Introduction & Purpose
Privacy law is regulated by the Australian Information Commissioner. Further information about privacy legislation can be obtained from the Office of the Australian Information Commissioner website at: www.oaic.gov.au.
We respect your privacy - SmarterSoft is committed to maintaining the privacy of all Personal Information. This policy sets out how we collect, use, disclose, store, secure, manage and access Personal Information in accordance with the Privacy Act and Australian Privacy Principles (APPs) contained therein.
- 1. SmarterSoft is bound by the Privacy Act 1988 (Privacy Act) - Any Personal Information we collect will be handled in accordance with the APPs outlined in the Privacy Act and any applicable state or territory legislation.
- 2. Collection of Personal Information - SmarterSoft will only collect Personal Information which is reasonably necessary to deliver our services and conduct the business activities that support this. We may collect the following types of Personal Information: contact details (including name, address, phone number, fax number and email address), demographic information, system login details, payment details and other information relevant to the relationship of the Individual with SmarterSoft. We may also collect Sensitive Information on Individuals if explicitly requested to do so on behalf of a Client.
- 3. Information collected on our website - In common with many websites we may collect aggregated information which tells us about visitors to the SmarterSoft site but not the identity of those visitors. For example, we may collect information about the date, time and duration of visits and which pages of the SmarterSoft website are most commonly accessed. This information is used by us to help to administer and improve the SmarterSoft website. The SmarterSoft website may use ‘cookies’. Cookies are small files which are stored on a user's computer. They are designed to hold a modest amount of data specific to a particular website user, and can be accessed either by the web server or the Individual’s computer. This allows the server to deliver a page tailored to a particular user, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next. Cookies may also be used to manage security and store information about the type of browser being used. With most internet browsers, users can erase cookies from their computer, block all cookies, or receive a warning before a cookie is stored. However, some parts of the SmarterSoft site may not function fully for users that disallow cookies.
- 4. Methods of collecting Personal Information - SmarterSoft collects Personal Information through a variety of methods including electronic or face to face interactions; interaction with our website; requests for information; and via the provision of goods and services.
- 5. Use of Personal Information - SmarterSoft uses Personal Information to provide goods and services. We may also use Personal Information to notify Individuals of updates, general service notices, and other information and opportunities they may be interested in. De-identified data may be used to meet regulatory requirements or for the purposes of internal reporting and improvement of services. Where not previously requested, and in accordance with Privacy legislation, we may use Personal Information to communicate with Individuals through newsletters or direct marketing. All such communications will provide an option to opt out or unsubscribe.
- 6. Security of Personal Information - SmarterSoft will take reasonable steps to protect Personal Information from misuse, interference and loss, unauthorised access, modification or disclosure. Personal Information held by SmarterSoft is stored electronically in secure systems or databases, or where retention of hard copy documents is required, in secure filing systems. Only authorised SmarterSoft Staff are provided with access to Individual’s Personal Information. Where Personal Information is no longer required by the SmarterSoft, or where required by law, SmarterSoft will take reasonable steps to securely destroy or de-identify information in accordance with legal requirements for retention and disposal.
- 7. Access to and correction of Personal Information - Individuals may request access to the Personal Information SmarterSoft holds about them. Where reasonable and practicable to do so, and in accordance with the provisions of the Privacy Act, SmarterSoft will provide supervised access to an Individual ’s Personal Information. Requests to access Personal Information must be made in writing, either by email or hard copy. In the event access to records requires a significant allocation of resources, we may charge a reasonable administration fee to cover costs. Corrections or updates to Personal Information supplied by Clients or their authorised representatives must be made by the Individual or their authorised representative. In all cases, SmarterSoft Staff must be satisfied changes are authorised by the Individual in question. Requests to change Personal Information supplied by Clients or their authorised representative will be actioned as a priority.
- 8. Disclosure of Personal Information - SmarterSoft will only ever disclose an Individual’s Personal Information to Staff who require such information to perform their operational duties. SmarterSoft may occasionally outsource technological or administrative projects to overseas providers where local services are unavailable or cost prohibitive. In such cases, SmarterSoft will take reasonable steps to ensure that the overseas recipient does not breach the APPs. Countries in which we may engage providers to complete this type of activity include India, the United States of America and the Philippines. In cases where a SmarterSoft system contains Personal Information related to Individuals on behalf of a Client, upon request by the Client SmarterSoft shall undertake a de-identification process prior to information being sent overseas.
- 9. Use, adoption or disclosure of Identifiers - SmarterSoft will not use, adopt or disclose an Identifier assigned to an Individual by a Commonwealth agency unless required to by law or where reasonably necessary and in accordance with the APPs. SmarterSoft may itself generate keys which assist in uniquely identifying Individuals within our systems, but such keys are for referencing only and do not disclose Personal Information.
- 10. Anonymity and pseudonymity - Where practical, Individuals may deal with SmarterSoft anonymously or using a pseudonym. The majority of our services, however, will require collection of Personal Information to enable SmarterSoft to provide the appropriate goods, services or response.
- 11. Privacy by Design - SmarterSoft's systems make use of the PbD methodology throughout the entire system lifecycle. The design of each system starts with a review of all information to be handled by SmarterSoft and the identification of any Personal Information. SmarterSoft systems are designed around best practice data security principles and implement over 60 separate controls and measures to protect data and Personal Information. Security measures are in place at each stage including: user authentication & authorisation, data encryption in transmission and in storage, auditing, phyisical security and also data destruction. Internal access to Personal Information by Staff is also tightly managed via multi-level authorisation controls.
- 12. Privacy breaches - While SmarterSoft puts in place specific controls and measures to protect Personal Information, there is always the remote potential for data breaches to occur. Such breaches are not limited to malicious actions, such as theft or 'hacking', but may arise from internal errors or failure of SmarterSoft Staff to follow information handling policies that cause accidental loss or disclosure. In general, if there is a real risk of serious harm or loss as a result of a data breach, the Staff member who identifed the breach shall immediately inform the SmarterSoft Privacy Officer of the breach, and in turn any affected Individuals shall be notified within a reasonable time.
Australian Privacy Principles (APPs): principles pertaining to the handling of Personal Information as set out in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act).
Client: Any organisation or person who engages the services of SmarterSoft.
Identifier: A number or code assigned to an Individual by SmarterSoft or a government entity to uniquely identify the Individual for the purposes of SmarterSoft 's operations or statistical analysis.
Individual: A Client, or a Client’s client as stored in a SmarterSoft system or a SmarterSoft Staff member.
Personal Information: The Privacy Act defines Personal Information as “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an Individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
Privacy by Design: A methodology that enables privacy to be ‘built in’ to the design and architecture of information systems, business processes and networked infrastructure. PbD aims to ensure that privacy is considered before, at the start of, and throughout the development and implementation of initiatives that involve the collection and handling of Personal Information.
Sensitive Information: A subset of Personal Information. Includes information or an opinion about an Individual ’s racial or ethnic origin, financial situation, political opinions, memberships, affiliations, religious beliefs, sexual orientation, health information, criminal record, genetic information or any other information that may be considered sensitive as stipulated by a Client.
Staff: All persons undertaking work for SmarterSoft, including directors, employees and contractors.
OAIC: Office of the Australian Information Commissioner. The OAIC is responsible for Privacy, Freedom of Information and information policy.
SmarterSoft: SmarterSoft is a registered business of Areanet Pty. Ltd. (ABN 84 114 634 561)
- Privacy Act 1988
- Australian Privacy Principles (APP)
Prepared by: SmarterSoft Privacy Officer
Last review: January 2016