Skip to content

Privacy and Credit

Related Personal Information Policy

Hitech Electrical Automation Pty Ltd (ACN 095 559 836)

Privacy and Credit Information Policy

Effective From 01/01/2020

  1. Introduction

    Hitech Electrical Automation Pty Ltd (ACN 095 559 836) (we, us or our) has adopted this Privacy and Credit-Related Personal Information Policy and Statement of Notifiable Matters (Policy), in accordance with the Australian Privacy Principles, the Privacy Act 1988 (Cth) and the Privacy (Credit Reporting) Code 2013 (Privacy Law), to outline how we deal with:

    1. (a)  information about an individual whose identity can reasonably be ascertained from that information, not including Credit Related Personal Information (Personal Information); and
    2. (b)  credit information and credit eligibility information (Credit-Related Personal Information).

    For further elaboration on Credit Related Personal Information we collect, see clause 4 below.

    We collect most of this Personal Information and Credit-Related Personal Information from our customers and their referees and guarantors for the purpose of providing our Services, namely:

    1. (a)  electrical contracting services; and
    2. (b)  facilitating deferred payment by providing our customers with credit accounts.

    We do not usually apply to credit reporting bodies (CRBs) for credit reports, but we reserve the right to do so. This policy therefore addresses the way we would deal with credit eligibility information.

  2. The kinds of Personal Information that we collect and hold
    For the purpose of conducting our business and providing the Services, we may

    collect the following categories of Personal Information about individuals:

    1. (a)  (Identity Information) name, signature, location, website address, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications and third- party usernames;
    2. (b)  (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, business and postal addresses;
    3. (c)  (Behaviour Information) habits, movements, trends, decisions, webpage views, online activity, associations, memberships, finances, purchases;
  1. (d)  (Internet Data) Internet Protocol or “IP address”, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
  2. (e)  (Business Information) business or project, if it is run in the individual’s personal capacity, including information on professional affiliations or services offered.
  1. Sensitive Information

    The APPs categorize certain types of Personal Information as “sensitive information” (Sensitive Information). We may collect the following kinds of Sensitive Information:

    1. (a)  Doctors’ certificates;
    2. (b)  Records of medical examinations of new staff.

    We do not disclose Sensitive Information, except to the extent that our storage and processing of the information using third party contractors amounts to a disclosure.

  2. The kinds of Credit-Related Personal Information we collect and hold

    For the purpose of conducting our business and providing the Services, we may collect the following categories of Credit-Related Personal Information:

    1. (a)  (Credit Information) identification information in relation to a credit application; information about credit applications; information about consumer credit we provide to individuals and the terms on which we provide it; information about individuals’ repayment, overdue payment or non-payment of credit; records of credit history requests we make about individuals; information about individuals’ credit defaults; information about arrangements made in respect of such defaults; information about enforcement and court proceedings in relation to credit; personal insolvency information; publicly available information about individuals’ credit worthiness; opinions of credit reporting bodies as to serious credit infringements; and
    2. (b)  (Credit Eligibility Information), as that term is defined in the Privacy Act. Without limiting that definition, Credit Eligibility Information means, for our purposes:
      1. (i)  Credit Information lawfully disclosed to us by a credit reporting body;
      2. (ii)  (CRB Information) any personal information (other than sensitive information) about the individual that:
        1. (A)  is derived by a credit reporting body from credit information; and
        2. (B)  bears on an individual’s credit worthiness; and
        3. (C)  is, has been, or could be used in establishing an individual’s eligibility for consumer credit

(iii) information that we derive from either of the above that:

  1. (A)  bears on an individual’s credit worthiness; and
  2. (B)  is, has been, or could be used in establishing an

    individual’s eligibility for consumer credit.

Note: this definition of Credit Eligibility Information is intended as a summary of the definition of that term in the Privacy Act, rather than a substitute for it.

  1. How we collect Personal Information from individuals We collect Personal Information in three main ways:
    1. (a)  from the individuals to whom the information relates;
    2. (b)  from third parties; and
    3. (c)  via automated electronic means.

    We collect Personal Information from individuals when an individual:

    1. (d)  (Account details) enters details into our accounts or job processing software;
    2. (e)  (Contact) contacts us via any medium, including through our website, or by telephone, fax or email; or
    3. (f)  (Employees) is an employee or prospective employee and provides us with details through job applications, interviews, or the execution of employment contracts.

    We collect Personal Information about individuals from other entities when:

    1. (g)  (Referrals) a third party refers us business;
    2. (h)  (Trade References) clients provide the details of business referees;
    3. (i)  (Research) we conduct research on potential clients, and the individuals associated with those potential clients; or
    4. (j)  {{Client documents and databases}} clients provide us with access to their documents or databases containing personal information.

