RECITALS

TechSpecialist is committed to managing personal information and sensitive information in an open and transparent way.

This Privacy Policy sets out our policy with respect to the way we collect, hold, use and disclose Personal Information, including Sensitive Information about you (“you”), which is disclosed to us either directly or through the Website.

This policy does not create or confer upon any individual any rights, or impose upon Tech Specialist any rights or obligations outside of, or in addition to, those rights or obligations imposed by the Privacy Act 1988 (Cth), the Spam Act 2003 (Cth), the Do Not Call Register Act 2006 (Cth) or related legislation. Should there be, in a specific case, any inconsistency between this statement and the Act, this statement shall be interpreted, in respect of that case, to give effect to, and comply with the legislation.

1. Definitions and Interpretation
  • 1.1 In this Privacy Policy (including the recitals) unless the context otherwise requires:
    • “Act” means the Privacy Act 1988 (Cth)
    • “Credit Information” has the same meaning as section 6N of the Privacy Act 1988 (Cth)
    • “Credit Provider” has the same meaning as section 6G of the Privacy Act 1988 (Cth)
    • “Data Breach” means the Loss, Unauthorised Disclosure to, or Unauthorised Access of, Personal Information collected or stored by TechSpecialist;
    • “Health Information” has the same meaning as in section 6 of the Health Records and Information Privacy Act 2002 (Cth).
    • “Health Provider Organisation” means those organisations that are a health service provider or that collects, holds or uses health information and are required to comply with the Health Records and Information Privacy Act 2002 (Cth).
    • “Loss” means accidental or inadvertent loss of Personal Information likely to result in Unauthorised Access or Unauthorised Disclosure. If data the subject of the Loss can be deleted remotely or is encrypted it will not constitute an NDB;
    • “NDB Scheme” means the Notifiable Data Breach Scheme pursuant to Part IIIC of the Privacy Act 1988 (Privacy Act)
    • “Notifiable Data Breach” or “NDB” means a Data Breach that is likely to result in Serious Harm to any of the individuals to whom the Personal Information relates. A NDB occurs when Personal Information held by an organisation is lost or subjected to Loss, Unauthorised Access or Unauthorised Disclosure.
    • “PCO’s Address” means the PCO’s postal address as identified in the Schedule;
    • “PCO’s Email Address” means the PCO’s email address as identified in the Schedule;
    • “Permitted general situation” has the same meaning as in section 16A of the Act. The permitted general situations are: lessening or preventing a serious threat to the life, health or safety of any individual, or to public health or safety; taking appropriate action in relation to suspected unlawful activity or serious misconduct; locating a person reported as missing; asserting a legal or equitable claim; or conducting an alternative dispute resolution process.
    • “Personal Information” means information from which your identity is apparent or can be reasonably ascertained. The types of information generally collected by us include your name, date of birth, residential and/or postal address, telephone number and email address;
    • “Privacy Policy” means this privacy policy (including the recitals and the schedule), as amended or supplemented from time to time;
    • “Privacy Contact Officer” or “PCO” means the point of contact for advice on privacy matters related to the Website;
    • “Sensitive Information” means information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, or criminal record, or health information, genetic information or biometric information;
    • “Serious Harm” is determined with regard to the following list of relevant matters as provided for in section 26WG of the Privacy Amendment (Notifiable Data Breaches) Act 2017;
    • “TFN” means Tax File Number, a unique identifier issued by the Australian Taxation Office (ATO) to each taxpaying entity;
    • “TFN Recipient” has the same meaning as ‘file number recipient’ in s 11 of the Privacy Act and covers any person, agency or organisation or other entity that is (whether lawfully or unlawfully) in possession or control of a record that contains TFN information;
    • “Unauthorised Access” means Personal or Sensitive Information is accessed by someone who is not permitted to have access. This could include an employee of the entity, a contractor or external third party (such as hacking);
    • “Unauthorised Disclosure” means where an entity releases/makes visible the Personal or Sensitive Information outside the entity in a way not permitted by the Privacy Act. For example, an employee accidently publishes a confidential data file containing personal information on the internet;
    • “Web Analytics” means the measurement collection, analysis and reporting of web data for the purpose of understanding and optimising web usage;
    • “Website” means the website identified in the Schedule.
2. Collection of Personal Information
  • We collect Personal Information about you:
    • (a) because you have provided it to us, for example, if you interact with us on the Website in any manner;
    • (b) to conduct our business;
    • (c) to handle complaints;
    • (d) because we need it to provide a product or service that you have requested, for example, if you subscribe to an email list or purchase products or services from us;
    • (e) because you work for us or apply to us for a job;
    • (e) for purposes related to any of the above.
  • By providing us with Personal Information, you consent to the practices described in this Privacy Policy. When providing Personal Information to us, please be aware that there are risks involved in transmitting such information across the Internet.
  • Some of the personal information that TechSpecialist collects and holds is sensitive information. TechSpecialist only holds and collects sensitive information where it is necessary for the purpose for which it is being collected and with the individual’s consent unless the collection is required or authorised by law.
