Effective Date: 1 July 2021
QUIIP owns and operates a website located at https://quiip.com.au/ (Site). We take your security very seriously and have put in place suitable procedures to safeguard the information we collect from the Site and online.
By doing any of the following:
- accessing the Site,
- requesting information on, enquiring about, or providing feedback in relation to, our services (online, in writing, by telephone or in person), or
- otherwise providing, or consenting to the collection of, personal information by QUIIP, its officers, agents or employees, after this policy has been brought to your attention,
you acknowledge and consent to the use, collection, storage or disclosure of your personal information by us in accordance with this policy. If you do not agree to us handling your personal information in the manner set out in this policy we will not be able to provide our services to you and you should not provide us with any personal information.
What happens if you want to deal with us anonymously or using a pseudonym?
When contacting us, you can do so either anonymously or by using a pseudonym. If you do so, we may not be able to provide you with accurate or useful information, and you may not be able to access a full range of our services. Further, we may not be able to investigate incidents or complaints you have made.
What is personal information and what kinds of information do we collect?
We follow the definition of personal information given in the Privacy Act: “Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.”
The kinds of personal information we may collect, hold and process about you depends upon how you interact with us. This information may vary depending on the specific needs of QUIIP, however, it may include:
- your name and contact details (address, email, telephone number etc)
- how you interact with us and/or the Site and/or information you enter into or upload to the Site;
- your business or associated companies or entities
- messages, emails, voicemail and other correspondence and frequency of enquiries as well as comments and feedback and responses to surveys
- your IP address and / or other device identifying data
- other information required to provide a service or information you have requested from us
- any information relating to you that you provide to us directly
Do we collect your sensitive information?
Health information, information about your race, gender, sexuality or political opinions and affiliations are a special type of personal under the Privacy Act called sensitive information. You have additional rights in relation to sensitive information. If we collect your sensitive information, we will only keep it whilst you consent to us doing so, or if we are required to by law or to protect a legal right. If you want us to delete your sensitive information you may request we do so in writing.
How do we collect your personal information?
We collect personal information directly from you, for example when you provide that information to us, we contact you or when you contact us. We also collect personal information when providing you with our services, you participate in our services, including marketing activities or from publicly available sources such as the internet and social media
Why do we collect your personal information?
We collect your personal information for a number of reasons, including:
- providing you with our services or information about our services and activities
- to promote and drive engagement with our services, including the use of targeted online advertising
- sending communications you request or contacting you and responding to your enquiries
- providing third parties with information about you and your activities to assist us in providing the services
- cooperating with law enforcement bodies and government agencies where required by law or the terms of any relevant licence or industry code of practice
- communicating with you and providing you with information about your use of the services
- ensuring consistency of service across our business and other internal business purposes
- developing or refining our services and activities as well as tailoring our services
- internal business and corporate purposes, corporate governance, auditing and record keeping. Our use of personal information may extend beyond the uses described above but will be restricted to purposes that we consider to be related to our functions and activities.
Who do we disclose your personal information to?
We may disclose your personal information to:
- entities we work with, associated organisations, business partners or affiliates
- third parties who provide products or services to us (including our accountants, auditors, lawyers, IT contractors, and other service providers)
- third parties as required or allowed by law
We may also disclose your de-identified information to third parties for analysis, research and quality assurance purposes.
How do we hold and secure your personal information?
We store your personal information digitally (unless legally required to retain in hard copy format). All digital material is secured using password protected computers and databases. Any digital transfer of Personal Information is via secure channels such as HTTPS where possible and user passwords are encrypted using a one-way hash. Any database we manage is appropriately secured behind firewalls.
Some of your data may potentially be stored overseas, most likely the United States, as well as the European Union, Great Britain and Asia, due to the use of third party services from businesses that originate in those countries. Where appropriate, QUIIP has agreements with its storage providers to keep all personal information they store secure, using reasonable and appropriate security methods.
Do we send your personal information overseas?
QUIIP is an organisation based in New South Wales, Australia. However our data may be stored in cloud back up software (such as Office 365, Dropbox, Google Cloud Platform) which may be potentially be stored overseas, most likely in the United States or in Asia.
We may upload images and / or footage to the Site or social media accounts from time to time. The Website and social media accounts may be hosted on an overseas server. Where applicable, in the event that your information is sent overseas, we will use our best endeavours to ensure that any overseas service provider will keep all personal information secure and confidential.
Do we use your personal information for direct marketing?
We may use your personal information to communicate directly with you to promote our services. We use direct marketing to provide you with information about our services. If you receive direct marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future direct marketing programs. Once we have received your opt-out request, we will remove you from our direct marketing programs as soon as reasonably practicable. Please be aware that unsubscribing from one part of our services (for example, a newsletter) will not automatically remove you from all other services.
How do you access or correct personal information we hold about you?
You may request access to the personal that we hold about you by contacting us. Upon receiving an access request we may request further details from you to verify your identity.
We reserve the right not to provide you with access to your personal information if we are unable to verify your identity to our reasonable satisfaction. An administrative fee may be charged to cover our costs in providing you with access. We will notify you of the administrative fee before it has been incurred. We will respond to your access request within a reasonable period of time by either providing you with access, or if we refuse your access request, we will provide you with reasons. Generally, access requests may be denied where: we believe your request is frivolous or vexatious, we are entitled to reject a request by law, we are unable to verify your identity; or you have not paid the administrative fee (if any).
If you believe that your personal information held with us is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. We will review your request and respond to the request within a reasonable period of time.
What about the General Data Protection Regulation?
The GDPR is the European Union (EU) data protection law. Australian-based organisations that offer goods or services to persons in the EU or target or monitor the behaviour of persons in the EU may be required to comply with the GDPR regulatory regime.
We are an Australian based organisation providing services within Australia. From time to time, we may capture or collect personal information that passes through the EU. This might occur, for example, if a person in the EU accesses the Site and we collect analytical data about them, enquiries about our services from the EU, or if one of our customers gives us information about a person in the EU. If this occurs, we will treat the personal information received in accordance with this policy.
Where data is processed or monitored in the EU, you may have additional rights, such as:
- The right to request that we delete your personal information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim)
- The right to restrict our processing of your personal information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation).
What to do if you have a complaint?
If you have a question or complaint, you can contact us:
Post:Quiip Privacy Officer 15 Laird Drive, Avoca Beach, NSW, 2251
We take all complaints seriously and will respond to you within a reasonable period of time, usually 30 days, unless we consider your complaint to be frivolous or vexatious or if we are unable to verify your identity. If you are not satisfied with the way we have handled your complaint, you can make a complaint to the Office of the Australian Information Commissioner at http://oaic.gov.au.