Effective Date: 1st March 2019
Introduction
Welcome to Forte Information Solutions Pty Ltd (ABN 25 204 737 800) Privacy Notice.
The terms “the Company,” “we,” “us,” “our,” and “ours” refer to Forte Information Solutions Pty Ltd (ABN 25 204 737 800). The terms “you,” “your,” and “yours” refer to the user or viewer of the Website or user of the Services, as applicable.
We respect your right to privacy. This privacy notice explains how we collect, share and use personal information about you, and how you can exercise your privacy rights in accordance with the Privacy Act 1988 (Cth) (Act) and other applicable State and Commonwealth laws.
This Privacy Notice applies to data collected about all users of www.forteis.com.au and websites of any of our subsidiary companies, and other related websites, (Website) and the services available from us whether obtained through the Website or other means, for example paper-based service requests (Services).
This Privacy Notice explains the categories of personal data we may collect about you, it also explains the purpose of processing your data and how we keep it safe.
We know that there’s a lot of information here, but we want you to be informed about your rights, and how we use data to provide you with the best possible service.
If you have any questions or concerns about our use of your personal information or this privacy notice, then please contact us using the details set out in the ‘Contact Us’ page.
Information we may collect and hold
Personal information
The personal information we may collect depends on how you use our Services as well as the type of relationship we have with you and may include:
- name and date of birth
- gender;
- address (for correspondence and address for legal service);
- contact details, such as email address, fax and telephone numbers; and
- financial information such as bank account, credit card details and results of solvency checks.
Sensitive information
We do not collect information that is sensitive personal information (a particular type of personal information under the Act), unless it is relevant to our functions and activities. Sensitive personal information includes information about a person’s race, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. If we request sensitive personal information we are subject to strict requirements in relation to it including to only collect and use sensitive information with consent and for the purposes for which it was collected or otherwise in accordance with applicable law such as the Act.
Third party personal information
If you need to provide us information about other persons (e.g. a referee for credit checks), you represent that, if at any time you supply us with their personal information, you are authorised to do so and you agree to inform that person who we are, that we will use and disclose their personal information as set out in this policy, and that they can gain access to their personal information.
You further acknowledge and agree we may send that person a notice we have collected and hold that person’s personal information.
What are our personal information handling practices?
How is personal information collected?
We may collect personal information from a number of sources, such as:
- forms;
- online portals on our website;
- other electronic and paper correspondence.
- telephone;
- face to face meetings;
- our website; and
- our social media channels and accounts.
Collection of personal information from you
Where possible, we will collect your personal information directly from you or your authorised representative.
If we receive your personal information from another party, we will contact you (if we have sufficient information to do so and it is reasonable in the circumstances). Some exceptions to advising you may arise where:
- you have provided consent or reasonably expect the collection to occur;
- the collection is required or authorised by or under law;
- the collection is for the purposes of an investigation or personnel issues; or
- the collection is for the purposes of litigation or legal advice.
There may also be instances in which we receive your personal information from our contracted service providers, who have collected your information on behalf of us.
What are the purposes for collecting, holding, using and disclosing personal information?
We collect personal information in order to perform our functions, undertake our activities and provide the Services to you and for related secondary purposes.
Examples of how we may use personal information include:
- considering any application you may make to us;
- complying with legislative and regulatory requirements;
- performing administrative functions, including accounting, risk management, record keeping, archiving, systems development, credit scoring and staff training;
- managing our rights and obligations in relation to external payment systems;
- conducting market or customer satisfaction research;
- developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services;
- developing and identifying products and services that may interest you; or
- providing you with information about other products and services.
If we request personal information and you choose not to or you cannot provide us with that information, we may be unable to provide you with the relevant Services you have requested or need.
Direct marketing
From time to time we will use the personal information we collect from you to inform you of products and services that we consider may be of interest to you.
If you do not wish to receive direct marketing information you can tell us at any time by contacting our Privacy Officer or using the unsubscribe function in the relevant electronic communication.
Disclosure
We can, and usually will, disclose personal information
- you have consented to the disclosure;
- you would reasonably expect that your information will be disclosed; or
- the disclosure is authorised or required by or under law.
Third party service providers
Wherever our business is outsourced to third parties, personal information provided to these parties remains our property and is only used for the specific purpose for which it is supplied or a purpose related to that specific purpose as permitted under the Act.
Examples of third parties to whom we may disclose personal information you provide include:
- credit reporting agencies;
- financial institutions;
- our agents, suppliers, contractors and external advisers whom we engage from time to time to carry out, or advise on, our functions and activities;
- regulatory bodies, government agencies, law enforcement bodies and courts;
- other organisations with whom we have alliances or arrangements for the purpose of promoting our respective products and services, and any agents used by us and our business partners in administering such an arrangement or alliance;
- debt collecting agencies;
- external payment systems operators;
- any person to the extent necessary, in our view, in order to carry out any instruction you give to us;
- our related bodies corporate for the marketing of their products and services;
- your agents and contractors, including your legal adviser and your financial adviser;
- your executor, administrator, trustee, guardian or attorney; or
- your referees.
