1. BACKGROUND
CROFTI Pty Ltd ACN 169 326 514 and its related entities (‘Crofti / we / us’) is an IT Support and Consulting business that specializes in delivering innovation and technology with business focused outcomes. At Crofti, it is important to us that we manage your personal information securely and consistently with relevant legislation, including the Privacy Act 1988 (Cth) (‘Privacy Act’) as well as the Credit Report Privacy Code (‘Code’).
This privacy policy (Privacy Policy) outlines how we collect, store, use, protect and share your personal information. It applies to our website (crofti.com.au) and all related websites, applications, services and tools (together the Website). By visiting or using the Website you agree to the collection, storage, usage and disclosure of your personal information by Us in the manner described in this Privacy Policy. Unless we obtain your written consent, we will not sell, disclose, licence or rent your personal information to a third party for that third party’s marketing purposes.
We reserve the right to amend this Privacy Policy at any time by posting the amended terms on the Website. If we make material changes to this policy, we will notify you by means of a notice on our announcements board and/or other means so that you access and review the changes. If you object to any changes, you may close your account or discontinue communication with us. By continuing to use the Website after notice of changes has been sent to you or published on the Website, you are deemed to have consented to the changes.
2. APPLICATION OF THIS PRIVACY POLICY
2.1 In Australia, we are governed by the Australian Privacy Principles (‘APPs’) under the Privacy Act. In our interactions with you, we also comply with Credit Reporting Privacy Code requirements. These set out the way organisations and government agencies can collect and use, disclose and provide access to personal and sensitive information.
(a) Personal information is information that identifies or could identify a person, whether it is true or not. It may include, for example, your name, age, gender, profile picture, contact details, bank account details and financial information.
(b) Sensitive information as defined by the Privacy Act (as amended) is also personal information but relates to your opinions, views, racial or ethnic origin, political options or affiliations, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record or health, genetic, biometric information or biometric templates.
(c) Credit Information as defined in the Privacy Act is personal information about an individual (other than sensitive information) relating primarily to your credit-related dealings which can be disclosed to Credit Reporting Bodies (‘CRBs’) that report on consumer credit worthiness and includes:
(i) identification information about the individual; or
(ii) consumer credit liability information about the individual; or
(iii) repayment history information about the individual; or
(iv) a statement that an information request has been made in relation to the individual by a credit provider, mortgage insurer or trade insurer; or
(v) the type of consumer credit or commercial credit, and the amount of credit, sought in an application:
A. that has been made by the individual to a credit provider; and
B. in connection with which the provider has made an information request in relation to the individual; or
(vi) default information about the individual; or
(vii) payment information about the individual; or
(viii) new arrangement information about the individual; or
(ix) court proceedings information about the individual; or
(x) personal insolvency information about the individual; or
(xi) publicly available information about the individual:
A. that relates to the individual’s activities in Australia or the external Territories and the individual’s credit worthiness; and
B. that is not court proceedings information about the individual or information about the individual that is entered or recorded on the National Personal Insolvency Index; or
(xii) the opinion of a credit provider that the individual has committed, in circumstances specified by the provider, a serious credit infringement in relation to consumer credit provided by the provider to the individual.
2.2 We respect your personal information, and this Privacy Policy explains how we manage it. This Privacy Policy covers Crofti and all of its related companies.
2.3 Notwithstanding any references or specific examples in this Privacy Policy, those examples are not to be taken as an exhaustive list of personal information collected by us.
2.4 You understand that many online software packages including, but not limited to, Google and Xero, store data in facilities which may not be wholly or in part, based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles. We and any third parties or software providers we engage now and in the future, will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms as provided by those third parties and software packages. You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost effectiveness of the solution provided. To disengage our services, please notify us in writing and we will take measures to remove your details from our system.
3. HOW WE COLLECT INFORMATION
3.1 Examples of where we might collect personal or sensitive information include:
(a) when you visit our website, create a user account, and / or use our online services;
(b) when you visit us in person;
(c) when entering into an agreement with us for the supply of services;
(d) when you correspond or communicate with Crofti or our agents over the telephone or in any other manner, including by letter, facsimile or email;
(e) providing your credit card information to facilitate payment;
(f) using your internet service provider or mobile network to connect to our services;
(g) when we assess your eligibility for our services;
(h) if you connect with us via a social network;
(i) when you complete a customer survey or send us feedback;
(i) in administering your account, including requests and the provision of our services.
