Privacy Policy

(February 2019)

IMPORTANT:
  1. The DAILY OPS PTY LTD (ABN: 79 618 798 913) “DAILY OPS” and each of its subsidiaries
    (together referred to in this privacy policy as “DAILY OPS” or as “us”, “we” and “our”) is
    committed to protecting your privacy and the confidentiality of your personal information
    and sensitive information in accordance with the Australian Privacy Principles contained in
    the Privacy Act 1988 (Cth) (Privacy Act).
  2. You can obtain a copy of the Australian Privacy Principles from the Office of the Australian
    Information Commissioner and their website at http://www.oaic.gov.au//privacy/privacyact/australian-privacy-principles.
    Understanding this policy
  3. This privacy policy explains the types of personal information we collect and hold, how we
    collect, hold and use this information, the purpose for which we collect, hold, use and
    disclose this information, who we may disclose to, how you can access and seek a correction
    of personal information we hold about you, how you can make a privacy complaint and
    whether we may disclose information to overseas recipients.
    Updates to our privacy policy
  4. We are constantly reviewing all of our policies and attempt to keep up to date with constantly
    changing technology, law and market place practices.
  5. As a consequence, we may change our privacy policy from time to time or as the need arises.
  6. This privacy policy was last updated February 2019. This policy replaces any other privacy
    policy published by us to date and we reserve the right to change this policy at any time. We
    encourage you to regularly check for any updates to our privacy policy.
    Information we collect and why we collect it
    Information collected.
  7. The information we collect and hold about you may include:
    1. Personal information, being information or an opinion about an identified individual, or
      an individual who is reasonably identifiable.
    2. Sensitive information, being information or an opinion about an individual’s personal
      preferences or characteristics (such as race, ethnicity, political views, memberships,
      religious or philosophical beliefs and sexual preference), health information and/or
      biometric information.
  8. Sensitive information is afforded a higher level of protection than other kinds of information
    under the Privacy Act. We collect and hold sensitive information only when you knowingly
    and voluntarily submit it. We will rarely collect and hold this kind of information.
  9. The types of personal information we may collect and hold includes the following:
    1. full name, postal address, email address, telephone
    2. date of birth, occupation and gender;
    3.  full name, postal address and telephone number of next of kin;
    4. any other information you provide to us by any means; and
    5. electronic or other geo-location identifiers.

      Consequences of refusal

  10. We understand you may not want to provide certain information to us. If you choose not to
    provide us with some or all of the information we request, we may not be able to provide you
    with the services you require.
    Why does DAILY OPS collect, hold, use and disclose your personal information?
  11. DAILY OPS collects your personal information for its own operational purposes including to:
    1. administer and manage the products and services we provide to you;
    2. provide you with information about DAILY OPS related products; and
    3. facilitate our internal business operations including updating internal databases,
      conducting consumer satisfaction surveys, fulfilling regulatory and legal requirements and
      system testing.

      How we collect your information

  12. We usually collect personal information directly from you. This may be done in person, over
    the phone, by email or through our website. We may collect personal information from or
    about you in a number of circumstances, including:

    1. from publicly available sources of information;
    2. when you use our services or contact us directly;
    3. when you sign up to receive information from us (eg. when you sign up to our mailing
      list);
    4. when you use our website;
    5. when you use our mobile App or other software;
    6. from third party sources; and
    7. when we are legally required to do so.

      Means of collection

  13. We will collect your personal information when the information is reasonably necessary for,
    or directly related to, one or more of our functions or activities.
  14. We will only collect your sensitive information when you consent to the collection of the
    information and the information is reasonably necessary for, or directly related to, one or
    more of our functions or activities.
  15. We will, at all times, take reasonable steps to collect your personal directly from you, unless:
    1. it is unreasonable or impracticable for us to do so;
    2. you consent to the collection of the information from someone other than you; or
    3. we are required or authorised by or under an Australian Law, or a court/tribunal order, to
      collect the information from someone other than you.
  16. In the event we receive your personal information from a third party, we will take reasonable
    steps to inform you of that and seek your consent to our collection of that information.
    Should you refuse to consent to that collection, we will take reasonable steps to destroy or
    de-identify that information.

