Updated September 1, 2018
Personal Information Collected
Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable.
Depending on how you interact with us, the type of information we may collect and hold includes personal information about:
- Information regarding your identity such as your first and last name, email addresses, postal address, phone number and other contact information;
- Information regarding your profession, position and job title;
- log-in and account information for authentication purposes and account access;
- demographic data such as your gender, age, country and preferred language;
- personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, or subscribe to our mailing list;
- your records of communication with us;
- if you visit our website, your website usage information such as your IP address; and
- if you are applying for a position with us, we may also collect your visa or citizenship status.
Sensitive information includes information relating to your health, religion, political beliefs, race or sexual orientation. We generally do not collect sensitive information, unless it is specifically relevant and necessary for the purpose of our business activities and functions. For example, many of our employees and contractors usually require criminal background checks of you or your staff. If we do collect and/or hold sensitive information, we will only do so with your express consent.
How We Collect Personal Information
When collecting personal information from you, we may collect in ways including:
- from you directly when you provide your details to us;
- when we conduct our administrative and business functions;
- when you purchase our solutions and services;
- when we purchase your products and services;
- when you create an account with us;
- when we process orders and payment transactions;
- where we respond to your inquiries and requests;
- where there are communications between you and our representatives;
- when we obtain feedback from you about our solutions and services;
- when you register for our events, workshops and seminars;
- when we obtain feedback from you about our solutions and services;
- when you subscribe to our mailing lists and newsletters;
- we market our solutions and services to you;
- when you access and use our website;
- when you apply for employment with us; and
- when you or your organisation submits a document or data containing personal information (for example, emails, contact forms, order forms, purchase orders, quotes, invoices, credit applications, proof of identification, direct debit requests, agreements, statements of work, surveys, etc).
We may also collect personal information about you from third parties including:
- our customers or technology partners;
- publicly available sources;
- third party companies such as data providers and brokers, credit reporting bodies, law enforcement agencies and other government entities; and
- if you are applying for a position with us, recruitment companies, websites, other organisations and with your consent, referees.
Some of the personal information we hold or deal with is not collected by us, but by customers and partners. For example, some of our vendors require that each purchase order have end user details (i.e. a contact name and number).
In respect of personal information, which is provided to us by our customers and partners, we do seek assurances that all such personal information has been collected lawfully and in compliance with the Act.
Purposes for which we collect and use personal information
We collect and use personal data to:
- send communications to you;
- establish, manage, and maintain our business relationships;
- respond to inquiries and requests;
- develop, provide, and improve our services and solutions;
- inform you about our services and solutions;
- obtain feedback from you on our services and solutions;
- conduct administrative and business functions;
- update our records and keep contact details up to date;
- enable you to subscribe to newsletters and mailing lists;
- enable you to register for any events, workshops and seminars that we may host;
- recruit employees, interns and other staff;
- assess the performance of our websites and to improve their operation;
- process and respond to privacy questions, concerns and complaints;
- fulfil legal and contractual obligations; and
- for any other purpose related to or ancillary to any of the above.
Disclosure of Personal Information
We may disclose your personal information collected from you:
- to our employees, contractors or service providers in order to provide products and services to you and our clients;
- to our vendor technology partners, their authorised distributors in order to provide their third-party products and services to you and our clients;
- to third party services such as web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, debt collectors, and professional advisors such as accountants, solicitors and consultants;
- for direct marketing, but giving you the opportunity to opt out of such direct marketing and we will include our contact details in any direct marketing;
- to relevant Federal, State, Territory medical, health and safety authorities (as required);
- where the law requires or authorises us to do so;
- to others that you have been informed of at the time any personal information is collected from you; and
- to any organisation for any authorised purpose with your express consent.
How We Hold Personal Information.
Since 2015, Enosys has achieved and maintains certification to ISO27001:2013 (Information Security Management System). This involves an annual audit by an independent certifying body to confirm Enosys continues to establish, implement, operate, monitor, review, maintain and improve our internal information security management system (ISMS).
We take all reasonable steps to ensure your personal information is protected from misuse, loss and unauthorised access. Some of the measures we take include installing security and access requirements for all our IT systems, encrypting data and having physical and procedural safeguards. We may hold your information in either electronic or hardcopy form, and will take all reasonable steps to ensure personal information is destroyed or de-identified when no longer needed.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable. We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identify your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
Disclosure of personal information outside Australia
Your personal information may also be processed by, or disclosed to our employees, representatives, or other third parties operating outside of Australia (either permanently or temporarily) who work for, or are engaged by us in other countries. For example, we may disclose your personal information overseas to entities such as:
- to our employees or contractors who are temporarily overseas; and
- our vendor technology partners based overseas, such as in the United States of America and Europe, where you have placed a purchase order for their products.
Accurate and up-to-date information
We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating our records whenever true and correct changes to the data come to our attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer (details below).
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard that the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with our reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
Accessing and correcting personal information
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act (e.g. access would interfere with the privacy of others, or if it would result in a breach of confidentiality), we will give you a notice explaining our decision and your options.
If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may need to charge a reasonable administration fee to cover the costs of meeting your request, especially where we incur additional costs. We will reply to your request for access within 30 days of notification by you.
Complaints and Disputes
Contact Our Privacy Officer
The Privacy Officer Enosys Solutions Pty Ltd Level 7, 56 Berry Street North Sydney, NSW 2060, Australia
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint, to discuss your concerns and outline options regarding how they may be resolved.
All complaints are handled in-line with our Complaint Handling Policy dated January 16, 2012.
Last updated: 31 January 2017