This policy has been drafted having regard to Datalicious’ obligations under the Privacy Act 1988 (including the Australian Privacy Principles (APPs)) (the Privacy Act).
This policy is a public document and has been prepared in light of the Australian Privacy Principles (APPs).
1.1 Datalicious will only collect Personal Information where the information is necessary for Datalicious to perform one or more of its functions or activities. In this context, ‘collect’ means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.
1.2 Datalicious collects Personal Information primarily to supply organisations and individuals who obtain Datalicious products and services directly from Datalicious with information and details of its products and services. Datalicious also collects and uses Personal Information for secondary purposes including:
- provision of products and services;
- optimisation of marketing activities;
- business planning and product development;
1.3 Datalicious will notify individuals (including, but not limited to, our customers) of the matters listed below at the time of collecting any Personal Information:
- the main reason that we are collecting Personal Information (this reason will be the Primary Purpose);
- other related Uses or Disclosures that we may make of the Personal Information(Secondary Purposes);
- our identity and how individuals can contact us, if this is not obvious;
- that individuals can access the Personal Information that Datalicious holds about them;
- that individuals should contact Datalicious (even if they are not a member or an employee of a member) if they wish to
- access or correct Personal Information collected by us or have any concerns in relation to Personal Information;
- the organisations or types of organisations to whom we usually Disclose the Personal Information;
- where applicable, any law that requires the Personal Information to be collected;
- the consequences (if any) for the individual if all or part of the Personal Information is not provided to Datalicious.
1.4 Where it is not practicable for Datalicious to notify individuals of all of the Collection Information before the collection of Personal Information, Datalicious will ensure that individuals are notified of the Collection Information as soon as possible after the collection. Datalicious will provide “post collection notification” in those circumstances where it is not practicable to notify individuals about the collection of their personal information before it is collected.
1.5 Datalicious will not collect Sensitive Information from individuals except with express consent from the individual and only where it is necessary for Datalicious to collect such information for an activity or function.
1.6 Datalicious will not collect Personal Information secretly or in an underhanded way.
1.7 Datalicious will take steps to ensure that individuals on purchased lists are or have been notified of the information as outlined at 1.3.
2.1 Datalicious will obtain an individual’s consent for Use of non-sensitive Personal Information for Secondary Purposes at the time of collection, unless the Use is a related Secondary Purpose, which would be within the relevant individual’s Reasonable Expectations.
2.2 Datalicious Uses Personal Information primarily for the purposes listed in 1.2 above.
2.3 If Datalicious relies on the Direct Marketing exception to Direct Market to individuals it will ensure that:
- individuals are clearly notified of their right to Opt Out from further Direct Marketing; and
- if the individual Opts Out of all Direct Marketing the Opt Out will be respected by Datalicious and implemented free of charge.
2.4 Datalicious will not use Sensitive Information for Direct Marketing.
2.5 Datalicious may use Personal Information to avoid an imminent threat to a person’s life or to public safety. It may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities.
2.6 Datalicious will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.
2.7 Datalicious will not attempt to match de-identified or anonymous data collected through surveys or such online devices as “cookies”, with information identifying an individual, without the consent of the relevant individual.
3.1 Datalicious may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual.
3.2 Datalicious may Disclose Personal Information to unrelated third parties to enable outsourcing of functions where that Disclosure or Use is for a related Secondary Purpose and has been notified to individuals or where such Disclosure is within the individual’s Reasonable Expectations.
3.3 Datalicious will take reasonable steps to ensure that its contracts with third parties include requirements for third parties to comply with the Use and Disclosure requirements of the Privacy Act.
3.4 In the rare event that Datalicious is required to disclose Personal Information to law enforcement agencies, government agencies or external advisors Datalicious will only do so in accordance with the Privacy Act or any other relevant Australian legislation.
3.5 Datalicious may Disclose Personal Information to avoid an imminent threat to a person’s life or to public safety.
3.6 If a Disclosure is not for a Primary Purpose; is not for a related Secondary Purpose; or upfront consent has not been obtained, Datalicious will not Disclose Personal Information otherwise than in accordance with the exceptions set out at 3.1 to 3.6 above.
3.7 Datalicious does not generally share its customer lists on a commercial basis with third parties but if it did, it would only do so if we had the appropriate consent of the individual involved.
4. Information Quality
4.1 Datalicious will review, on a regular and ongoing basis, its collection and storage practices to ascertain how improvements to accuracy can be achieved.
4.2 Datalicious will take steps to destroy or de-identify Personal Information after as short a time as possible and after a maximum of seven years, unless the law requires otherwise.
5. Information Security
5.1 Datalicious requires employees and contractors to perform their duties in a manner that is consistent with Datalicious’ legal responsibilities in relation to privacy.
5.2 Datalicious will take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by people within Datalicious who have a genuine “need to know” as well as “right to know”.
5.3 Datalicious will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities can be achieved and maintained.
6. Access and Correction
6.1 Datalicious will allow its records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
6.2 Datalicious will correct its records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
6.3 Individuals wishing to lodge a request to access and/or correct their Personal Information should do so by contacting Datalicious, as per the details on the back of this document.
6.4 Datalicious will not normally charge a fee for processing an access request unless the request is complex or is resource intensive.
7.1 Contact with Datalicious via phone or web inquiry will be the first point of contact for inquiries about privacy issues.
7.2 Any formal privacy related complaints should be directed in writing via email at firstname.lastname@example.org or writing to the Datalicious Privacy Officer Level 15 35 Clarence Street Sydney NSW 2000.
7.3 Our Privacy Office will provide an initial response to Your query or complaint within 10 business days, and
investigate and attempt to resolve Your query or complaint within 30 business days or such longer period as is necessary and notified to you by our Privacy Officer.
8. Anonymous Transactions
8.1 Datalicious will not make it mandatory for visitors to its web sites to provide Personal Information unless such Personal Information is required to answer an inquiry or provide a service. Datalicious may however request visitors to provide Personal Information voluntarily to Datalicious (for example, as part of a competition or questionnaire).
8.2 Datalicious will allow its customers to transact with it anonymously wherever that is reasonable and practicable.
9. Transferring personal information overseas
9.1 Datalicious generally does not send information overseas.
9.2 If Personal Information must be sent by Datalicious overseas for sound business reasons, Datalicious will require the overseas organisation receiving the information to provide a binding undertaking that it will handle that information in accordance with the Australian Privacy Principles, preferably as part of the services contract.
Collection Information means the information outlined in 1.3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information.
Direct Marketing means the marketing of goods or services through means of communication including written, verbal or electronic means. The goods or services which are marketed may be those of Datalicious or a Related Body Corporate or those of an independent third party organisation.
Disclosure generally means the release of information outside Datalicious, including under a contract to carry out an “outsourced function”.
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.
Reasonable Expectation means a reasonable individual’s expectation that their personal information might be Used or Disclosed for the particular purpose.
Sensitive Information means:
- information or an opinion about an Individual’s:
- racial or ethnic origin; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record; that is also personal information; or
- Health Information about an individual
Use means the handling of Personal Information within Datalicious.
You can opt-out of any email communications
Datalicious sends billing information, product information, Service updates and Service notifications to You via email. Our emails will contain clear and obvious instructions describing how You can choose to be removed from any mailing list not essential to the Service. Datalicious will remove You at Your request.
This policy may be updated from time to time
Datalicious reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. Datalicious will make every effort to communicate any significant changes to You via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy.