related personal information (“credit related information”) collected by SAS. SAS is bound by the Privacy Act 1988 (Cth)(“Privacy Act”), which governs the way private sector organisations collect, use, keep secure and disclose personal information. SAS is also bound by the Spam Act 2003 (Cth) (“Spam Act”) which governs the way SAS conducts some of its direct marketing activities.
• how and when SAS collects personal and credit related information;
• how SAS uses and discloses personal and credit related information;
• how SAS keeps personal and credit related information secure, accurate and up-to-date;
• how an individual can access and correct their personal and credit related information; and
• how SAS will facilitate or resolve a privacy complaint.
If you have any concerns or complaints about the manner in which your personal or credit related information is collected, used or disclosed by SAS, SAS has put in place an effective mechanism and procedure for you to contact SAS so that SAS can attempt to resolve the issue or complaint.
SAS recommends that you keep this information for future reference.
1) What is personal information?
a) The Privacy Act defines “personal information” to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is reasonably identifiable, from the information or opinion.
2) Sensitive Information
a) What is Sensitive Information?
i) Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
ii) In general, SAS seeks to limit the collection of sensitive information SAS may collect from you, but depending on the use you make of SAS services, this may not always be possible and SAS may collect sensitive information from you in order to carry out the services provided to you. However, SAS does not collect sensitive information from you without your consent.
iii) The type of sensitive information SAS may collect from you or record about you is dependent on the services provided to you by SAS and will be limited to the purpose(s) for which it is collected. SAS does not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 7 below) without your express consent.
3) Consent to collection of certain types of sensitive information
a) While SAS does not provide credit and is not engaged in credit activities, SAS may collect certain types of sensitive information where you have consented and agree to the collection of such information.
4) What is credit related information?
a) Credit related information is broadly defined under the Privacy Act, but relevantly includes personal information, that is: identification information and the type of credit and commercial credit sought by an individual or which an individual may access, and the credit record of that individual.
5) Collection of your personal and credit related information
a) SAS only collects personal and credit related information that is necessary for what SAS does and SAS holds the personal and credit related information SAS collects within its own data storage devices or with a third party provider of data storage. The type of information SAS may collect from you depends ultimately upon the purpose of collection and SAS set out the general purposes of collection at paragraph 6 below.
b) The type of personal information SAS may collect from you includes (but is not limited to) the following:
i) your contact information such as full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
ii) details of the property address to be enrolled in the service, contact information of the property’s occupants (such as full name, e-mail address, phone numbers), contact information of who manages the property;
iii) information concerning or relating to your purchases of services over this website;
iv) financial and billing information (such as a credit card number /expiration date / security code, bank account details, billing address, repayment information and invoice details and purchasing history);
v) proof of your identity (including, but not limited to, date of birth, driver’s licence,
passport, birth certificate);
vi) your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the services offered by SAS; and
vii) your participation in, or response to, SAS's marketing and promotional activities, such as entering into a promotional contest.
viii) SAS may also collect and hold the following credit related information:
(1) identification information – name, date of birth, current or previous address, driver’s
(2) type and amount of credit sought by you from credit providers;
(3) trade references – name of entity, ABN, contact name, telephone number, fax number, email, years trading with you;
(4) publicly available information about an individual’s creditworthiness;
(5) consumer credit liability information – name of credit provider, type of consumer credit, details of the consumer credit provided;
(6) default information;
(7) repayment history information; and
(8) payment information in relation to an overdue amount.
c) Your personal and credit related information may be collected in a number of ways, including:
i) directly by SAS staff when you seek, or enquire about, SAS services; or
ii) when you use the SAS website or complete a form on the SAS website.
e) When you engage in certain activities, such as entering a contest or promotion, filling out a survey or sending SAS feedback, SAS may ask you to provide certain information. It is completely optional for you to engage in these activities.
f) Depending upon the reason for requiring the information, some of the information SAS asks you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information SAS requires in order for SAS to provide its services to you, SAS may be unable to effectively provide its services to you.
g) If you use the SAS website, SAS may utilise "cookies" which enable SAS to monitor traffic patterns and to serve you more efficiently if you revisit the SAS website. A cookie does not identify you personally but may identify your internet service provider or computer. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
h) SAS may gather your IP address as part of its business activities and to assist with any operational difficulties or support issues with its services. This information does not identify you personally.
