CROFTI Pty Ltd ACN 169 326 514 and its related entities (‘Crofti / we / us’) is an IT Support and Consulting business that specializes in delivering innovation and technology with business focused outcomes. At Crofti, it is important to us that we manage your personal information securely and consistently with relevant legislation, including the Privacy Act 1988 (Cth) (‘Privacy Act’) as well as the Credit Report Privacy Code (‘Code’).
2.1 In Australia, we are governed by the Australian Privacy Principles (‘APPs’) under the Privacy Act. In our interactions with you, we also comply with Credit Reporting Privacy Code requirements. These set out the way organisations and government agencies can collect and use, disclose and provide access to personal and sensitive information.
(a) Personal information is information that identifies or could identify a person, whether it is true or not. It may include, for example, your name, age, gender, profile picture, contact details, bank account details and financial information.
(b) Sensitive information as defined by the Privacy Act (as amended) is also personal information but relates to your opinions, views, racial or ethnic origin, political options or affiliations, religious beliefs, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record or health, genetic, biometric information or biometric templates.
(c) Credit Information as defined in the Privacy Act is personal information about an individual (other than sensitive information) relating primarily to your credit-related dealings which can be disclosed to Credit Reporting Bodies (‘CRBs’) that report on consumer credit worthiness and includes:
(i) identification information about the individual; or
(ii) consumer credit liability information about the individual; or
(iii) repayment history information about the individual; or
(iv) a statement that an information request has been made in relation to the individual by a credit provider, mortgage insurer or trade insurer; or
(v) the type of consumer credit or commercial credit, and the amount of credit, sought in an application:
A. that has been made by the individual to a credit provider; and
B. in connection with which the provider has made an information request in relation to the individual; or
(vi) default information about the individual; or
(vii) payment information about the individual; or
(viii) new arrangement information about the individual; or
(ix) court proceedings information about the individual; or
(x) personal insolvency information about the individual; or
(xi) publicly available information about the individual:
A. that relates to the individual’s activities in Australia or the external Territories and the individual’s credit worthiness; and
B. that is not court proceedings information about the individual or information about the individual that is entered or recorded on the National Personal Insolvency Index; or
(xii) the opinion of a credit provider that the individual has committed, in circumstances specified by the provider, a serious credit infringement in relation to consumer credit provided by the provider to the individual.
2.4 You understand that many online software packages including, but not limited to, Google and Xero, store data in facilities which may not be wholly or in part, based on Australian shores, and therefore may not fall under the jurisdiction of the Australian Privacy Principles. We and any third parties or software providers we engage now and in the future, will take all reasonable steps to provide for the security of such stored data to the extent possible and act in accordance with the terms as provided by those third parties and software packages. You may refuse to work with us where you deem the risk of data breach to be greater than the convenience and cost effectiveness of the solution provided. To disengage our services, please notify us in writing and we will take measures to remove your details from our system.
3.1 Examples of where we might collect personal or sensitive information include:
(a) when you visit our website, create a user account, and / or use our online services;
(b) when you visit us in person;
(c) when entering into an agreement with us for the supply of services;
(d) when you correspond or communicate with Crofti or our agents over the telephone or in any other manner, including by letter, facsimile or email;
(e) providing your credit card information to facilitate payment;
(f) using your internet service provider or mobile network to connect to our services;
(g) when we assess your eligibility for our services;
(h) if you connect with us via a social network;
(i) when you complete a customer survey or send us feedback;
(i) in administering your account, including requests and the provision of our services.
