- Personal information for employment, customer and marketing purposes such as full name, postal address, phone and fax numbers and email addresses.
- Personal information relating to a person’s business or professional capacity such as ABN/ACN, position, organisation, postal address, phone and fax numbers and email addresses.
- Transactional information such as credit card details or bank details.
- Personal information for Human Resources, Finance and general entity administration purposes for employees and contractors.
- Personal information for the purpose of organising, inviting and holding an event with Configatek or its related entities
How we collect personal information
- Directly from the person and/or the company they represent that we are interacting with to provide advice, services, materials and/or resources, employment opportunities or company information. This information can be collected in hard copy forms, online or by email, post, facsimile, face to face, over the phone or through our re-seller channel, including wholesalers and partners.
- Enquiries made to external parties in order to provide advice, services, materials and/or resources, employment opportunities or company information, for example reference checks for employment purposes.
- From publicly available information.
How we store and secure personal information
- We take reasonable steps to maintain the security of personal information to protect it from unauthorised disclosures.
- Information in hard copy format is stored in our secure offices secured by swipe passes, lock and key cabinets or rooms, and password protected rooms.
- Information in electronic format is stored securely on our secure servers or in accredited systems that meet security and privacy standards.
The use of personal information
- Configatek will not sell, rent or lease customer lists or other personal information to third parties. Personal information will not be distributed, shared or passed on to any third party unless consent has been granted by the individual or organisation, or Configatek is required to do so by law.
- Configatek uses this information to provide our core services to our customers, market our services and our brand to the industry and potential customers, recruit employees, have productive working relationships with our employees, and to engage with partners and third-party service providers.
- We may share personal information with Configatek’s related entities such as our vendors or suppliers who provide us with goods or services, our clients (who may be located overseas) or our professional advisers, where permitted by the Privacy Act.
How to access or correct your personal information or make a privacy complaint
Configatek is transparent and accountable for the limited personal information that we collect and aim to maintain the accuracy and quality of this information. Should you wish to access or correct your personal information we hold, please contact Configatek via [email protected] or +61 7 3023 5024. You may also use these contact details to notify us of a privacy complaint if you think we have failed to comply with our obligations under the Australian Privacy Principles. If a complaint is made, it will be thoroughly assessed in a timely manner and any breach will be rectified, where practicable and possible. All complaints will be taken seriously and will feed into continual processes for reviewing and improving privacy.
Configatek may, at its discretion, update or revise this Policy from time to time. Please check our website www.configatek.com for the current version of this Policy.
Data Breach Reporting
The Privacy Act and General Data Protection Regulation (Regulation (EU) 2016/679) requires that reasonable and appropriate protection is made around information, including personal information and customer data (“Information”), and that certain data breaches are reported to the relevant authorities. Configatek may collect and store Information to enable Configatek to provide services to its customers. That Information may be held in various forms and transmitted through systems controlled by Configatek or its customers.
In the event a data breach occurs or, a data breach is suspected, Configatek will follow this Policy and the below Response Plan to contain, assess and respond appropriately.
- Initial notification: If personnel become aware of an actual or suspected data breach they must immediately notify the Privacy Officer with information regarding the data breach.
- Preliminary assessment: The Privacy Officer shall notify the relevant personnel to collate information regarding the data breach.
- Assessment of Risk: The Privacy Officer in conjunction with management will assess the severity of the data breach based on the information received.
- Notification: The Privacy Officer in conjunction with management will consider whether notification to the relevant authority and/or affected individuals is required and, if notification is required, make that notification.
- Review: Configatek will undertake an internal review of the circumstances to consider if further action is required.