  • Personal information may be held in both paper and electronic form, including databases.
3. Use and Disclosure of Personal Information
  • We use your Personal Information in the following ways:
    • (a) to deliver services you have requested from us, including the provision of goods and/or services;
    • (b) to confirm your identity; and
    • (c) for direct marketing purposes.
  • For direct marketing purposes, your Personal Information will be added to our database. The database may be used for ongoing marketing and educative purposes. The type of marketing and educative activities that we undertake includes forwarding material to you so that you are kept updated in relation to various issues and our services. If at any time you do not wish to continue receiving this information, we provide an “opt-out” procedure in each communication to you.
  • We will only use your Personal Information for the purposes for which it was collected and we will not disclose your Personal Information without gaining your consent except where such disclosure is required by law or a permitted general situation exists. In ordinary circumstances, any disclosure of personal information for a secondary purpose must be approved by the Privacy Contact Officer.
  • By disclosing your Personal Information to us, you consent to your Personal Information being disclosed to our overseas service providers (if applicable), which may not meet the standard set by clause 8.1 of the Australian Privacy Principles. You are able to withdraw your consent at any time by written notice to the Privacy Contact Officer but if consent is withdrawn, we may terminate the services being offered to you through TechSpecialist. A termination of services arising from the operation of this clause will not create a breach of any legal or contractual obligations to you arising from any contract between you and TechSpecialist.
3. Dealing with Actual or suspected Data Breach
Tech Specialist will manage the process of dealing with an actual or suspected Data Breach in accordance with the NBD Scheme.
A NBD will be considered to have occurred when the following three criteria are satisfied:
  • 1.TechSpecialist
    • (a) to deliver services you have requested from us, including the provision of goods and/or services;
    • (b) to confirm your identity; and
    • (c) for direct marketing purposes.
  • 2.The Loss, Unauthorised Access or Unauthorised Disclosure is likely to result in Serious Harm to a person; and
  • 3.TechSpecialist has not been able to prevent the likely risk of Serious Harm.
  • 4.Within 30 days of a suspected Data Breach occurring, TechSpecialist will assess the breach to determine if it is likely to cause Serious Harm with reference to the NDB Scheme list of relevant matters, including:
    • (a) The Sensitivity of the Personal Information or Sensitive Information (ie loss of medical records or details of sexual orientation would be more likely to be assess as capable of causing Serious Harm);
    • (b) The type of Personal Information or Sensitive Information (ie loss of credit card numbers or drivers licences may be more likely to result in serious harm);
    • (c) Whether security matters, such as encryption, protect the Personal Information following the Data Breach thereby limiting the likelihood of Serious Harm; or
    • (d) The nature of the harm (ie credit card details being released are more likely to harm serious and immediately consequences than other information).
Tech Specialist will take all reasonable steps to ensure an assessment is completed within 30 days and a notification submitted to the Office of the Australian Information Commissioner (OAIC).
As soon as is practicable after an Notifiable Data Breach is confirmed, TechSpecialist will provide a statement to each individual whose data was breached or who are at risk, including details of the breach and recommendations of the steps you should take in the circumstances.
5. Opting Out
In each generic correspondence sent out to you, we will endeavour to include simple instructions on how you can immediately unsubscribe from the relevant mailing list. You can also opt out from receiving promotional material by contacting us directly.
6. Accessing, Updating and Correcting your Personal Information
You may request from us in writing to provide you with details of the Personal Information we hold about you. We will endeavour to process your request as soon as practicable. If we deny your request, we will provide reasons in writing as to our decision. To complain or contest our decision, please contact our Privacy Contact Officer.
If you wish to amend information that is out of date, incomplete, misleading or incorrect, or if you wish for your Personal Information to be removed from our database, please contact our Privacy Contact Officer.
7. Security
We have secured our Website using industry standard technology. However, we cannot provide any guarantee with respect to the security of your Personal Information and we will not be liable for any breach of security or unintended loss or disclosure of information due to the Website being linked to the Internet.
We will use all reasonable endeavours to secure any Personal Information we hold about you and to keep this information accurate and up-to-date, including by:
  • (a) employing appropriate technical, administrative and physical procedures to protect Personal Information from unauthorised disclosure, loss, misuse or alteration; and
  • (b) limiting access to Personal Information to individuals with a business need consistent with the reason the information was provided. We keep Personal Information only for as long as it is required for business purposes or by the law.
8. Cookies
Tech Specialist uses Web Analytics to obtain statistics about how its website is accessed. Web Analytics relies upon cookies to gather information.
You may be required to have a cookie-enabled browser to fully access the Website. A cookie is a piece of data stored on your computer tied to information about you. Cookies may be used to track your internet browsing activities and the websites you have visited.
We may, for statistical, security or quality purposes, use cookies to log:
  • (a) your internet protocol (IP) address;
  • (b) the date and time of your visit;
  • (c) the pages you have accessed and documents downloaded; and
  • (d) the type of browser you were using.
