Introduction & Purpose
Privacy law is regulated by the Australian Information Commissioner. Further information about privacy legislation can be obtained from the Office of the Australian Information Commissioner website at: www.oaic.gov.au.
We respect your privacy. SmarterSoft is committed to maintaining the privacy of all Personal Information we are given, whether managed by a SmarterSoft system, or otherwise provided to us in the course of our service delivery. This policy sets out how we collect, use, disclose, store, secure, manage and access Personal Information in accordance with the Privacy Act and Australian Privacy Principles (APPs) contained therein.
1. SmarterSoft is bound by the Privacy Act 1988 (Privacy Act)
Any Personal Information we collect will be handled in accordance with the APPs outlined in the Privacy Act and any applicable state or territory legislation.
2. Collection of Personal Information
SmarterSoft will only collect Personal Information which is reasonably necessary to deliver our services and conduct the business activities that support such services. We may collect the following types of Personal Information: name and contact details (including name, address, phone number, mobile number, fax number and email address), demographic information, system login details, payment details and other information relevant to the relationship of the Individual with SmarterSoft. We may also collect Personal Information and/or Sensitive Information on Individuals if required to do so on behalf of a Client.
3. Information collection
Via our website - In common with many websites we may collect aggregated information which tells us about visitors to the SmarterSoft site but not the identity of those visitors. For example, we may collect information about the date, time and duration of visits and which pages of the SmarterSoft website are most commonly accessed. This information is used by us to help to administer and improve the SmarterSoft website. The SmarterSoft website may use ‘cookies’. Cookies are small files which are stored on a visitor's computer. They are designed to hold a modest amount of data specific to a particular website visitor, and can be accessed either by the web server or the Individual’s computer. This allows the server to deliver a page tailored to a particular visitor, or the page itself can contain some script which is aware of the data in the cookie and so is able to carry information from one visit to the website (or related site) to the next. Cookies may also be used to manage security and store information about the type of browser being used. With most internet browsers, visitors can erase cookies from their computer, block all cookies, or receive a warning before a cookie is stored. However, some parts of the SmarterSoft site may not function fully for visitors that disallow cookies.
Via Client's SmarterSoft systems - SmarterSoft systems will generally have extensive auditing data collected as part of our normal operational security procedures. Any Individual user of a SmarterSoft system will have the following types of auditing data collected during the course of their usage: login and logout attempts, movements through the system, any modifications they make to data. In addition, SmarterSoft will also record and store the date and time of such events, as well as the IP address and location of where the event occurred.
4.Methods of collecting Personal Information
SmarterSoft collects Personal Information through a variety of methods including electronic or face to face interactions; interaction with our website or SmarterSoft systems; requests for information; and via the provision of goods and services.
5. Use of Personal Information
SmarterSoft uses Personal Information to provide goods and services. We may also use Personal Information to notify Individuals of updates, general service notices, and other information and opportunities they may be interested in. De-identified data may be used to meet regulatory requirements or for the purposes of internal reporting and improvement of services. Where not previously requested, and in accordance with Privacy legislation, we may use Personal Information to communicate with Individuals through newsletters or direct marketing. All such communications will provide an option to opt out or unsubscribe. Auditing data collected on behalf of a Client's SmarterSoft system is generally used to ensure the correct and secure operation of the system, but may also be used to identify illegal or restricted activities and events conducted by Individual users.
6. Security of Personal Information
SmarterSoft will take reasonable steps to protect Personal Information from misuse, interference and loss, unauthorised access, modification or disclosure. Personal Information held by SmarterSoft is stored electronically in secure systems or databases, or where retention of hard copy documents is required, in secure filing systems. Only authorised SmarterSoft Staff are provided with access to Individual’s Personal Information. Where Personal Information is no longer required by the SmarterSoft, or where required by law, SmarterSoft will take reasonable steps to securely destroy or de-identify information in accordance with legal requirements for retention and disposal.
7. Access to and correction of Personal Information
Individuals may request access to the Personal Information SmarterSoft holds about them. Where reasonable and practicable to do so, and in accordance with the provisions of the Privacy Act, SmarterSoft will provide supervised access to an Individual ’s Personal Information. Requests to access Personal Information must be made in writing, either by email or hard copy. In the event access to records requires a significant allocation of resources, we may charge a reasonable administration fee to cover costs. Corrections or updates to Personal Information supplied by Clients or their authorised representatives must be made by the Individual or their authorised representative. In all cases, SmarterSoft Staff must be satisfied changes are authorised by the Individual in question. Requests to change Personal Information supplied by Clients or their authorised representative will be actioned as a priority.
