2.1 To outline the policy to all persons who deal with the WTL/HRD Group.
WTL/HRD Group will be referred to as “we”, “our”, “us” or “WTL/HRD” in this policy.
At WTL/HRD, privacy is important to us. We make every effort to maintain the highest standards in dealing with personal information of all people that we deal with (including employees and people external to the organisation referred to in this document as “you” or “your”) in accordance with the Privacy Act 1998 (Cth) (“the Law”).
4 WHAT INFORMATION WE COLLECT AND HOLD
We may collect and hold personal information about you, that is, information that can identify you, and is relevant to liaising with you, or to providing shareholder services, credit, product or services to you or others.
This information may include your name, date of birth, current and previous address details, telephone numbers, email addresses, demographic information, occupation and employment details, including qualifications.
We also collect information about:
- Suppliers, customers and our and their employees (including business name and address, contact details, and employee names, birthdates, addresses and working conditions (including hours and salaries); and
- potential employees (including names, addresses, contact details, employment and academic histories and the names of their referees).
We only collect Sensitive Information (as defined by the Law) in very specific circumstances. Where we do so, we will notify you of this and ask for your specific consent for its collection, use and disclosure with strict controls around this.Collection of information that is not ‘personal information’
5 HOW WE COLLECT AND HOLD INFORMATION
Personal information will generally be collected directly from you through the use of any of our standard forms, in a customer or supplier contract, over the internet, via our website, email, or through a telephone conversation with you.
6 WHY WE COLLECT INFORMATION
The personal information that we collect and hold about you, depends on your interaction with us. Generally, we will collect, use and hold your personal information for the purposes of:
(a) providing shareholder services;
(b) providing products to you or someone else;
(b) providing you with information about other products that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
(c) facilitating our internal business operations (including managing your employment, if relevant); (d) complying with regulatory or legal requirements;
(e) analysing our goods and customer needs with a view to developing new or improved services.
7 WHAT WE DO WITH THE INFORMATION WE COLLECT
WTL/HRD does not sell, or otherwise trade, your personal information. Generally, we only use or disclose personal information about you for the purposes for which it was collected (as above).
We use your personal information to carry out our interaction with you, including understanding your needs and providing better services and products. In particular, we use your personal information and you consent to us using your personal information:
- to manage your shareholding in WTL (if applicable)
- for internal record keeping;
- to improve our products;
- for promotion and direct marketing to you of our products;
- for internal product/service analysis (market research);
- to comply with the Law and protect against fraudulent activity;
- to conduct market research and analysis for the purpose of improving our offering;
- to conduct competitions or promotions for us;
- to verify your identity;
- to investigate any complaints made by you, or against you; or
- if we have reason to suspect that you have been engaged in any unlawful activity.
We also use your personal information to communicate with you, including by email, mail or telephone. If you have opted in to receive newsletters, communications or special offers from WTL/HRD you may, in some circumstances, also receive newsletters, communications or special offers from third party partners. If you do not wish to receive direct marketing communications please ask us to cease this via our Privacy Officer.
8 WHEN WE DISCLOSE YOUR PERSONAL INFORMATION
We may disclose personal information held about you to:
- our share registry provider if you are a WTL shareholder;
- related companies as required for carrying on our business;
- third party service suppliers, including, but not limited to email systems providers and
- parties involved in the maintenance of our information technology systems;
- our authorised representatives (including accounting, legal and financial advisers);
- organisations required by law;
- insurance providers in relation to specific claims;
- law enforcement agencies; and,
- anyone to whom you authorise us to disclose the information
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, disclosure, misuse, modification or loss of your personal information, we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information.
Access to your personal information is limited to those parties within WTL/HRD who require legitimate access to it.
Because some of our systems and those of our third party providers are cloud based, your information may also be stored on computer servers located outside of Australia such as the United State of America. You consent to the disclosure of your personal information to such overseas recipients and its location on overseas servers.
In special circumstances – for example, if we were to sell our business or part of it, or WTL sold its shares in HRD, your information may be transferred to third parties and their advisers as part of that sale. From time to time, we may provide aggregated and de-identified information to other organisation partners for various purposes.