4. WHAT WE COLLECT
4.1 We collect the following types of personal information in order to provide you with access to and use of the Website and for the purposes provided for in this Privacy Policy:
(a) your name, phone number, mobile telephone number, email address, physical address and other contact information;
(b) your Australian Business Number (ABN);
(c) your employment history (which may include sensitive information), if you apply for a job with us;
(d) other employment-related information, if you apply for a job with us; and
(e) feedback, market research and opinion polls provided by you;
(f) financial information such as credit card or bank account numbers provide by you;
(g) records and content of communications with Us or any other person including when using Website communication tools;
(h) personal information based on your activities on the Website;
(i) personal information you provide to us through any discussions boards, correspondence, user information pages, disputes, or shared by you from other social applications, services or websites;
(j) to the extent permitted by law, other personal information provided by or obtained from third parties (such as a credit bureau) including navigation and demographic data and credit check information;
(k) additional personal information we ask you to provide to verify your identity or when we suspect that you are in breach of our Standard Terms, this Privacy Policy or other Website policies (including your personal ID and your answers to any questions we pose to you); and
(l) personal information from your interaction with the Website and its content and advertising, including device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data.
5. WHY WE COLLECT AND USE PERSONAL INFORMATION
5.1 Crofti takes your personal privacy seriously. We may collect personal information about you for various reasons, for example:
(a) Because you have provided it directly to us, for instance contact details, date of birth and credit card details or bank account details;
(b) To operate the Website, generate content and provide customer support and billing services (including updates and improvements);
(c) To provide you with the most appropriate services for your needs;
(d) To provide you with information via blogs, general email and online correspondence and newsletters;
(e) To research, develop and improve Our services;
(f) To conduct surveys to determine use and satisfaction with Our services;
(g) To generate statistics in relation to the Website;
(h) To detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Standard Terms, this Privacy Policy or other policies;
(i) To enforce our Standard Terms, this Privacy Policy or other policies;
(j) To verify information for accuracy or completeness (including by way of verification with third parties);
(k) To combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out in this Privacy Policy;
(l) To contact you at your contact details we have collected, by way of voice call, post, text message or email;
(m) To aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
(n) To collect fees, resolve disputes and to identify, test and resolve problems;
(o) To notify you about the Website and updates to the Website from time to time; or
(p) To supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications based on your preferences, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences.
5.2 We only use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. This may include sharing your personal or sensitive information with service providers.
5.3 We may share your information with government or regulatory bodies as required or authorised by law. These agencies may also share this information with organisations or agencies in other jurisdictions.
6. DISCLOSURE OF PERSONAL INFORMATION
6.1 Disclosure of personal information to third parties
We will not disclose your personal information to another person unless you have given consent or if one of the exceptions under the Privacy Act applies. Where possible, the information that could reasonably identify you as an individual is first removed.
6.2 Exceptions
(a) Except as set out above, Crofti will not disclose your information to a third party unless one or more of the following applies:
(i) you have given your consent for us to do so;
(ii) you would reasonably expect us to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected);
(iii) it is otherwise required or authorised by law;
(iv) it will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety;
(v) it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities;
(vi) it is reasonably necessary for us to enforce our Standard Terms, this Privacy Policy and other policies;
(vii) We are required to comply with any applicable law, request by a governmental agency or regulatory authority or legally binding court order;
(viii) We are required to respond to or resolve claims that a member has violated the rights of others;
6.3 Examples of disclosure
(a) Customer Records
(i) Crofti maintains records of all customers including financial information which may need to be shared with financial institutions, government or regulatory bodies from time to time.
(b) Credit Reporting
(i) We may disclose personal information about you to a CRB in relation to any credit-related dealings with us. That information may be included in reports by the CRB to other credit providers or to another CRB to help them assess applications by you for credit.
7. DISCLOSURE OF INFORMATION TO THIRD PARTIES OVERSEAS
We may disclose personal information to overseas based organisations or agencies in the provision and/or administration of your account. We undertake to protect your personal information by ensuring the country of the overseas based organisation or agency has similar protections in relation to privacy, or that we enter into contractual arrangements with the organisation or agency to ensure the protection of your privacy.
8. CAN I REMAIN ANONYMOUS?
8.1 It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of our website, or sites administered by us.
8.2 It may be necessary for us to collect your personal or sensitive information if you would like certain services. If you choose to withhold the information we require, we may not be able to provide you the services you have requested.
9. STORAGE AND SECURITY
9.1 We store your information in a number of ways including physically (such as in paper form) or electronically with third party data storage providers. Your privacy and the security of your information is very important to us so where we store your information with third party providers, we will enter into contractual arrangements with those providers to ensure they take appropriate measures to protect your information.