(a) your name, phone number, mobile telephone number, email address, physical address and other contact information;
(b) your Australian Business Number (ABN);
(c) your employment history (which may include sensitive information), if you apply for a job with us;
(d) other employment-related information, if you apply for a job with us; and
(e) feedback, market research and opinion polls provided by you;
(f) financial information such as credit card or bank account numbers provide by you;
(g) records and content of communications with Us or any other person including when using Website communication tools;
(h) personal information based on your activities on the Website;
(i) personal information you provide to us through any discussions boards, correspondence, user information pages, disputes, or shared by you from other social applications, services or websites;
(j) to the extent permitted by law, other personal information provided by or obtained from third parties (such as a credit bureau) including navigation and demographic data and credit check information;
(l) personal information from your interaction with the Website and its content and advertising, including device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the Website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data.
5. WHY WE COLLECT AND USE PERSONAL INFORMATION
5.1 Crofti takes your personal privacy seriously. We may collect personal information about you for various reasons, for example:
(a) Because you have provided it directly to us, for instance contact details, date of birth and credit card details or bank account details;
(b) To operate the Website, generate content and provide customer support and billing services (including updates and improvements);
(c) To provide you with the most appropriate services for your needs;
(d) To provide you with information via blogs, general email and online correspondence and newsletters;
(e) To research, develop and improve Our services;
(f) To conduct surveys to determine use and satisfaction with Our services;
(g) To generate statistics in relation to the Website;
(j) To verify information for accuracy or completeness (including by way of verification with third parties);
(l) To contact you at your contact details we have collected, by way of voice call, post, text message or email;
(m) To aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you;
(n) To collect fees, resolve disputes and to identify, test and resolve problems;
(o) To notify you about the Website and updates to the Website from time to time; or
(p) To supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications based on your preferences, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences.
5.2 We only use your personal and sensitive information for purposes which are directly related to the reason you provided us with your information in the first place and where you would reasonably expect us to use your information. This may include sharing your personal or sensitive information with service providers.
5.3 We may share your information with government or regulatory bodies as required or authorised by law. These agencies may also share this information with organisations or agencies in other jurisdictions.
6.1 Disclosure of personal information to third parties
We will not disclose your personal information to another person unless you have given consent or if one of the exceptions under the Privacy Act applies. Where possible, the information that could reasonably identify you as an individual is first removed.
(a) Except as set out above, Crofti will not disclose your information to a third party unless one or more of the following applies:
(i) you have given your consent for us to do so;
(ii) you would reasonably expect us to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected);
(iii) it is otherwise required or authorised by law;
(iv) it will prevent or lessen a serious threat to somebody’s life, health or safety or to public health or safety;
(v) it is reasonably necessary for us to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature that relates to our functions or activities;
(vii) We are required to comply with any applicable law, request by a governmental agency or regulatory authority or legally binding court order;
(viii) We are required to respond to or resolve claims that a member has violated the rights of others;
6.3 Examples of disclosure
(a) Customer Records
(i) Crofti maintains records of all customers including financial information which may need to be shared with financial institutions, government or regulatory bodies from time to time.
(b) Credit Reporting
(i) We may disclose personal information about you to a CRB in relation to any credit-related dealings with us. That information may be included in reports by the CRB to other credit providers or to another CRB to help them assess applications by you for credit.
7. DISCLOSURE OF INFORMATION TO THIRD PARTIES OVERSEAS
We may disclose personal information to overseas based organisations or agencies in the provision and/or administration of your account. We undertake to protect your personal information by ensuring the country of the overseas based organisation or agency has similar protections in relation to privacy, or that we enter into contractual arrangements with the organisation or agency to ensure the protection of your privacy.
8.1 It is your choice to provide information to us. Wherever it is lawful and practicable, you have the option not to identify yourself or to use a fictional name when interacting with us. You can remain anonymous when using some parts of our website, or sites administered by us.
8.2 It may be necessary for us to collect your personal or sensitive information if you would like certain services. If you choose to withhold the information we require, we may not be able to provide you the services you have requested.
9. STORAGE AND SECURITY
9.1 We store your information in a number of ways including physically (such as in paper form) or electronically with third party data storage providers. Your privacy and the security of your information is very important to us so where we store your information with third party providers, we will enter into contractual arrangements with those providers to ensure they take appropriate measures to protect your information.
