You can feel confident that any personal information we collect from you or is received by us will be treated with appropriate respect ensuring protection of your personal information. We will at all times comply with all requirements of the Privacy Act 1988
(Cth) and any other relevant law with respect to the collection and handling of your personal information.
WHO WE ARE
Shred-It Australia Pty Ltd ACN 161 858 751 and its related bodies corporate (collectively known as "Shred-It" and also referred to in this Policy as "us," "we" and "our") seek to provide the best possible service to its customers.
As Australia's largest secure document destruction service provider, we understand how important it is to protect your personal information.
INFORMATION COLLECTION, USE AND DISCLOSURE
We may collect, use and disclose certain personal information from and about you.
When we refer to personal information we mean information or an opinion about you, from which you are, or may reasonably be, identified.
This information may include (but is not limited to) your name, date of birth, driver's licence number, phone number, email address, address, nationality, employment history, income, assets, liabilities and repayment history information.
Personal information includes 'sensitive information'. Sensitive information is a subset of personal information which is given additional protection by the Privacy Act and includes information about religious affiliation or beliefs, ethnic origin, criminal record health and sexuality. Personal information may also include 'credit information' about you. Credit information is information which is used to assess your eligibility for a loan or deferred payment terms, and may include information about your income, assets, liabilities and repayment history information.
Other than information about your affiliation with us, it is not common practice for us to collect sensitive information about you. We will only collect sensitive information about you with your specific consent.
Some of our customers may provide us with 'personal information' (including 'sensitive information') about their customers in documents provided to us in order for us to perform our document destruction services in respect of those documents. Although we may receive such documents as part of the services we provide, we will not access, use or make records of such information.
Collection: From time to time, we may collect information from you, including when you use our website. When you use our website, we may collect information regarding the areas of the website you visit, the websites you previously visited, the websites you link to when you leave our website, and what information and data you request, view and download from or through the website. We also collect information you provide to us through the website (for example, through guestbooks, submission forms, emails, chat groups, postings, order forms and other submissions). There may also be times when you provide your personal information directly to us, for example when making an enquiry and/or engaging us to provide our services to you.
We may also collect information from you through the use of "cookies". Cookies are small pieces of data which are stored on your computer to allow your web browser to remember something about our website. Cookies are useful because they allow us to personalise our site for you. For example, cookies can be used to list the contents of your virtual shopping cart or to remember your password so that you do not need to enter it every time you log onto our site.
In most cases we will collect your personal information directly from you. However, we will also collect information about you from third parties, such as a partner or spouse who contacts us on your behalf, from our contractors who supply services to us, through referrals from third parties such as marketers, from a publicly maintained record and from other individuals or companies authorised by you.
How we use your personal information: We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Act. This may include using your personal information for the following purposes:
- to answer enquiries and provide information or advice about existing and new products or services;
- to provide you with access to protected areas of our website;
- to assess the performance of the website and to improve the operation of the website;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes, related bodies corporate, contractors or service providers;
- to provide your updated personal information to related bodies corporate, contractors or service providers;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
We may provide your credit information to a credit reporting body. The credit reporting body may provide the information that we report about you to credit providers to assist them to assess your credit worthiness.
If you fail to meet your payment obligations to us, for example because charges debited to you credit card are dishonoured, or if you commit a serious credit infringement, we may report this to the credit reporting body.
You may access the credit information that we hold about you. Please refer to the section titled ‘Accessing your Personal Information’ below. You may also request that we correct any credit information that we holds about you if you believe the information is incorrect. Please refer to the section titled ‘Accuracy of Information’ below.
The information that we provide to a credit reporting body may sometimes be used for ‘pre-screening’ of direct marketing offers to be made by another credit provider. You may contact the credit reporting body to request that your credit information is not used in this way.
You may also contact the credit reporting body to request that they not use or disclose the credit-reporting information they hold about you if you consider that you may have been a victim of fraud or if you believe on reasonable grounds that the information they hold about you is incorrect. The credit reporting body must not use or disclose your credit information for a period of 21 days after receiving your notice.
