This Policy explains how Emeco complies with the requirements of the Privacy Act 1988 (Cth) (the Act) in relation to the collection, storage, use and disclosure of personal information. This Policy does not apply to employee records which are generally excluded from the requirements of the Act.
Emeco may collect personal information from individuals including:
Emeco will only collect personal information when it is necessary for one or more of its business or operational purposes (primary purpose). These business or operational purposes may include:
In collecting personal information, Emeco will act lawfully and fairly. You may choose not to provide Emeco with the information requested. However, this may mean that Emeco is unable to provide you with services or information.
Generally, the main types of information Emeco collects relates to potential employees and business contacts for customers and suppliers, such as employees or officers of customers and suppliers. The types of personal information collected includes:
The Act protects sensitive information. ‘Sensitive information’ is a form of personal information and includes information or opinions about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record.
Where Emeco needs to collect sensitive information about you (including, among other things, information about health, medical history or specific conditions, criminal records and professional memberships), this information will only be collected with your consent. Sensitive information will only be processed by Emeco if such processing is necessary to comply with occupational health and safety or equal opportunity laws and regulations.
Emeco collects most personal information directly from individuals, such as when they engage with Emeco in relation to equipment rental, sales and service or their shareholding in Emeco. The personal information collected may be provided on forms filled out by individuals, face to face meetings, e-mail messages, through Emeco’s website or telephone conversations. If you contact Emeco, Emeco may keep a record of that contact.
There may be other occasions when Emeco collects your personal information from other sources such as credit reporting agencies (in the case of customers and prospective customers), pre-employment service providers and public records including publicly available information on social media or similar sites. Generally, Emeco will only collect your personal information from such sources if it is not reasonable or impracticable to collect the personal information from you.
If Emeco receives unsolicited personal information (including sensitive information) about you, it will assess whether it could have collected the information in accordance with section 3 above and, if not, the information will be destroyed or de-identified.
Emeco may collect and use your personal information to:
Without the requisite personal information in the circumstances, Emeco may not be able to do these things. For example, it may not be able to deliver products or services requested, or respond to your questions.
Emeco will only use and disclose personal information for the purpose for which it was collected. Emeco may use and disclose personal information for another purpose (secondary purpose) if the person to which the personal information relates has consented to the disclosure or the secondary purpose is related to the primary purpose and might reasonably be expected by that person. When Emeco does this, it takes steps to keep information safe.
The circumstances in which Emeco may disclose your personal information to another organisation are limited, but include:
Emeco may use or disclose personal information should it be required to do so by law or use or disclosure is permitted by the Act (including law enforcement or public safety).
Emeco also shares personal information with people and organisations that help it with its business, such as professional advisors, IT support, and corporate and administrative services including debt collectors. Emeco only does this where it is needed in order for those services to be provided. When Emeco does this, it takes steps to require its service providers to protect your information.
Emeco may contact you at the email or other address which you provide it in order to provide you with updated information about Emeco or its businesses.
If you are receiving information from Emeco and do not wish to continue receiving this information, please contact Emeco using the contact details in section 15 below.
Emeco may use cookie technology on its website to provide information and services to website visitors. Cookies are pieces of information that a website transfers to a user’s computer hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to determine the overall traffic patterns through Emeco’s website.
If at any time you want to know exactly what personal information Emeco holds about you, you may request access by contacting Emeco at the address in section 15 below. Before providing you any information, Emeco will need to confirm your identity. Emeco will try to make your information available within 30 days after you ask for it. If it is likely to take longer than 30 days, Emeco will contact you.
In some cases, Emeco can refuse access or only give you access to certain information. If Emeco refuses access to information, an explanation for the decision will be provided, along with the exceptions relied upon for refusing access.
Please contact Emeco if at any time you wish to change personal information held by it that is inaccurate or out of date. If Emeco considers it is not necessary to correct the information, you will be provided with an explanation. You can ask Emeco to include a statement that you believe its record about you is inaccurate, incomplete, misleading or out of date.
If lawful and practical to do so, you will have the option of not identifying yourself when dealing with Emeco. However, if you elect not to be identified, Emeco may be unable to provide you with services or information or address your query.
If you are concerned about how Emeco has handled your information, please contact Emeco and Emeco will try and take steps to address your concern. If you are not satisfied with how Emeco has handled your complaint, you can contact the Australian Privacy Commissioner.
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone:1300 363 992
Emeco stores personal information in various ways, including electronic and hard copy form. If no longer required, it will destroy or de-identify personal information. Emeco only keeps personal information for as long as it is needed.
The security of personal information is important to Emeco and, accordingly, reasonable steps are taken to keep secure and protected from unauthorised access, modification or disclosure, any information which Emeco holds about you.
Emeco uses a number of means to protect your personal information, including:
Despite Emeco’s efforts, no security controls are 100% effective and it cannot ensure or warrant the security of personal information.
If there is a data breach, Emeco will deal with it without delay and take immediate steps to assess, remediate and if necessary make notifications in respect of any potential or actual breach.
Emeco currently operates across Australia however, at times, it may use international service providers. As such, some disclosures may occur outside the state or territory in which you reside and may, from time to time, include disclosures to related entities or service providers in Chile, United Kingdom and Europe. Emeco will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Emeco takes reasonable steps to protect the personal information which it holds from misuse, interference and loss; and, from unauthorised access, modification or disclosure.
A “data breach” is when personal information held by Emeco is lost or subjected to unauthorised access, modification, disclosure, or other misuse of interference. Examples of a data breach are when a device containing person information of customers is lost or stolen, Emeco’s database containing personal information is hacked or an entity mistakenly provides personal information to the wrong person.
then there has been an “eligible data breach” under the Act.
If Emeco has reasonable grounds to suspect that there may have been an eligible data breach in relation to personal information which it holds, Emeco will carry out a reasonable and expeditious assessment of whether there are reasonable grounds to believe that the relevant circumstances amount to an eligible data breach.
If, by reason of such assessment or otherwise, Emeco is or becomes aware that there are reasonable grounds to believe that there has been an eligible data breach in relation to personal information which it holds (or held), Emeco will comply with its notification requirements under the Act. This may mean that Emeco notifies individuals to whom the relevant information relates.
If you have any queries relating to this Policy, or you have a problem or complaint, please contact the Company Secretary of Emeco Holdings Limited at:
71 Walters Drive
Osborne Park WA 6017
Telephone: 08 9420 0222
Fax: 08 9420 0205
If you wish to make a complaint, please provide your contact details and information regarding the complaint. Emeco may need to contact you to obtain further information.
Complaints will be investigated and Emeco will provide the outcome an investigation in writing.
Emeco will seek to resolve complaints as soon as practicable. If you are not satisfied with the outcome of your complaint, you can refer the complaint to the Office of the Australia Information Commissioner.
Emeco reserves the right to change this Policy at any time and notify you by posting an updated version of the Policy on its website www.emecogroup.com. Any updated Policy will supersede all previous Policies.