9.2 We take appropriate steps to protect your personal and sensitive information held by us from misuse, interference, unauthorised access, modification, loss or disclosure. This includes during storage, collection, processing and transfer and destruction of the information. These steps include but are not limited to:
(a) ensuring our computer systems and websites have security systems in place such as up to date firewall and data encryption;
(b) maintaining security systems and monitoring of our premises;
(c) implementing confidentiality agreements with our employees and contractors, sub-contractors, service providers and their agents;
(e) maintaining document storage security policies and procedures; and
(f) implementing verification procedures for all inquiries/transactions to ensure only authorised people can access personal information.
9.3 Our website may contain links to external websites. We recommend that you review the privacy policies of those external websites as we are not responsible for their privacy practices.
10. HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION
10.1 We will take reasonable steps to ensure that all personal information we collect, use or disclose is accurate, up-to-date, complete, relevant, and not misleading.
10.2 We will correct any personal information that we believe to be incorrect, out-of-date, incomplete, irrelevant or misleading. This may include taking reasonable steps to notify any organisation or government agency to which information was disclosed about the correction. You may request to access or correct your personal information at any time by contacting the Privacy Officer using the contact details below. We will give you access to your information unless one of the exceptions under the Privacy Act applies. For example, if providing access would be unlawful or denying access is authorised by law.
10.3 If you request to access or correct your information, we will respond within a reasonable time (usually within 30 days). If your request is refused, we will give you a written notice that sets out the reasons for refusal and how to complain about the decision.
11. DIRECT ACCESS AND PROMOTIONAL MATERIALS
11.1 From time to time, we may send out promotional materials and information from government departments or other third parties. If you do not wish to receive these communications, please contact us to unsubscribe from that mailing list.
11.2 Your information may also be used by us to provide you with details of other organisation’s services where permitted by the Privacy Act or where you have consented to the use or disclosure of your personal information for direct communications and promotional materials.
11.3 It is our policy that any direct communications or promotional material will include a statement advising that you can request to not receive further material from us by contacting us using the details provided. Please note that if you choose this option this will also prevent you receiving offers of discounts as well as all promotional and informational materials.
12.2 Cookies may be used to provide you with our range of services including to identify you as a user or member of the Website, remember your preferences, customise and measure the effectiveness of the Website and our promotions, advertising and marketing, analyse your usage of the Website, and for security purposes.
(a) your computer’s IP address;
(b) your domain name;
(c) the date and time or access to the website;
(d) pages accessed and documents downloaded;
(e) the previous site visited;
(f) if you have visited the website before;
(g) the type of browser software in use;
(h) your mobile carrier; and
(i) device information including device and application ID.
12.4 You may adjust your internet browser to disable cookies. If Cookies are disabled, We may not be able to provide you with the full range of Our services.
12.5 You also may encounter Cookies used by third parties and placed on certain pages of the Website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.
13. NO SPAM, SPYWARE OR SPOOFING
13.1 You are prohibited from engaging in spam, spyware or spoofing type activities, regardless of whether directed towards Us or other users of Us.
13.3 You are not permitted to add a user or member to our mailing list (postal or email details included) without the written consent of a user or member.
13.5 To report spam, spyware or spoof activities to Us, please email us on the details below.
15. OPTING OUT
15.2 You may opt out of receiving our marketing, advertising and promotional notices, offers and communications by communicating this to us in writing at the email address below.
16. COMPLAINTS AND ENQUIRIES
16.2 If you consider your privacy concerns have not been resolved satisfactorily by us, or you wish to obtain more information on privacy requirements, you can contact The Office of the Australian Information Commissioner on 1300 363 992 or visit their website at www.oaic.gov.au.
17. CONTACT US
Phone: +61 7 3067 0001
Address: Level 3, Cameron House, 354 Brunswick Street, Fortitude Valley QLD 4006