For further information, contact the following credit reporting bodies at:
Disclosure: We may disclose your information for the primary uses set out above and any reasonably related secondary use. We may share aggregated demographic information about our users with our business associates, but this information cannot be used to identify any particular individual. We also disclose your personal information to our payment and delivery associates to allow the processing, billing and delivery of your orders.
To enable us to provide our services to you, we may disclose your personal information to:
- companies and contractors who we retain to provide services for us, such as IT contractors, call centres, storage / destruction facilities, lawyers, accountants and auditors, who will need to have access to your personal information to provide those services;
- people considering acquiring an interest in our business or assets; and
- other individuals or companies authorised by you or by law.
By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.
Sometimes we are required or authorised by law to disclose your personal information. Circumstances in which we may disclose your personal information would be to a Court, Tribunal or law enforcement agency in response to a request or in response to a subpoena or to the Australian Taxation Office.
We may from time to time transfer personal information outside Australia in accordance with the Privacy Act to countries whose privacy laws do not provide the same level of protection as Australia’s privacy laws. For example, we may transfer your personal information to the Asia-Pacific, European Union or the United States of America. We may also use cloud storage and IT servers that are located offshore.
By providing us with your personal information, you consent to us disclosing your information to entities located outside Australia and, when permitted by law to do so, on the basis that we are not required to take such steps as are reasonable in the circumstances to ensure that any overseas recipient complies with Australian privacy laws in relation to your information.
Direct Marketing: From time to time we may use your personal information to provide you with current information about our products and services, special offers you may find of interest, changes to our organisation, or new products or services being offered by us or any company we are associated with. By providing us with your personal information, you consent to us using your information to contact you on an ongoing basis for this purpose, including by mail, email, SMS, social media and telephone.
If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our Privacy Contacts using the contact details below. You can choose to opt out of receiving some or all of our direct marketing material. For example, by contacting us you may opt out of receiving periodic information about our products, but may still agree to receive our regular newsletters.
We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
RETENTION OF INFORMATION
We will retain your personal information only for as long as necessary to fulfil the purposes for which the information was collected. Once the information is no longer required to fulfil these purposes, it will be destroyed, erased or de-identified.
ACCURACY OF INFORMATION
We strive to ensure that any personal information we retain and use is as accurate, complete and up-to-date as necessary for the purposes for which it was collected. We do not routinely update personal information unless necessary for these purposes. Nonetheless, if our records regarding your personal information are inaccurate or incomplete and you request that we correct that information, we will respond to your request within a reasonable period and, if reasonable in the circumstances, we will correct that information to ensure that it is accurate, up to date, complete, relevant and not misleading.
We will not charge you for correcting the information.
ACCESS TO INFORMATION
Subject to the Australian Privacy Principles, you have the right to request from us the personal information that we have about you, and, if it is reasonable and practical to do so, we have an obligation to provide you with such information. At your written request, we will provide to you a statement explaining the extent to which we hold personal information about you, and we will explain how that information has been used or disclosed by us.
We may charge you a reasonable fee for our costs incurred in meeting any of your requests to disclose the personal information we hold about you.
We will use appropriate security safeguards to protect your personal information against loss, theft, and unauthorised access.
NOTIFIABLE DATA BREACHES
We strive to ensure the utmost security of your personal information and have internal privacy compliance programs in place to ensure that we do not mishandle your personal information or breach our obligations under the Privacy Act.
However, in the event of a serious data breach, we will take all steps required of us under the law, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) if necessary.
QUESTIONS AND COMPLAINTS
You may request further information about the way we manage your personal information or lodge a complaint by contacting our Privacy Officer at DataProtection@Stericycle.com.
We will deal with the complaint by investigating the complaint, and providing a response to the complainant within 15 business days, provided that we have all necessary information and have completed any investigation required. In cases where further information, assessment or investigation is required, we will seek to agree alternative time frames with you.