How will Kelly Tillage use my information?
The information that you provide will be used by Kelly Tillage to contact you with relevant information about our business, products and services.We will hold this information as necessary and may pass it on to our dealers and associates in the interests of providing you with personalised customer service. Your information is your property, and you retain the right to request access, transferral and rectification and erasure of it, as well as the right to withdraw consent to our use of it and the right to lodge a complaint with a Data Protection Authority (DPA).
Respecting Your Privacy:
Kelly Tillage and its related entities (“Kelly”) is committed to compliance with privacy laws and your privacy is important to it. This policy outlines the company’s personal information management practices that relate to:
Kelly will be open and transparent about how it handles personal information, by:
Why am I receiving communications from Kelly Tillage?
• Your information was provided to Kelly Tillage via social media, an inquiry on our website, filling out a lead form at an expo or field day, or some other means of communication.
• The information will be used by Kelly Tillage to contact you with relevant information about our business, products and services.
• We will hold this information for as long as necessary, and may pass it on to our dealers and associates in the interests of providing improved customer service.
• Your information is your property, and you retain the right to request access, transferral, rectification and erasure of it, as well as the right to withdraw consent to our use of it and the right to lodge a complaint with a Data Protection Authority (DPA).
The personal information collected is necessary for its normal business functions and activities.
The personal information may include;
Sometimes information is collected through selected agents. These agents are under an obligation to protect your privacy when they deal with your personal information.
We collect and retain personal information about individuals or companies that supply goods and services to us. This information is used for purposes related to the acquisition of goods and services by us and is not used for any other purposes.
Kelly keeps detailed information about current and former employees, including detailed payroll information. This type of information will in most cases be exempt from the Australian Privacy Principles. It also keeps personal information about persons who apply for employment (this information is not exempt). Personal information may be used to advise you of special offers and events that become available to customers.
We respect your privacy and will give you the opportunity not to receive this information when we collect your details or on occasions when we send such material to you. We continue to be bound by the SPAM Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth) if we undertake direct marketing and we will comply with the provisions of these Acts.
From time to time we may disclose credit information to a credit reporting body with your prior approval. Further details are given to you about this when you apply for payment terms.
Kelly Tillage does not sell or disclose the personal information that we hold to any person outside Kelly Tillage for direct marketing by that other person.
Personal information that we hold may be exchanged between different businesses within Kelly Tillage (as listed in the Schedule) or to other related parties. This disclosure is permitted by the Privacy Act.
Personal information that we hold may be disclosed to the agent that supplied goods to you. It may also be disclosed to agents or contractors who act on our behalf to collect debts or recover goods and to service contractors that provide service and support to our customers who help us to comply with our service and warranty obligations to you. Finally, we may also disclose personal information to our solicitors and accountants. The identity of any of these people may change from time to time.
Some personal information we collect may be disclosed to persons or our contractors, suppliers, representatives, dealers or agents that are outside Australia. This is dependent on your business and requirements, particularly with respect to the Australian Privacy Principles and Privacy Act. It is important to specifically advise if you do not wish to have your information stored overseas.
When we collect personal information about you we do so by making a record of it.
We take active steps to protect the security of all records of personal information, including authentication of customers before disclosure of personal information. We expect our staff to comply with certain standards of behaviour and values when dealing with personal information. We train selected staff about the need to protect your privacy and we will regard breaches of the Australian Privacy Principles as serious matters. We maintain and retain personal information in both electronic and paper based records. Paper based records are kept securely away from the general public.
Our electronic records are kept in a number of secure systems with password protection and restricted access both internally and from external sources. We may keep personal information for up to 7 years or longer after the completion of a transaction for legal or taxation purposes. After that time, we will de-identify or destroy the personal information if we no longer need it.
We try to ensure that any personal information that we hold is accurate, complete and up to date. We do this by collecting as much information about a person as possible from the person during the initial contact. We will also update and correct your personal information if it is incorrect or when you request us to do so. Should we become aware that the information is inaccurate, incomplete or out of date we will correct that information, make a note on or amend the file, or in some cases delete it from our records.
There may be occasions where you wish to deal with us anonymously or using a pseudonym (i.e. a name, term or descriptor that is not your actual name). You may wish to deal with us in either of such manners where you want to make an inquiry as to the availability or price of a particular product, part or service that we offer, opening hours or for any other kind of inquiry for which your personal information is not required in order for us to respond meaningfully to your query. In these circumstances we will respond to your query without seeking to collect personal information about you. However, where it is impracticable for us to deal with you if you do not identify yourself, then we are not obliged to give you the option of dealing with us anonymously or using a pseudonym. We will tell you if we think that such a situation exists. If you choose not to provide us with personal information, then we may not be able to provide you with the product, part or service that you seek.
If you wish to:
then you may contact our Privacy Officer who will take reasonable steps to respond to your inquiry or complaint and will do so promptly (usually within 14 to 30 days). Our Privacy Officer’s contact details are:
Attention: The Privacy Officer PO Box 100
Booleroo Centre SA 5482
Telephone: 08 8667 2253
Fax: 08 8667 2250
E-mail: [email protected]
The Privacy Act requires that you first make your complaint to us in writing and that we are then given a reasonable time to respond to you (usually within 30 days). If you make a complaint to our Privacy Officer but you are not satisfied with the response that you receive you can then make your complaint to the Credit Ombudsman Service. The Credit Ombudsman Service independently and impartially resolves disputes between customers and participating members on matters including privacy. Their contact details are:
PO Box A252
South Sydney NSW 1235
Telephone: 1800 138 422
Fax: (02) 9273 8440
Complaints Email: [email protected]
Alternatively, you may contact the Commonwealth Privacy Commissioner with your complaint. The contact details are:
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Fax: (02) 9284 9666
Email: [email protected]
Notifiable Data Breaches Policy:
What is an ‘Eligible Data’ Breach?
An eligible data breach occurs if either:
a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.
However, if KT takes remedial action;
the access, disclosure, or loss (as relevant) is not, and is never taken to have been an eligible data breach.
What is ‘Serious Harm’?
Serious harm may be described as serious physical, psychological, emotional, economic and financial harm as well as serious harm to reputation.
It is apparent that when assessing whether ‘serious harm’ is likely to occur, KT will need to apply a reasonableness test to the circumstances, in order to reach a conclusion, and those details that should be considered are as follows;
Requirement to Assess
If KT is aware that there are reasonable grounds to suspect that there may have been an eligible breach by KT but is not aware that there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach, then KT must:
Requirement to Notify the Commissioner of the Eligible Data Breach
As soon as KT becomes aware that there are grounds to believe that the relevant circumstances amount to an eligible data breach by them, KT must;
a) prepare a statement that sets out;
b) give a copy of the statement to the Commissioner
The Commissioner may also direct KT to prepare a statement, if the Commissioner is aware that there are reasonable grounds to believe that there has been an eligible data breach.
If KT has reasonable grounds to believe that the eligible data breach was caused by another entity, the statement may also set out the identity and contact details of the other entity.
Requirement to Notify Individuals who are Harmed by the Eligible Data Breach
If KT is required to provide the Commissioner with a statement, we must as soon as practicable;
If an entity prepares a statement after an eligible data breach, but that eligible data breach was caused by another entity, those other entities are not required to prepare a statement.
All investigations of an eligible data breach and statements will be documented and filed appropriately.
New notification requirements under the Privacy Act. Privacy Amendment (Notifiable Data Breaches) 2017 | Mills Oakley
Privacy Amendment (Notifiable Data Breaches) Act 2017