6) How SAS may use and disclose your personal and credit related information
a) SAS will only use or disclose your information for the primary purposes for which it was collected or a purpose related to the primary purpose or the purposes otherwise described in this policy, if this use would be reasonably expected by you or otherwise with your consent on a reasonable reading of this policy.
b) SAS collects, holds, uses and discloses your personal and credit related information to facilitate a purpose in connection with:
i) if required, the verification of your identity;
ii) the provision of SAS services and any ancillary or secondary services to you, which shall include but is not limited to:
(1) the administration and management of SAS services and any ancillary or secondary services, including charging, delivery, billing, credit card authorisation and verification, checks for financial standing, credit-worthiness (including but not limited to undertaking an assessment for credit loss and obtaining credit references, if applicable), fraud and collecting debts; and
(2) to offer you updates, or other content or products and services that may be of interest to you (unless as directed otherwise);
iii) facilitating the administration and management of SAS, including but not limited to the use of your personal information collected in accordance with paragraph 3.1 in the administration and management of SAS;
iv) the improvement of SAS services (including to contact you about those improvements and asking you to participate in surveys about SAS services and any ancillary or secondary services including anonymous comparative research unless as directed otherwise);
v) the maintenance and development of SAS services and any ancillary or secondary services, business systems and infrastructure;
vi) marketing and promotional activities by SAS and its related bodies (including by direct mail, telemarketing, email, SMS and MMS messages, and advertisements on social media) such as SAS newsletters (unless as directed otherwise);
vii) marketing and promotional activities by SAS (including by direct mail, telemarketing, email, SMS and MMS messages, and advertisements on social media) that promote the goods and/or services provided by SAS commercial partners that may be of interest to you (for which SAS may derive a commercial benefit from); (unless as directed otherwise);
viii) to provide customer service functions, including handling customer enquiries and complaints, to offer you updates, or other content or products and services that may be of interest to you (unless as directed otherwise);
ix) SAS's compliance with applicable laws;
x) the sale, and matters in connection with a potential sale, of the SAS business or company to a third party;
xi) any other matters reasonably necessary to continue to provide SAS services and any ancillary or secondary services to you including the ongoing business development of SAS; and
xii) other purposes related to any of the above.
c) SAS may also use or disclose your personal and credit related information without seeking your additional consent:
i) if SAS reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
ii) if SAS has reason to suspect that unlawful activity has been, or is being, engaged in; or
iii) if it is required or authorised by law.
7) The types of organisations to which SAS may disclose your information
a) SAS may disclose your information to organisations outside of SAS. Examples of organisations and/or parties that your information may be provided to include:
i) offshore service providers, if any;
ii) related entities and subsidiaries of SAS;
iii) third parties, such as PayWay for processing online payment card transactions for payment of orders;
iv) third parties, such as service providers who install, maintain or service smoke alarms purchased via this website, including but not limited to electricians and technicians;
v) third parties, such as advertising agencies, for the purpose of advertising and promoting the goods and services of SAS and its commercial partners which may be of interest to you; and
vi) SAS contractors, agents, and venture partners, including but not limited to SAS suppliers and distributors, or other companies who assist SAS in providing SAS services and ancillary and secondary services to you.
However, information provided to third parties will be dealt with in accordance with that
8) Direct Marketing
a) By giving your personal information and credit related information to SAS, you expressly consent to SAS using your personal information and credit related information, including any email address and mobile phone numbers you give to SAS, to tell you about SAS services, ancillary or secondary services or events or any other direct marketing activity (including third party products, services, and events from SAS's commercial partners) (Marketing Communications) which SAS consider may be of interest to you. These Marketing Communications may be sent directly by SAS and/or via third parties by email, SMS and social media and you consent to SAS providing your email and mobile phone number to external advertising agencies for this purpose.
b) If at any time you do not wish to receive any further Marketing Communications from SAS, you may ask SAS to cease sending you further Marketing Communications about products and services and not to disclose your information to other organisations for that purpose. You may also ask SAS to not provide further Marketing Communications solely in respect of SAS’ commercial partners. You may do this at any time by using the “unsubscribe” facility included in the email, SMS or MMS message, or by contacting SAS via the details set out in paragraph 14) b).
9) Cross Border Disclosure
a) Any personal information provided to SAS may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand where SAS may utilise overseas data and website hosting facilities or have entered into contractual arrangements with third party service providers to assist SAS with providing SAS services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for SAS or for one of SAS's suppliers, agents, partners or related companies.
d) If you do not agree to the transfer of your personal information outside Australia, please contact SAS via the details set out in 14) b).