Overseas disclosure
If we need to disclose your information to organisations based outside of Australia in order to provide Services to you, then wherever possible, we deal with such third parties who are bound by the provisions of the Act and Australian Privacy Principles (APP). If this is not possible we will make every reasonable effort to verify that they would otherwise comply with the APP’s or we reasonably believe they are subject to laws or contractual obligations which effectively uphold the principles for the handling of personal information that are substantially similar to the APP’s.
It is not practicable to list all countries we may disclose this information to, however, if you would like further information on this, please contact us.
GDPR
Where any personal information we handle is subject to the General Data Protection Regulation (GDPR) (EU) 2016/679 (GDPR) we handle that information in accordance with the GDPR to the extent required.
In addition to the rights to access, review and correct your personal information, if you live in the EU, EEA or the UK you have the right to:
- request a copy of data you supplied to us, in a machine readable format or for the transfer of this data to another company
- request the restriction of processing of your personal data
- object to us processing your personal data
- request the erasure of your data, (right to be forgotten).
For any privacy issues relating to Europe, including the UK, please contact us using the details on the ‘Contact Us’ page and providing as much information as possible about your issue.
Storage and data security
Collected personal information is held securely in our electronic and paper recordkeeping systems.
We have controls in place to protect against interference with personal information by way of unauthorised access, misuse, loss, modification, or disclosure including in the following ways:
- access to information collected from individuals is limited to authorised persons with a need-to know;
- our internal network, electronic records management system, and databases are protected using firewall, intrusion detection and prevention, antivirus, user authentication complexity and other IT security technologies and protocols;
- web transactions are conducted in accordance with PCI DSS standards;
- our web services are vulnerability tested against intrusion;
- we regularly conduct system audits and staff training to ensure we adhere to our established protective and IT security compliance and best practices; and
aftercare measures are taken to support the removal of access to personal information when no longer required.
Remaining anonymous or using a pseudonym
You have the right to contact us anonymously or using a pseudonym unless there is a legal requirement that prevents this.
Where you wish to make an enquiry or give us feedback, you may have the option of not identifying yourself. For example, you may sign up for our news services using a pseudonymous email address.
You should be aware, however, that there may be instances where we cannot respond to you or properly investigate a complaint if you do not provide contact details or sufficient information.
Privacy notice updates
This policy may be updated from time to time including when the OAIC guidance material is revised or legislative amendments are made to the Act or other applicable laws.
An updates will be posted on this website www.forteis.com.au and we encourage you to review our Privacy Notice from time to time when using our Services or visiting our Website.
Copy of this policy
If you wish to access this policy in an alternative format or hard copy, please contact us.
We will provide the policy to you at no cost, together with hard copies or any documents referred to in this policy and maintained by us.
Access to and correction of personal information
How you may access and correct personal information we hold about you
You may request access to personal information we hold about you. We will provide you with access as requested, if it is reasonable and practicable to do so. There may be instances where we may refuse your request such as:
- providing access would pose a serious and imminent threat to the life or health of any individual;
- providing access would have unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information sought relates to existing or anticipated legal proceedings between you and us and that information would not be accessible by the process of discovery in those proceedings;
- providing access would be unlawful;
- denying access is required or authorised by or under law; or
- providing access would be likely to prejudice an investigation of possible unlawful activity.
If we deny your request for access, we will, where permitted by law, provide you with reasons for that denial.
You may request corrections to any of your personal information that we hold to ensure the information is accurate, up to date, complete, relevant and not misleading.
Verifying identity
We must be satisfied that you are seeking access to or correction of your own personal information. We may ask you to provide verification of your identity. This process is free of charge.
How to request access or correction
If you wish to access or correct personal information we hold about you please contact us. Details of how to contact us are on the ‘Contact Us’ page.
Complaints about privacy
If you wish to inquire or make a complaint about the way we have handled your personal information, you may contact us are on the ‘Contact Us’ page.
We are committed to quick and fair resolution of customer complaints and will ensure any privacy complaint is taken seriously. You will be treated professionally and respectfully at all times.
Complaints to the Office of the Australian Information Commissioner
If you are dissatisfied with the way we handle a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC):
- Email: privacy@privacy.gov.au
- Phone: 1300 363 992
- Write to: Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
You may also make a complaint directly to the Information Commissioner, however, the Commissioner may recommend you try to resolve the complaint with us first.
How to contact us
Contact us if you want to:
- obtain access to your personal information held by us;
- request correction of your personal information held by us;
- make an enquiry or complaint about our compliance with the APPs; or
- ask any questions about our Privacy Notice.
Email: | info@forteis.com.au |
Phone: | 02 9648 4958 (callers within Australia) |
International Callers | +61 2 9648 4958 |
Write to: | Privacy Forte Information Solutions Pty Ltd PO Box 7100 Silverwater NSW 2128 Australia |
What we will do
We will acknowledge your requests or enquiries within 5 business days.
Provided you have given us your contact details we will endeavour to provide you with a written response within 30 calendar days after receiving your request by:
- providing access to documents;
- advising you of our decision to refuse access to or correction of documents; or
- advising you of any difficulties we have encountered in actioning your request, in which case we will provide you with an expected timeframe for finalising your request.