We are an Australian business and conduct our Australian operations in accordance with the Australian Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (the APPs) which form part of that Privacy Act.
What is Personal Information?
Personal information is information or an opinion about an individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. Sensitive information is subset of personal information and has the meaning given to it in the Privacy Act.
Sensitive information is subset of personal information and has the meaning given to it in the Privacy Act. Sensitive information means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health, genetic or biometric information. We do not knowingly collect, hold or use such information. If we become aware that such information has inadvertently been inadvertently collected or is inadvertently held by us, we will destroy it.
What personal information do we collect?
We may collect personal information from you when you register on the Website and through your dealings with us including by telephone, email, SMS and other methods.
Information we collect may include, but is not limited to, the following:
- Your name or business name;
- Your personal address, business address and/or email address; and
- Other relevant information as required.
If your personal details change, it is your responsibility to update your Luxey account with those changes, so that we can keep our records complete, accurate and up to date.
In addition to data collected from your submissions, we may also collect data on your internet behaviour from third parties.
When you access and use our Website we may record and log for statistical purposes certain information about such access and use, including your IP address, the date and time of your visit, the parts of our Website you access during your visit, your actions on our Website.
In situations where we are required to combine personal information about identified or identifiable individuals as provided to us about one customer with personal information about that individual as provided to us by another customer or from publicly available sources, wherever reasonably practicable we will use using reliable and verifiable anonymisation and de-identification techniques which ensure that the risk of any individual being reasonably identifiable in relation to the combined personal information is remote.
Where we collect and use personal information about any identifiable individual from a publicly available source, we assess whether the collection and use is made a manner both reasonably contemplated and permitted by the provider of that publicly available source. Where the collection and use is made a manner both reasonably contemplated and permitted by the provider of that publicly available source, we rely upon that provider to:
- comply with relevant national privacy laws applying to the provider’s activities; and
- to provide the necessary notices as required by relevant national privacy laws to that identifiable individual and to obtain the necessary consents from that individual to permit collection and disclosure by the provider of that publicly available source of that personal information, including disclosure in a manner reasonably contemplated and permitted by the provider of that publicly available source.
As well as collecting information directly from you, there may be occasions when we collect information about you from a third party. In such instances, we will determine whether we would have been entitled to collect such information from you and where we consider that we would not have been entitled to do so, we will destroy or de-identify such information as soon as reasonably practical.
You do not have to provide us with any personal information if you choose not to, however if you do not provide us with your personal information, we may not be able to provide you with our services. If you wish to remain anonymous, do not use the Website.
Please note that rejecting cookies may mean that some or all of the functions on our Website will not be available to you. In particular, cookies must be enabled to access and use any part of our Website for placing orders.
How is your personal information used?
The personal information that we collect is generally used to provide our services to you, and, if you use our Website, to track your usage and to evaluate the performance of our Website.
More specifically, your personal information may be used by Luxey for:
- allowing to you to use our services;
- identification and authentication;
- accounting, invoicing and billing purposes;
- marketing purposes;
- to protect Luxey and the users of the Website;
- to provide, maintain, protect and improve our services;
- as required by law, order of a court, tribunal or regulator or if Luxey reasonably believes that the use or disclosure of the information is reasonably necessary for enforcement related activities;
- to ensure that Luxey receives payment charges due to it;
- to contact you;
- to conduct research;
- to develop our relationships with affiliate service providers;
- to provide or arrange internal or external verification services obtained by you via the Website; and
- as otherwise permitted under privacy legislation.
When you contact Luxey, we may keep a record of the communications between you and Luxey to help resolve any issues you might have.
If we collect, use or disclose any information from you that is not personal information, but is sensitive information such as information relating to police checks conducted on users of the Website, then we will seek consent directly from you each time we collect, use or disclose your sensitive information, including for direct marketing purposes. We will not use or disclose your sensitive information for any other purpose unless the purpose is directly related to the primary purpose for which your sensitive information was collected. You may opt out of receiving any marketing information by notifying us accordingly, or using any unsubscribe facility we provide for that purpose.
Disclosure of your personal information
We do not sell, rent or trade personal information to or with any other third parties.
We will not otherwise disclose your personal information to any third party unless:
- that third party is a contractor engaged to provide goods or services to us (including goods or services that assist us in providing our Website). This may include disclosure to contractors outside of Australia. Our agreements with such contractors require that they keep your personal information confidential, and that they only use or disclose your personal information for the purposes of providing those goods or services to us;
- such disclosure is in connection with the sale of some or all of our business or assets; or
- you have consented for us to share the information for this purpose, or the disclosure is authorised by the Privacy Act including:
- to lessen or prevent a serious threat to life or health;
- to protect the personal safety of users of our Website or the public;
- if authorised or required by law;
- if we have reason to suspect that unlawful activity has been, is being or may be engaged in;
- to enforce the law or where necessary to investigate a suspected unlawful activity; or where
- you would reasonably expect or we have told you that your personal information is usually used or disclosed to third parties in this way.
Access and correction of your personal information
We will, on request, provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, unless there is an exception to such disclosure which applies under the APPs.
If you require access to your personal information, please email: email@example.com
Before we provide you with access to your personal information we will require some proof of identity.
For most requests, your information will be provided free of charge, however, we may charge a reasonable fee if your request requires a substantial effort on our part.
If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied upon under the APPs (unless it would be unreasonable to do so).
We take reasonable steps to ensure that your personal information is accurate, complete, and up-to-date whenever we collect or use it. If the personal information we hold about you is inaccurate, incomplete, irrelevant or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you.
How we hold and secure your personal information
The security of your personal information is important to Luxey. We take reasonable steps to prevent the personal information we hold about you from misuse, interference or loss, and from unauthorised access, modification or disclosure. This includes the use of technologies and processes such aas access control procedures, network firewalls, encryption and physical security to protect the privacy of your personal information.
We will take all reasonable steps to protect the information we hold about you from unauthorised access, use and disclosure, however we cannot guarantee the absolute security of that information, or that our systems will be completely free from third party interception or are incorruptible from viruses. We cannot and do not guarantee that information you send from your computer to us over the Internet will be protected by any form of encryption. We therefore cannot and do not ensure or warrant the security or privacy of your personal information, including payment and account details.
You transmit your personal information to us at your own risk.
This section applies to persons that are European Union (EU) individuals. The European Union General Data Protection Regulation (the GDPR) contains new data protection requirements that will apply from 25 May 2018 and this section states how the Agency protects the personal data and privacy of Candidates that are EU individuals. For the purposes of this section “Data Protection Legislation” means the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and capitalised definitions in this section refer to definitions in that regulation.
You acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor.
- process that Personal Data only on the written instructions of you for the purposes of carrying out our services in accordance with the terms of this agreement unless we are required by the laws of any member of the European Union or by the laws of the European Union applicable to us to process Personal Data (Applicable Laws). Where we are relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, we shall promptly notify you of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit us from so notifying you;
- ensure that we have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
- ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;
- assist you in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
- notify you without undue delay on becoming aware of a Personal Data breach;
- at your written direction delete or return Personal Data and copies thereof to you on termination of our engagement with you unless required by Applicable Law to store the Personal Data; and
- maintain complete and accurate records and information to demonstrate its compliance with this section.
How to contact us
Our contact details are:
Andrew James Murray t/as Luxey (ABN 80 588 364 151)
If you wish to make a complaint about an alleged breach of the Privacy Act, we ask that you send us your complaint in writing to the email address listed above. We endeavour to respond to complaints within a reasonable period (usually 30 days).
If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner by phoning 1300 363 992 or by email at firstname.lastname@example.org.