9.2 We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing and transfer and destruction of the information. These steps include but are not limited to:
(a) ensuring our computer systems and websites have security systems in place such as up to date firewall and data encryption;
(b) maintaining security systems and monitoring of our premises;
(c) implementing confidentiality agreements with our employees and contractors, sub-contractors, service providers and their agents;
(d) requiring all employees and contractors who handle, deal or work with personal or sensitive information in the course of their duties with us to undergo training on our Privacy Policy and procedures and information and data storage management, before undertaking those duties
(e) maintaining document storage security policies and procedures; and
(f) implementing verification procedures for all inquiries/transactions to ensure only authorised people can access personal information.
9.3 Our website may contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.
10. HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION
10.1 We will take reasonable steps to ensure that all personal information we collect, use or disclose is accurate, up-to-date, complete, relevant, and not misleading.
10.2 We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This may include taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the contact details below. We will give you access to your information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
10.3 If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
11. DIRECT ACCESS AND PROMOTIONAL MATERIALS
11.1 From time to time, we may send out promotional materials and information from government departments or other third parties. If you do not wish to receive these communications, please contact us to unsubscribe from that mailing list.
11.2 Your information may also be used by us to provide you with details of other organisation’s services where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials.
11.3 It is our policy that any direct communications or promotional material will include a statement advising that you can request to not receive further material from us by contacting us using the details provided. Please note that if you choose this option this will also prevent you receiving offers of discounts as well as all promotional and informational materials.
12. COOKIES
12.1 We (or a third-party providing services to Us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a Cookie and together Cookies). A Cookie is a small file that stays on your computer or device until, depending on whether it is a sessional or persistent cookie, you turn your computer or device off or it expires (typically between 7 and 30 days depending on user settings).
12.2 Cookies may be used to provide you with our range of services including to identify you as a user or member of the Website, remember your preferences, customise and measure the effectiveness of the Website and our promotions, advertising and marketing, analyse your usage of the Website, and for security purposes.
12.3 Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via cookies. Information we may collect includes:
(a) your computer’s IP address;
(b) your domain name;
(c) the date and time or access to the website;
(d) pages accessed and documents downloaded;
(e) the previous site visited;
(f) if you have visited the website before;
(g) the type of browser software in use;
(h) your mobile carrier; and
(i) device information including device and application ID.
12.4 You may adjust your internet browser to disable cookies. If Cookies are disabled, We may not be able to provide you with the full range of Our services.
12.5 You also may encounter Cookies used by third parties and placed on certain pages of the Website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.
12.6 The Website may also include links to third party websites (including links created by users or members) and applications and advertising delivered to the Website by third parties (Linked Sites). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommends that you read the privacy policies of such Linked Sites before disclosing your personal information.
13. NO SPAM, SPYWARE OR SPOOFING
13.1 You are prohibited from engaging in spam, spyware or spoofing type activities, regardless of whether directed towards Us or other users of Us.
13.2 You must not use the Website to send, upload or distribute spam, viruses or malicious, illegal or prohibited content to the Website or otherwise send content that would breach our Standard Terms or this Privacy Policy.
13.3 You are not permitted to add a user or member to our mailing list (postal or email details included) without the written consent of a user or member.
13.4 We may (or we may engage a third-party service provider to) take steps to scan and filter messages to check for spam, viruses, phishing attacks and other malicious activity or unlawful or content prohibited by this Privacy Policy and our Standard Terms.
13.5 To report spam, spyware or spoof activities to Us, please email us on the details below.
14. UPDATES TO OUR PRIVACY POLICY
14.1 We will update our Privacy Policy from time to time, Our website will have the most current Privacy Policy.
15. OPTING OUT
15.1 You may withdraw your consent to us collecting, storing, using and disclosing your personal information in accordance with this Privacy Policy, but you may not be permitted to continue to use the Website or some of our services.
15.2 You may opt out of receiving our marketing, advertising and promotional notices, offers and communications by communicating this to us in writing at the email address below.
16. COMPLAINTS AND ENQUIRIES
16.1 We are committed to the protection of your privacy. If you have any questions about how we handle personal information, would like to complain about how we have handled your information, or would like further information about our Privacy Policy, please submit a written query or complaint to ‘info@paybae.com.au’. Our Privacy Officer will assess any complaints and liaise with you to resolve any issues within a reasonable time.
16.2 If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact The Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au.
17. CONTACT US
If you have a question regarding this Privacy Policy, would like to amend your Personal Information stored securely by us or you would like to make a complaint, please contact the Privacy Manager at:
Email: info@crofti.com.au
Phone: +61 7 3067 0001
Address: Level 3, Cameron House, 354 Brunswick Street, Fortitude Valley QLD 4006