Last updated: JANUARY 2023
WHO DOES THIS PRIVACY STATEMENT APPLY TO?
This Privacy Statement (“this Statement”) applies to “DysrupIT Pty Limited” (“we” or “us”), which includes both the Australian and Philippines entities it owns or controls. We want you to know that we are committed to protecting your privacy and handling your personal information in an open and transparent way.
WHAT DOES THIS PRIVACY STATEMENT COVER?
This Statement explains how we collect, handle, store and protect personal information when:
- We provide professional services to you or our clients;
- You use “this Website”; or
- Perform any other activities that form part of the operation of our business.
When we refer to “this Website” we are talking about websites associated with DysrupIT or DysrupIT in the Philippines. This includes;
- Pages accessed using the www.dysrupit.com URL; and
- Pages or communications that link directly to this privacy statement.
ARE ALL AREAS OF THIS WEBSITE COVERED BY THIS STATEMENT?
This Privacy Statement applies to the entire website.
WHAT PRIVACY LAWS APPLY?
What laws apply to us?
When handling personal information, we will comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable legislation (such as Australian State and Territory health privacy legislation), as well as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). Where applicable, we will also comply with data protection laws of other jurisdictions, such as the European General Data Protection Regulation (GDPR) and subsequent laws in the USA.
The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle – that is, from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information and have it corrected if it is incorrect.
We take our obligations under the APPs, Australian State and Territory privacy legislation and other applicable data protection laws seriously. Therefore, in addition to this statement, we also:
- Where appropriate, include terms in our agreements with our clients that describe how we handle personal information during the delivery of our professional services.
WHAT PERSONAL INFORMATION DO WE COLLECT?
Information we collect when we provide professional services to our clients.
We may be provided with personal information directly by our clients to enable us to deliver professional services or to perform due diligence checks before we agree to provide services. This information may relate to clients’ employees, members or customers or it may relate to third parties (for example, the spouses and dependents of a client’s employees, members or customers).
As part of providing professional services to our clients, we may also collect personal information from other sources (such as directly from individuals themselves or information that is publicly available).
The types of personal information we may collect or be provided with include, but are not limited to:
- Contact details;
- Dates of birth;
- Complaint details.
We may also collect sensitive personal information (also called ‘special category information’). For example, where we are provided with such information directly by our clients to provide professional services, or where we collect information directly from individuals with their consent. This may include:
- Government identifiers such as drivers’ licence, passport and Medicare numbers and visa/work permit status;
- Tax file numbers;
- Information about racial or ethnic origins;
- Information about criminal convictions;
Where we are provided with personal information by a client, we take steps to ensure that the client has complied with the relevant obligations under applicable data protection laws in relation to that information; this may include, for example, that the client has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to collect, use and disclose that information.
We also collect personal information (such as contact details and account details) from suppliers, contractors and third-party service providers that we engage to help us operate our business.
Information we collect when we perform any other activities that form part of the operation of our business
We may collect personal information when performing other activities that form part of the operation of our business, but which do not directly form part of providing professional services to our clients. For example, we might collect personal information from members of the public as part of undertaking surveys, research on current issues or as part of projects or initiatives we are conducting with other organisations.
The types of information that we collect may vary depending on the nature of the activity. However, we will take reasonable steps to provide clear information about the nature of those activities and the purpose for which we are collecting your information.
Information we collect via this Website (Log information, cookies, and web beacons) or when you attend events.
We may collect your personal contact details when you use this Website or when you attend a DysrupIT event or an event sponsored by DysrupIT. For example, if you sign up to receive promotional materials, thought leadership or communications about services provided by us.
Protecting children’s privacy
We understand the importance of protecting children’s privacy. This Website is not designed for, or intentionally targeted at, children 13 years of age or younger. It is not our policy to intentionally collect or store information about anyone under the age of 13.
HOW DO WE USE YOUR PERSONAL INFORMATION?