9. Links
The Website may contact links to other websites. Please note that we are not responsible for the privacy practices of these sites. When you leave our Website, you should familiarise yourself with the privacy statement of that website prior to providing your Personal Information, as this Privacy Policy only applies to Personal Information collected by us or through our Website.
10. Additional Requirements for Health Information
Where TechSpecialist collects and/or holds Heath Information as a result of contractual relationships with Health Provider Organisations, TechSpecialist will treat Health Information in compliance with the Act and all applicable State and Territory legislation governing privacy of Health Information. TechSpecialist will only use or disclose health information for the purpose for which it was collected or a directly related purpose that is expected, such as the storage of Health Records in providing Server services to Health Provider Organisations.
In the event of a Data Breach or suspected Data Breach, TechSpecialist will provide the Health Provider Organisation within 14 days of the Data Breach of suspected Data Breach:
  • (a) The identity and contact details of the relevant client/s of the Health Provider Organisation (if identifiable by TechSpecialist);
  • (b) A description of the data breach;
  • (c) The kinds of information concerned (if identifiable by TechSpecialist);
  • (d) Recommendations about the steps that those affected should take in response to the data breach; and
  • (e) Steps taken by Techspecialist to secure its systems against further breach;
Unless otherwise agreed between TechSpecialist and the Health Provider Organisation in writing, TechSpecialist will not identify whether the Data Breach is a NDB in circumstances where they are in possession of Health Information as a result of providing services to a Health Provider Organisation. The Health Provider Organisation will be responsible for making an assessment as to whether the Data Breach constitutes an NDB and to report the NDB in compliance with the NDB Scheme.
TechSpecialist is not otherwise bound by the privacy policies and procedures of Health Provider Organisations unless they have had prior notice of the same and provided written acceptance of those policies and procedures to the Health Provider Organisation.
11. Additional Requirements for Health Information
Where TechSpecialist collects and/or holds Credit Information and Tax File Numbers, TechSpecialist will treat that information in compliance with the Act and all applicable Credit Reporting Laws governing privacy of Credit Information and the Privacy (Tax File Number) Rule 2015.
TechSpecialist will only use or disclose Credit Information and Tax File Numbers for the purpose for which it was collected or a directly related purpose that is expected, such as the storage of that information in providing services as a result of contractual relationships with Credit Providers or other organisations that collect and/or hold Credit Information and/or Tax File Numbers.
As a TFN Recipient under the Act and the Privacy (Tax File Number) Rule 2015, TechSpecialist is subject to collection, storage, use, and disclosure requirements concerning Tax File Numbers. TechSpecialist collects employee Tax File Numbers to communicate with the ATO and the employee’s superannuation funds. In all other instances where TechSpecialist receives Tax File Numbers for incidental purposes related to their operations, TechSpecialist securely stores Tax File Numbers using industry standard security.
Where Techspecialist is retained by a client that stores Credit Information and/or Tax File Numbers of its clients, in the event of a Data Breach or suspected Data Breach, Techspecialist will provide its client within 14 days of the Data Breach or suspected Data Breach:
  • (a) The identity and contact details of the relevant client/s of the Health Provider Organisation (if identifiable by TechSpecialist);
  • (b) A description of the data breach;
  • (c) The kinds of information concerned (if identifiable by TechSpecialist);
  • (d) Recommendations about the steps that those affected should take in response to the data breach; and
  • (e) Steps taken by Techspecialist to secure its systems against further breach;
Unless otherwise agreed between TechSpecialist and the Health Provider Organisation in writing, TechSpecialist will not identify whether the Data Breach is a NDB in circumstances where they are in possession of Health Information as a result of providing services to a Health Provider Organisation. The Health Provider Organisation will be responsible for making an assessment as to whether the Data Breach constitutes an NDB and to report the NDB in compliance with the NDB Scheme.
TechSpecialist is not otherwise bound by the privacy policies and procedures of Health Provider Organisations unless they have had prior notice of the same and provided written acceptance of those policies and procedures to the Health Provider Organisation.
12. Changes to this Privacy Policy
We may, from time to time, review, amend and update this Privacy Policy and associated procedures. When this occurs, we will post details of this update on the Website. We encourage you to periodically review this Privacy Policy so you are aware of our latest practices with respect to Personal Information.
Hardcopies of this Privacy Policy are available upon request to the PCO.
13. Contact Information
If you wish to exercise any of your rights under this Privacy Policy, have any questions, comments or complaints regarding our practices, if you wish to access personal information about you, or if you are of the view that we have not adhered to this Privacy Policy, you may write to our Privacy Contact Officer at the PCO’s Email Address or PCO’s Address.
Upon receipt of a complaint, we will work with you to resolve your complaint. If we are unable to resolve your complaint to your satisfaction within a reasonable timeframe, you may refer your complaint to the Privacy Commissioner.