities). As you browse our site, Elphinstone and the Site Host may collect certain information about how you use the site regardless of any registration.
- 11.5.Elphinstone and the Site Host use the information collected and do internal research on our users’ demographics, interests and behaviours to better understand and serve our customers. We also capture metrics on the number of visitors to the website to assist in determining our server capacity needs.
- 12.1.You are entitled to make a complaint about the handling of your personal information or a breach of the Australian Privacy Principles by contacting Elphinstone in accordance with section 14 below. All complaints will be treated seriously, confidentially and promptly. After your complaint has been made, Elphinstone will commence an investigation into your complaint. You will be informed of the status and outcome of your complaint.
- 12.2.If you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.
13.Application of this policy
- 13.1This policy applies to all situations in which Elphinstone collects personal information. When you do business with us, subscribe to one of our services, work for us or otherwise provide your personal information to us, you consent to us using your personal information in the manner described in this policy.
You can contact Elphinstone about your personal information in any of the following ways:
Phone: +61 3 6442 7777
The Managing Director
Elphinstone Pty Ltd
2 Ormsby Street
Burnie TAS 7320
Updated: September 2022