10 ACCESS TO AND UPDATING YOUR PERSONAL INFORMATION
You may request the details of any personal information we hold about you. We may charge you a small fee for providing you the information.
If you believe that any personal information we have is incorrect or incomplete, and you wish it to be corrected, please contact us as soon as possible and we will promptly correct it. On your request, and as far as it is practicable, we will provide your updated details to third party providers that we have previously disclosed your personal information to with your consent.
11 NOTIFICATION OF DATA BREACH
If we experience a data breach, for example, unauthorised access to, or disclosure of, your personal information, or where your personal information is lost in circumstances that could give rise to unauthorised loss or disclosure, and serious harm is likely to occur to you, and we have not been able to prevent it we will advise you and the Australian Information Commissioner as soon as reasonably practical of the breach, and work with you to resolve it or mitigate the circumstances of the breach.
12 GDPR (FOR INDIVIDUALS WITHIN THE EUROPEAN UNION)
The GDPR provides data protection and privacy rights to individuals within the European Union as set out below.
Under the GDPR such individuals (you) are granted the following rights:
- You have a right to know our identity. Please see ‘Data Controller Details’ at the end of this policy.
- You may withdraw any given consent at any time.
- You will be notified if, at any point in the future, the usage of your data changes from what is
- stated here. You will have the opportunity to withdraw consent.
- You have the right to object to any of your data being processed.
- You may request a copy of all information we have about you, at any time.
- You may request modification of any data we have on you, at any time
- You may request deletion of any or all data we have on you, at any time
*For requests about your data, we will have to identify you to be able to comply.
Full details on your GDPR rights are provided at the following link:
Some personal data may be collected by us in the operation of our website. The amount of information collected depends on the level of interaction you have with us.
Data we collect may include the following:
- Identity data, such as name and email;
- Contact information, such as email and phone number;
- Financial and transactional data such as records of sales and purchases;
- Usage data, such as email opening rates, number of website logins, etc;
- Any other information you may volunteer to us, such as feedback or survey responses.
We will use your data for the following purposes:
- To verify your identity should you wish to exercise your rights as above.
- To provide information to you that you have requested.
- To send you marketing and promotion materials and offers.
- To generate anonymous aggregate data.
Recipients of Data
Your data may be stored with third parties that provide services to us, such as our hosting provider and mailing list provider. Data may be available in some cases to contractors or associates that perform services for us, such as website development services.
The period of data retention depends on the type of data, and the actions you take. We will retain data as long as is necessary to involve you in our work, or notify you of our events and activities, and may retain some information after your involvement with us ends. To have all information about you removed, please contact us, and we will comply as closely as allowed by law.
Please contact us (see details in Part 14 below) if any of the following apply to you:
- You want to know what data we have about you.
- You want us to modify or delete any data we have about you.
- You feel that your rights have not been met.
- You do not understand any part of this policy.
- You have unanswered questions about how we collect or use data.
We will use best endeavours to report a personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, we will also inform you without undue delay.
Our Controller details are listed under Part 14 below.
When you visit our website
When you visit our website www.hellyersroaddistillery.com.au, we will collect any personal information that you provide and we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, so that we can improve our service.
Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that WTL/HRD is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
14 HOW TO CONTACT US
Janelle O’Reilly at email@example.com
15 RESPONSIBILITIES OF MANAGEMENT AND STAFF
All employees at all levels are responsible for adherence to this policy.
Management have a responsibility to:
- Monitor the working environment to ensure that acceptable standards are being observed.
- Behave in a manner consistent with the policy
- Promote adherence to the policy
16 DISCIPLINARY ACTION
Appropriate disciplinary action will be taken against a person who is found to have breached this policy. These measures will depend on the nature and circumstance of each breach.
The severity of the behaviour will determine which option WTL/HRD chooses to invoke.
Serious breaches of this policy that are considered to be ‘serious misconduct’, may result in employment being terminated summarily. This means that a person may not be given any warnings or a chance to correct behaviour.
Any employee or contractor who becomes aware of a breach of this Policy must disclose this breach either to the HRD General Manager or the Privacy Officer.
In extreme circumstances an individual may be concerned that a serious breach of this Policy has occurred but considers that it would be personally damaging to report it through normal channels, in such a case they should report it under the Whistleblower (Speak Up) Policy.