    We collect Personal Information via the following automated processes:

    1. (a)  (Logs) when you visit our website, our server may log details about your visit such as your IP address, the time and duration of visit, the link from which you visited, and information about your browser and operating system; and
    2. (b)  (Cookies) we will likey place a cookie on your hard drive when you visit our website.
  2. How we collect Credit-Related Personal Information from Individuals

    We collect Credit-Related Personal Information from individuals when an individual:

(a) (Credit Account) applies for a credit account with us, including when an individual fills out any form in relation to such an application;

  1. (b)  (Payment and Non-Payment) pays or is overdue with a payment; or
  2. (c)  (Guarantee) agrees to be a guarantor in relation to credit.
  1. How we collect Credit-Related Personal Information from third Parties

    We collect Credit-Related Personal Information from third parties other than the relevant individual, which may include credit-reporting bodies, guarantors and trade referees, when:

    1. (a)  (Credit Checks) we conduct credit checks on prospective or current clients or assess their credit worthiness;
    2. (b)  (Company Searches) we conduct ASIC company searches on prospective clients;
    3. (c)  (Collection) we use debt collectors to collect debts owed to us;
    4. (d)  (Guarantee) we obtain guarantees from third parties in relation to our

      clients’ credit; and

    5. (e)  (Trade References) we obtain references in relation to our client’s credit.
  2. How we hold Personal Information and Credit-Related Personal Information

    We hold and store Personal Information and Credit-Related Personal Information using:

    1. (a)  (Storage Services) third party data storage services, which are businesses that professionally manage information technology infrastructure;
    2. (b)  (Software Services) third party application providers, where we use an application for the purposes of our business and store data in association with that application on infrastructure provided by those third party application providers;
    3. (c)  (Business Devices) devices operated by employees of our business; and
    4. (d)  (Paper Files) printed paper and [third party] archival storage.

    We may combine or link Personal Information about you that we collect on one

    occasion, with Personal Information about you that we collect on other occasions.

    We and our employees, contractors and other authorised representatives will take all reasonable precautions to protect Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.

    We secure Personal Information that we collect by:

(e) (Credentials) using authentication credentials for each portion of the data storage infrastructure that we control in accordance with best practice;

  1. (f)  (Passwords) using passwords, and where appropriate using specialized software to generate passwords that are less vulnerable to “brute force” attacks;
  2. (g)  (Encryption) where appropriate, using specialized encryption algorithms and software to store passwords and forcing one-way encryption to prevent reverse-engineering of these the passwords that we generate;
  3. (h)  (Session Expiry) forcing time-out of authentication sessions and requiring re-authentication to minimise risk associated with idle connections;
  4. (i)  (Firewalls) using both server and network firewalls to control access points in and out of the data storage infrastructure; and
  5. (j)  (Reputable Vendors) ensuring that the third party providers holding data and information on our behalf are reputable vendors taking reasonable steps to secure the information.

By using any part of the Services, or working for or with us, individuals acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Individuals provide information to us at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information or Credit-Related Personal Information where the security of information is not within our control.

By using any part of the Services, individuals acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose or transfer Personal Information or Credit- Related Personal Information to in accordance with this policy or any applicable laws). The collection and use of Personal Information or Credit-Related Personal Information by such third parties may be subject to separate privacy and security policies.

9. The purposes for which we collect and use Personal Information

We collect, hold and use Personal Information for the purpose of providing the Services to individuals, since the Services often involve dealing in Personal Information. This includes holding and using the Personal Information so that we can:

(a) (Identify) identify individuals for the purpose of providing the Services;

(b) (Communicate) communicate with individuals for the purpose of providing the Services, including communications about our goods and services; marketing and promotions; and competitions, surveys and questionnaires;

(c) (Transact) transact with individuals for the purpose of providing the Services; and

(d) (Business Development) assess the progress and success of our website and develop business opportunities.

In the case of employees, we collect, hold and use their personal information to manage our business, including remuneration, and to comply with applicable employment laws.

We tend not to use information collected via automated means in order to identify specific individuals. Rather, it is generally used for data analysis. For example, we

may use cookies and log information to ascertain the number of unique visitors to our website, whether or not those visitors are repeat visitors, and the source of the visits.

  1. The Purposes for which We Disclose Personal Information
    We may share Personal Information, including Sensitive Information, with companies

    that we work with to provide us with various administrative services. These include:

    1. (a)  (Hosting) cloud and web hosting service providers;
    2. (b)  (XERO) providers of XERO accounting software, through which we process employee details for payroll purposes;
    3. (c)  (SimPRO) providers of SimPRO software, through which we schedule work activities for employees;
    4. (d)  (Saas) providers of software or infrastructure as a service;
    5. (e)  (Support) providers of IT support services, web and software

      development;

    We may share Personal Information, not including Sensitive Information, with the following third party service providers:

    1. (f)  (Data analytics) Data analysis service providers including Google Analytics and Google Adwords (for their privacy policies, see http://www.google.com/intl/en/policies/privacy/ and at www.google.com/policies/privacy/partners/,); and
    2. (g)  (Online payment) providers of online payment systems.

    We will only share Personal Information with these third parties to the extent reasonably necessary to perform their functions, in order to make our Services more effective and affordable.

    We also disclose Personal Information about our employees to the Master Electricians Association of Australia, which runs an online database of our employees name and their trade licences and other skill certificates.

    By using any part of the Services, individuals acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose or transfer Personal Information to in accordance with this Privacy Policy or any applicable laws). The collection and use of Personal Information by such third parties may be subject to separate privacy and security policies. For more information on the third party service providers we use, and their privacy policy, please contact us using the details listed below.

    For information on disclosures to overseas recipients, see below.

  2. The purposes for which we collect, hold, use and disclose Credit- Related Personal Information

    We collect, hold, and share Credit-Related Personal Information, including information we get from credit reporting bodies for the following purposes:

(a) (Transact) to transact with individuals for the purpose of providing the Services including by operating your account, processing payment, obtaining guarantees, and analysing, verifying and checking your payment;

(b) (c) (d)

(Credit checks) to assess credit applications; whether to accept a guarantor of credit;

(Debt and payment) collect payments owed to us, including overdue payments, and including by way of debt collectors; and

(Marketing) marketing Services to you.

It is not our usual practice to share information with credit reporting bodies. However, we reserve the right to conduct credit checks with such bodies. In such cases, the information given to these bodies may include:

(a) (b) (c) (d)

(e)

(f) (g)

(h)

personal particulars that you put into credit applications;

details concerning your application for credit and the amount requested;

advice that we currently provide you credit;

advice of overdue accounts, loan repayments, or outstanding monies, or defaults;

that your overdue accounts, loan repayments and/or any outstanding monies are no longer overdue in respect of any overdue payment or default that has been listed, or that you have entered into an arrangement in respect of such monies;

information about serious credit infringements by you;

information that credit we have provided to you has been paid or otherwise discharged; and

publicly available information about your credit-worthiness

disclose Credit-Related Personal Information, including information we

We may also
get from credit reporting bodies, to companies that we work with to assist in the assessment of credit applications and the management of credit.

We will only share Credit-Related Personal Information with any of these third parties to the extent such sharing is lawful and reasonably necessary to perform their functions.

For information on disclosures to overseas recipients, see below.

12. Credit reporting bodies and your rights
CRBs may include the information we give to them in reports they give to other credit

providers to assist them in assessing your credit worthiness.

If you wish to find out which credit reporting bodies we share information with, please contact us using the details in the section below.

You have a right to request credit reporting businesses (including debt collectors) not to use their credit reporting information about you for the purposes of direct marketing, or pre-screening by credit provides.

You also have a right to request credit-reporting businesses not to disclose credit reporting information about you if believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.

  1. How an individual may access and correct Personal Information and Credit-Related Personal Information

    Individuals can:

    1. (a)  request access to the Personal Information and Credit-Related Personal Information that we hold about them; and
    2. (b)  seek to correct Personal Information and Credit-Related Personal Information that we hold about them;
    3. (c)  find out more about the credit reporting or debt collecting bodies we disclose your information to.

    To do so, you can contact us using the following details: Name: Phillip Hall – Managing Director
    Email: phall@hitechelec.com.au

    We reserve the right to refuse such requests where there are reasonable grounds for doing so, for example:

    1. (a)  if the request is frivolous; or
    2. (b)  providing access would be unlawful or would compromise the privacy of another person;
    3. (c)  a requested correction would cause our records to be misleading or inaccurate.
  2. How an individual may complain about a Privacy Law, and how it will be handled

    We are bound by the Privacy (Credit Reporting) Code 2014 (CR Code).

    1. (a)  If an individual has a complaint relating to an alleged breach of privacy law, including the CR Code, he or she should contact us in writing using the details listed in section 7 of this Privacy Policy.
    2. (b)  When an individual notifies us of a complaint about our handling of his or her Personal Information or Credit-Related Personal Information, we will endeavour to respond to the complaint within 30 days.
    3. (c)  We will endeavour to work with the individual complaining to resolve the complaint entirely within 60 days, although that period may be longer if it is reasonable.
    4. (d)  If an individual is unsatisfied with our response in relation to Personal Information, the individual may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
    5. (e)  For a complaint about Credit-Related Personal Information, the individual may refer the complaint to the Credit Ombudsman Service (www.cosl.com.au/)
  1. Disclosure of Personal Information to overseas recipients
    1. (a)  Our use of third party service providers, including debt collectors, may result in the transfer of your Personal Information and Credit-Related Personal Information to overseas recipients. Generally this will not include credit eligibility information.
    2. (b)  You may not have the same rights in relation to the handling of your information by overseas recipients as you would under Australian privacy law.
    3. (c)  By providing us with Personal Information and Credit-Related Personal Information, you consent to our transfer of such information to recipients outside Australia in accordance with this policy.
    4. (d)  If you consent to such transfer, we will not be accountable for overseas recipients’ handling of your Personal Information.
    5. (e)  In any event, we take reasonable steps to ensure that the Personal Information and Credit-Related Personal Information that has been transferred will not be held, used or disclosed by the recipient of the information inconsistently with Australian privacy law.
  2. Amendment

    We may amend this Policy at our sole discretion. If you continue to use the Services after receiving notice from us of such an amendment, you agree to be bound by the Policy as amended.