Notre Vie Enterprises Pty Ltd and The Publicity Princess Pty Ltd
The APP can be found at https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-quick-reference
We will apply the principles in the APP unless this Policy indicates otherwise.
It is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym.
We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, addresses, telephone numbers, social media details, email addresses, occupations, credit card and/or bank account details, asset and investment details, financial planning records and relationship details.
From time to time, our clients may disclose personal information in response to the surveys that they are asked to fill out at the end of each unit. These surveys are not designed to collect personal information. If any personal information is disclosed in response to such a survey, it will be used solely for the purpose of analysis of the relevant unit.
We do not keep bank account details or credit card details once the relevant course is completed. This information is deleted once it is no longer required.
Personal information is collected from our clients in the following ways:
- by our clients providing it to us directly;
- by our clients authorising third parties to provide it to us;
- by other parties providing it to us voluntarily.
HOW IS PERSONAL INFORMATION RECEIVED AND HELD?
Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents.
FOR WHAT PURPOSE IS PERSONAL INFORMATION COLLECTED, HELD, USED AND DISCLOSED?
All data processed by the business is done on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:
- to offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent;
- to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
- to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
- to comply with applicable laws.
HOW CAN PERSONAL INFORMATION BE ACCESSED OR CORRECTED?
Clients may access their personal information and seek correction of it at any time by applying to our office in person or in writing. All written requests for personal information are to be sent by email to email@example.com.
Clients will be formally identified before releasing or amending any personal information.
IS PERSONAL INFORMATION DISCLOSED OUTSIDE OF AUSTRALIA?
WHAT IS THE COMPLAINTS PROCESS RELATING TO PERSONAL INFORMATION?
All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.
WHAT IS AN ELIGIBLE DATA BREACH?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
(i) there is unauthorised access to, or unauthorised disclosure of, the information;
(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
(b) the information is lost in circumstances where:
(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
(j) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.
IF THERE IS A SUSPICION OF A BREACH
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:
- the business’s details;
- a description of the breach;
- the kind or kinds of information concerned; and
- recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
EXCEPTION TO REPORTING
The notification process set out above will not apply if remedial action can be taken that results in us reasonably concluding that the access or disclosure is not likely to result in serious harm to any person.