    Collection of personal information through cookies on our website

  17. Cookies are data that a website transfers to an individual’s hard drive for record-keeping
    purposes. Cookies can facilitate a user’s ongoing access to and use of a website. They allow us
    to track usage patterns and to compile data that can help us improve our content and target
    advertising.
  18. If you do not want your information collected through the use of cookies, there is a simple
    procedure in most browsers that allows you to deny or accept the cookie feature. You should
    note that cookies may be necessary to provide you with certain features on our website.
    16. We may record your visit through the use of cookies and may log the following information
    for purely statistical purposes:

    1. your server address;
    2. your to-level domain name (e.g. “com”, “gov”, “au” etc.);
    3. the date and time of the visit to the site;
    4. the pages accessed and documents downloaded;
    5. the previous site visited; and
    6. the type of browser used.

      Notification of collection

  19. When we collect personal information about you, we will take reasonable steps to notify you
    or to otherwise ensure you are aware of certain matters. These matters include our identity
    as an organisation and contact details, the context of the collection, whether the collection is
    required or authorised by law, the purposes of the collection, our usual disclosure of personal
    information, information about our privacy policy and whether we are likely to disclose your
    personal information to overseas recipients.
  20. We will take reasonable steps to provide this notification before, or at the time we collect
    your personal information. If it is not possible for us to do so, we will take reasonable steps to
    provide notification as soon as practicable after collection.

    How we hold and store your information

  21. All of the personal and sensitive information we collect is stored locally on our servers and on
    our back-up system. Our electronic databases are maintained by our information systems
    branch and firewalled.
  22. We store personal information through a third party data storage provider which is PCI DSS
    Compliant and is a ISO9001: 2008 Certified System.
    21. We also maintain a number of hardcopy collections of records and electronic databases for
    use by staff. Current files are held on site or with project managers, whilst non-current files
    are archived to an offsite commercial storage facility.

    Security

  23. We take reasonable steps to protect the security, integrity and privacy of your personal and
    sensitive information.
  24. Our personnel are required to respect the confidentiality of personal information and the
    privacy of individuals.
  25. We use a variety of physical and electronic security measures, including restricting physical
    access to our offices and firewalls and secure databases to keep personal information secure
    from misuse, loss or unauthorised use or disclosure.
  26. We regularly review our various security measures in order to ensure that they are up to date
    and fit for purpose.

    Information retention and destruction practices

  27. We will only retain your personal and/or sensitive information as long as it is necessary for us
    to do so or as required by legislation or a court or tribunal order.
  28. We have an internal system that is used to identify information that is no longer necessary for
    us to retain and periodically review our data in accordance with this system. Once the
    purpose for which that information was collected expires and/or upon periodic review, we
    will take reasonable steps to destroy that information or to de-identify that information, so
    that it can be retained for statistical purposes.
  29. Information which is retained for statistical purposes may be used to improve our services
    and to make them more responsive to the needs of our customers. This statistical compilation
    and analysis of information may also be used by us or provided to others as a summary report
    for marketing, advertising or research purposes.

    Unsolicited personal information

  30. We may receive your personal or sensitive information as unsolicited personal information.
    Unsolicited personal information is information received by an organisation, such as the
    Threat Protect, where that organisation took no active steps to collect that information.
    30.
  31. If we receive unsolicited information, we will determine whether we could have collected the
    information under Australian Privacy Principle 3[http://www.oaic.gov.au/privacy/privacyact/australian-privacy-principles] (which governs the collection of solicited personal
    information). Where we could not have collected the information consistent with Australian
    Privacy Principle 3, we will destroy or de-identify the information as soon as practicable, so
    long as it is lawful and reasonable for us to do so.

    Dealing with us via pseudonym or anonymously

  32. In most circumstances, it will not be possible or practicable for us, in the course of conducting
    our activities, to deal with individuals who have not identified themselves or who have used a
    pseudonym.
  33. We are required and/or authorised under Australian law, in certain circumstances, to deal
    only with individuals who have identified themselves.
  34. However, on the expiry of the purpose for which certain information was collected and/or on
    the request of the individual the subject of the information, we will take reasonable steps to
    de-identify that information through the use of pseudonyms and/or to make the applicable
    personal details anonymous.

    The purpose of our collection, holding of, use or disclosure of information & how and in what
    circumstances we use or disclose your personal information

  35. We may in certain circumstances collect, hold, use and/or disclose your personal and/or
    sensitive information.
  36. We will use and disclose your personal information to provide our services to you or to fulfill
    administrative functions associated with our organisation and otherwise as required or
    permitted by law. In general, we will use and disclose your personal information for the
    following purposes:

    1. for the purposes for which the information was provided by you;
    2. to provide and market our services and products to you;
    3. to assist you with your enquiries or to communicate with you with respect to an existing
      product or service;
    4. to help us manage and enhance our services (including to obtain feedback from you after
      the provision of our services or for research into the development of new products and
      services or the improvement of our existing products or services);
    5. for accounting, risk management, record keeping and staff training purposes;
    6. other third parties for the purpose of providing you with our services or otherwise in
      connection with your relationship with us, including:
      i. service providers which provide products and services requested by you; and
      ii. your representatives and service providers to you (such as your lawyer, banker,
      executor, administrator or trustee);
      b. to comply with our legal obligations and requirements;
      c. to enforce any obligations owed to us; and
      d. any other purpose related to any of the above.Purpose for Use
  37. Your personal information will only be used and disclosed for the primary purpose for which it
    was collected (as disclosed in our privacy policy or at the time the information was collected)
    or for certain secondary purposes in the circumstances outlined below.
  38. We will only make use of or disclose your personal information for a secondary purpose if:
    a. you have consented to the use or disclosure of that information;
    b. you would reasonably expect us to use or disclose the information for the secondary
    purpose;
    c. the use or disclosure of that information is required or authorised by or under legislation
    or court/tribunal order;
    d. “permitted general situation” exists in relation to the use or disclosure of the information
    by us; or
    e. we reasonably believe that the use or disclosure of the information is reasonably
    necessary for one or more enforcement related activities conducted by, or on behalf of,
    an enforcement body.
    f. In the event we disclose information pursuant to paragraph 39.5 above, we will make a
    written record of the use or disclosure.

    Who can access your personal information and what conditions apply to their use?

  39. As a general rule, your personal information will only be accessed and/or viewed by our staff
    and officers, as and when it is appropriate or necessary. However, your personal information
    may also be accessed, from time to time, by:
    a. our sub-contractors;
    b. our strategic partners and business associates; and
    c. our suppliers (i.e. third parties who provide services to us) such as:
    i. service providers and data processors working on our behalf and providing services
    such as hosting and maintenance services, analysis services, email messaging
    services, delivery services, handling of payment transactions, marketing etc; and
    ii. our professional advisers (such as accountants, lawyers, auditors).
    d. Where a party, other than an employee or officer of ours, has access to the personal
    information of individuals, they will be required to comply with the applicable Australian
    privacy legislation and, where appropriate, to enter into privacy agreements with us.
    e. The access and use of your personal information by a third party will be restricted to the
    purposes outlined in this policy.

    Direct marketing

  40. We will only use or disclose your personal information (except sensitive information) for the
    purposes of direct marketing if:
    a. you would reasonably expect us to use or disclose the information for the purpose of
    direct marketing or you have consented to the use or disclosure of the information for
    that purpose (except where it is impracticable to obtain that consent); and
    b. we provide you with a simple means of opting out of receiving any further direct
    marketing communications from us; and
    c. you have not requested that we cease sending you direct marketing communications.
  41. We will not provide your personal information to third parties outside of The DAILY OPS
    without your consent.
  42. We will only make use of your sensitive information for direct marketing purposes if you have
    consented to the use or disclosure of that information for that purpose.
  43. If you receive direct marketing communications from us or from an associated entity, you are
    entitled to:
    a. request that you receive no further direct marketing communications from us and/or the
    associated entity; and
    b. request that we disclose the source of the information to you.Opting Out
  44. We will take reasonable steps to facilitate a request by you to opt-out of receiving direct
    marketing communications. This may be a request to opt-out of receiving certain
    communications or to opt-out altogether. We will not charge you for making such a request
    or for giving effect to such a request.
  45. We will take reasonable steps to give effect to such request within a reasonable period of
    time after the request is made (unless it is unreasonable or impracticable for us to do so).