8. Disclosure of Personal Information
SmarterSoft will only disclose an Individual’s Personal Information to Staff who require such information to perform their operational duties. SmarterSoft may occasionally outsource technological or administrative projects to overseas providers where local services are unavailable or cost prohibitive. In such cases, SmarterSoft will take reasonable steps to ensure that the overseas recipient does not breach the APPs. In cases where a SmarterSoft system contains Personal Information related to Individuals on behalf of a Client, if required SmarterSoft shall undertake a de-identification process prior to information being sent overseas. Additionally, SmarterSoft may use or disclose Personal Information if the use or disclosure is required or authorised by or under an Australian law or a court/tribunal order, or as otherwise permitted under the 'Use or disclosure of personal information' section of APP 6.
9. Use, adoption or disclosure of Identifiers
SmarterSoft will not use, adopt or disclose an Identifier assigned to an Individual by a Commonwealth agency unless required to by law or where reasonably necessary and in accordance with the APPs. SmarterSoft may itself generate keys which assist in uniquely identifying Individuals within our systems, but such keys are for referencing only and do not disclose Personal Information.
10. Anonymity and pseudonymity
Where practical, Individuals may deal with SmarterSoft anonymously or using a pseudonym. The majority of our services, however, will require collection of Personal Information to enable SmarterSoft to provide the appropriate goods, services or response.
11. Privacy by Design
SmarterSoft's systems make use of the PbD methodology throughout the entire system lifecycle. The design of each system starts with a review of all information to be handled by SmarterSoft and the identification of any Personal Information. SmarterSoft systems are designed around best practice data security principles and implement an extensive list of controls and measures to protect data and Personal Information. Security measures are in place at each stage including: Individual user authentication & authorisation, data encryption in transmission and in storage, auditing, physical security and also data destruction on service termination. Internal access to Personal Information by Staff is also tightly managed via multi-level authorisation controls.
12. Privacy breaches
While SmarterSoft puts in place specific controls and measures to protect Personal Information, there is always the remote potential for data breaches to occur. Such breaches are not limited to malicious actions, such as theft or 'hacking', but may arise from internal errors or failure of SmarterSoft Staff to follow information handling policies that cause accidental loss or disclosure. In general, if there is a real risk of serious harm or loss as a result of a data breach, the Staff member who identified the breach shall immediately inform the SmarterSoft Privacy Officer of the breach, and in turn any affected Individuals shall be notified within a reasonable time.
13. Review and improvement
14. Complaints and enquiries
Australian Privacy Principles (APPs): principles pertaining to the handling of Personal Information as set out in Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Reform Act).
Client: Any organisation or person who engages the services of SmarterSoft.
Identifier: A number or code assigned to an Individual by SmarterSoft or a government entity to uniquely identify the Individual for the purposes of SmarterSoft 's operations or statistical analysis.
Individual: A direct SmarterSoft Client, or a Client’s client (e.g. patient, member, customer, employee etc.), or Client user as stored in a SmarterSoft system, or a SmarterSoft Staff member.
Personal Information: The Privacy Act defines Personal Information as “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an Individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
Privacy by Design: A methodology that enables privacy to be ‘built in’ to the design and architecture of information systems, business processes and networked infrastructure. PbD aims to ensure that privacy is considered before, at the start of, and throughout the development and implementation of initiatives that involve the collection and handling of Personal Information.
Sensitive Information: A subset of Personal Information. Includes information or an opinion about an Individual ’s racial or ethnic origin, financial situation, political opinions, memberships, affiliations, religious beliefs, sexual orientation, health information, criminal record, genetic information or any other information that may be considered sensitive as stipulated by a Client.
Staff: All persons undertaking work for SmarterSoft, including directors, employees and contractors.
OAIC: Office of the Australian Information Commissioner. The OAIC is responsible for Privacy, Freedom of Information and information policy.
SmarterSoft: SmarterSoft is a registered business of Areanet Pty. Ltd. (ABN 84 114 634 561)
- Privacy Act 1988
- Australian Privacy Principles (APP)
Prepared by: SmarterSoft Privacy Officer
Last review: January 2020