10) Data quality and security
a) SAS will take reasonable steps to help ensure your personal and credit related information is safe. You will appreciate, however, that SAS cannot guarantee the security of all transmissions or information, especially where the Internet is involved.
b) Notwithstanding the above, while SAS will take reasonable steps to:
i) make sure that the personal information SAS collect, use or disclose is accurate, complete and up to date;
ii) protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
iii) destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection,
you acknowledge and agree that electronic information handling, storage, use and management, fax and electronic mail and Short Message Services and other electronic messaging services (together electronic information) are not secure and there are risks of legally or commercially or personally sensitive information being inadvertently misdirected, security breaches, loss or non-delivery of material, and you confirm that your arrangements and conduct, including with regard to your identity, passwords and electronic information management, are sufficiently secure and confidential to protect your interests and we are not obliged to take steps to verify or confirm electronic information and whether we take such steps or not we will have no duty or liability as a result of an electronic information breach that does not originate from us and you will carry out effective procedures and conduct yourself to protect the integrity of your electronic information.
c) Your personal and credit related information will be stored as physical files in a secured area, on SAS's electronic data base system, on cloud based servers and on computers with appropriate back up and security systems. SAS aims to protect your personally identifiable information from loss, misuse, interference, unauthorised access or alteration by:
i) imposing confidentiality requirements on SAS's employees;
ii) implementing security measures to govern access to SAS's systems;
iii) only providing access to personal information once proper identification has been given;
iv) controlling access to SAS's premises; and
v) implementing website protection measures.
d) However, the accuracy of personal information depends largely on the information you provide to SAS, so SAS recommends that you:
i) let SAS know if there are any errors in your personal information; and
ii) keep SAS up-to-date with changes to your personal information (such as your name or address).
11) Access to and correction of your information
a) You are entitled to have access to any personal information relating to you which SAS possess, except in some exceptional circumstances provided by law. You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
b) If you would like access to or to correct any records of personal information SAS has about you, you are able to access and update that information (subject to the above) by contacting SAS via the details set out in paragraph 14) b). SAS requires that requests for access to or to update or correct your information to be in writing outlining the details of your request.
c) SAS will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual concerned) before granting a request to access your personal information.
d) SAS will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. SAS will, on request, provide you with access to your personal information or update or correct your personal information, unless SAS is lawfully excluded from granting your request, including if:
i) giving access would be unlawful;
ii) SAS is required or authorised by law or a court/tribunal order to deny access; or
iii) giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
e) Where your request for access is accepted, SAS will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
f) Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If SAS deny your request, SAS will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
g) SAS will accept your request for correction of your credit related information where SAS is satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
h) Upon accepting a request for correction of your personal information, SAS will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.
i) If your request for correction of credit related information is accepted SAS will provide written notice of this correction to any entity to which SAS has disclosed this information previously, to the extent that this is practicable.
12) Dealing with SAS anonymously
a) Where lawful and practicable to do so, you can deal with SAS anonymously or using a pseudonym. You can deal with SAS anonymously or using a pseudonym when making a general enquiry about the goods and services that SAS can offer to you including via telephone or SAS's website.
b) At the time you engage SAS's services, it is no longer practicable for you to deal with SAS anonymously or using a pseudonym.
13) Credit information notifiable matters
14) Resolving privacy complaints
a) SAS has put in place an effective mechanism and procedure to resolve privacy complaints. SAS will ensure that all complaints are dealt with in a reasonably appropriate timeframe, but not more than 30 days after receiving the complaint, so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
b) If you have any concerns or complaints about the manner in which SAS has collected, used or disclosed and stored your personal information or other questions about this policy, please contact SAS in writing by:
i) Email: [email protected]
ii) Post: PO Box 1591, Toombul QLD 4012
c) Please mark your correspondence to the attention of the Privacy Officer.
d) In order to resolve a complaint, SAS:
i) will liaise with you to identify and define the nature and cause of the complaint;
ii) will keep you informed of the likely time within which SAS will respond to your complaint; and
iii) will inform you of the legislative basis (if any) of SAS's decision in resolving such complaint.
e) SAS will keep a record of the complaint and any action taken in a Register of Complaints.
f) If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner to be resolved.