    Emails

  46. We may use your email address to send you our publications, newsletters, or updates. We may also
    contact you by email to seek your opinion or comment on our website and our service offerings.
  47. We, at all times, aim to comply with the terms of the Spam Act 2003 (Cth) and will not send
    unsolicited commercial electronic messages or “spam”. All commercial electronic messages
    sent by us include information about the individual or organisation who authorised the
    sending of the message.
  48. You can unsubscribe from our emails at any time. You can also contact us if you would prefer
    not to receive this information and we will comply with your request.
    Disclosure of personal information to overseas recipients
  49. We may disclose personal information to third party suppliers and service providers located overseas
    for some of the purposes listed above. This does not diminish your rights and we will take all
    reasonable steps necessary to ensure transferred information is kept secure as required by applicable
    data privacy laws. By submitting your personal information to us you agree that you do not object to
    any such transfer, processing or storage.
  50. Should you have any queries about the potential disclosure of your personal information to an
    overseas recipient, please contact our Chief Data Protection Officer.

    How can you access and/or seek the correction of your personal information?

  51. You have a right to access the personal information we hold about you and to request the correction
    of any personal information we hold about you.
  52. We will take reasonable steps to ensure that the personal information we collect and disclose is
    accurate, up to date, complete and relevant.

    Requests for access to personal information

  53. You can request us to provide you with access to the personal information we hold about you.
  54. Requests for access to information can be made to our Chief Data Protection Officer at the contact
    details provided below. In all cases we will need to verify you identity before giving you access.
  55. We will take reasonable steps to respond to a request for access within a reasonable period of time
    after the request is made (within 30 calendar days) and to give access to the information in the
    manner requested by the individual, if it is reasonable and practicable to do so.
  56. A fee may be payable where the information you have requested is not readily available and will
    involve a considerable amount of for us to compile. We will inform you of the amount of the fee
    beforehand and respond to your request after payment is received.
  57. We are not required to give you access to personal information to the extent that:
    a. we reasonably believe that giving access would pose a serious threat to the life, health or
    safety of an individual, or to public health or public safety;
    b. giving access would have an unreasonable impact on the privacy of other individuals;
    c. the request is frivolous or vexatious;
    d. the information relates to existing or anticipated legal proceedings and would not be
    accessible by the process of discovery in those proceedings;
    e. giving access would reveal our intentions in relation to negotiations with you in such a way as
    to prejudice those negotiations;
    f. giving access would be unlawful;
    g. denying access is required or authorised by or under legislation or a court/tribunal order;
    h. giving access would be likely to prejudice one or more enforcement related activities
    conducted by, or on behalf of, an enforcement body; or
    i. giving access would reveal evaluative information generated within our organisation in
    connection with a commercially sensitive decision-making process.
  58. In the event that we refuse to give you access to the personal information requested by you, we will
    give you a written notice which sets out the reasons for the refusal (except to the extent that it would
    be unreasonable to do so) and the mechanisms available to you to complain about the refusal.

    Request for correction of personal information

  59. You can make a request for the correction and/or amendment of the personal information we hold
    about you informally in writing or pursuant to the terms of the Privacy Act.
  60. Applications to have personal information held by us corrected or amended should:
    a. be made in writing to our Chief Operations Officer;
    b. provide enough information to determine what changes are required; and
    c. provide you current contact details.
  61. In the event we refuse to correct your personal information, we will give you a written notice which
    sets out the reasons for the refusal (except to the extent it would be unreasonable to do so) and the
    mechanisms available to you to complain about the refusal.
  62. We will take reasonable steps to respond to a request for access within a reasonable period of time
    after the request is made (within 30 calendar days) and will not charge you for the making of the
    request or for the correction of the personal information.