How do we use personal information collected to provide services to our clients?
We use the personal information that we collect to provide clients with agreed services. We have an agreement with each client that governs the provision of our services and sets out the purposes for which we may use any information that the client provides to us (including any personal information). We use that information as permitted by the client agreement and we do not use that information for any other purposes unless it is necessary to comply with a legal or professional right or duty.
Because we provide a wide range of different types of services to our clients, the way we use personal information also varies.
How we use information collected when we perform other activities that form part of the operation of our business
When we collect personal information as part of performing other activities that form part of our business, we will take reasonable steps to provide clear information about the nature of those activities and how we will use any personal information collected.
We may also use non-personal, de-identified and aggregated information for several purposes including data analytics, research, submissions, thought leadership and promotional purposes.
How do we use information collected via this Website or through other sources? Do we use it to market goods and services to you?
We may use personal information that we collect from you via this Website, through your interactions with our Team or through your attendance at events, to provide you with promotional materials, thought leadership or communications about services provided by us or other DysrupIT that we feel may be of interest to you. We may provide these materials to you directly (e.g. via email) or through third parties who provide us with marketing services (e.g. via your news feed in professional networking platforms).
We will not use your personal information collected via this Website or through other sources to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy notice).
We may also use your personal information collected via this Website:
- To manage and improve this Website;
- To tailor the content of this Website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you;
- To seek feedback on our services; and
- For market or other research purposes (however, we will only ever report aggregated results of any research we undertake and will never include your personal information in those results unless you explicitly give us your consent).
If you do not want to receive marketing materials from us, you can:
- Click on the unsubscribe function in the communication; or
- Email firstname.lastname@example.org for any hard copy communications that you no longer wish to receive.
At times, you may choose to register or create a user profile on this Website – for instance, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this Website and related services offered to you. You may request at any time that we discontinue sending you emails or other communications generated in response to your registration on this Website.
Are there any other ways we use your personal information?
We may also use personal information to protect our rights and those of our users or to comply with a legal, regulatory or professional right or duty.
WHEN WILL WE DISCLOSE YOUR PERSONAL INFORMATION?
We will only disclose your personal information as set out below. Importantly, we will never sell your personal information to third parties for advertising purposes, or disclose it for any other secondary purpose without your authorisation.
Where we disclose your personal information to other entities in the DysrupIT Network we will take steps to ensure that those recipients protect that information from unauthorised access, modification or disclosure, and from misuse, interference and loss.
We may also be required to disclose personal information to law enforcement, regulatory or government agencies, or to other third parties:
- To comply with legal or regulatory obligations or requests; or
- Where there is a legal or professional right or duty to disclose.
We may share non-personal, de-identified and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional purposes.
Blogs, forums, wikis, and other social media
These Website hosts various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively ‘social media applications’). Importantly, any personal information that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users and, therefore, we cannot guarantee that any information that you contribute to any social media applications will be handled in accordance with this Statement.
ON WHAT BASIS DO WE PROCESS INFORMATION ABOUT YOU?
Certain data protection laws, such as the European GDPR, require us to have a ‘legal basis’ for processing personal information. Where those laws apply, we may process your personal information for the purposes outlined above because:
(a) You have consented to the processing of your personal information for those purposes;
(b) We have a legitimate interest in processing your personal information, which may be to:
- provide services to you and/or to the entity that has engaged us to provide the services;
- support the management of our client engagements;
- evaluate, develop or improve our services or products; or
- protect our business interests; or
(c) We are subject to legal, regulatory or professional obligations.
To the extent that we process any sensitive (special category) personal information about you for any of the purposes outlined above, we will do so because either:
(a) You have given us your explicit consent to process that information;
(b) We are required by law to process that information, for example, in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations;
(c) The processing is necessary to carry out our obligations under employment, social security or social protection law; or
(d) The processing is necessary for the establishment, exercise or defence of legal claims.
HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
We will delete your personal information when we no longer need it, for instance, where:
- It is no longer necessary to fulfil the purpose identified in this privacy statement to comply with applicable laws or professional standard;
- We believe that personal information collected from you is inaccurate; or
- In the certain case where you have informed us that you no longer give us consent to process your personal information
- there are legal or regulatory requirements that may require us to retain your personal information for a specified period, and in such cases, we will retain your personal information for such specified period; and
- we may need to retain your personal information for a certain period for product liability purposes or in relation to legal disputes, and in such cases, we will retain it for much longer periods if required.
HOW DO WE PROTECT YOUR INFORMATION?
We hold personal information in electronic formats. We use a range of physical, operational and technological security measures to protect this information. These measures include:
- Staff education and training to ensure our staff are aware of their privacy obligations when handling your personal information;
- Administrative and technical controls to restrict access to personal information to only those people who need access;
- Technological security measures, including firewalls, encryption and anti-virus software;
- Physical security measures, such as staff security passes to access DysrupIT premises, laptop cable locks and the use of privacy screens where appropriate.
HOW CAN YOU ACCESS YOUR PERSONAL INFORMATION, OR SEEK TO HAVE IT CORRECTED?
You may access your personal information, or seek to have that information corrected if you believe that it is incorrect, at any time.
To request access, or to correct your personal information, please contact the DysrupIT Privacy Officer at email@example.com. The privacy officer will then get in contact with you (either by phone or via email) and will work with you to provide you with access to your information or to determine whether it requires correction.
Alternatively, visitors who have chosen to register with this Website (for example, to receive the latest media releases or blog posts) may access their user profile, correct and update their details, or unsubscribe at any time. Visitors who have any problem accessing their profiles, or would like to request a copy of their personal information should contact the DysrupIT Privacy Officer at firstname.lastname@example.org
Depending on the jurisdiction in which you are located, you may also have the right to:
- Ask that we delete personal information that we hold about you, or restrict the way in which we use your personal information;
- Withdraw consent to our processing of your personal information (to the extent our processing is based on your consent);
- Ask us to stop or start sending you marketing messages at any time;
- Obtain and/or move your personal information to another service provider; and/or
- Object to our processing of your personal information.
If you believe these rights apply to you and wish to exercise these rights, please contact the DysrupIT Privacy Officer at email@example.com
WHO CAN YOU CONTACT IF YOU HAVE FURTHER QUESTIONS OR IF YOU WISH TO MAKE A COMPLAINT?
Who should you contact?
If you have any questions or concerns regarding your privacy, or if you would like to make a complaint, please contact the DysrupIT Privacy Officer at:
DysrupIT Pty Limited
Suite 53/54 Vernon Terrace
Teneriffe, QLD, 4005
If you believe that the Privacy Officer has not adequately handled your query or issue, you may complain to the Complaints Officer whose contact details are as follows:
Chief Executive Officer
DysrupIT Pty Limited
Suite 53/54 Vernon Terrace
Teneriffe, QLD, 4005
How do we handle complaints that we receive?
We take all the privacy complaints we receive seriously.
We will acknowledge the receipt of a complaint immediately and will work with you to resolve it. If you would like more information about our process for handling complaints, please email our Privacy Officer at firstname.lastname@example.org
What if you are not satisfied with how we have handled your complaint?
If you believe that DysrupIT has not adequately handled your privacy complaint, you may complain to the Office of the Australian Information Commissioner (OAIC) whose contact details are as follows:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
WHERE CAN I FIND OUT MORE ABOUT MY PRIVACY RIGHTS?
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
What is our process for making changes to this Privacy Statement?
We may modify or amend this Privacy Statement from time to time.
To let you know when we make changes to this Statement, we will amend the revision date at the top of this page. The new modified or amended Privacy Statement will apply from that revision date. Therefore, we encourage you to periodically review this Statement to be informed about how we are protecting your information.
The next annual review is scheduled for: December 2023