Effective as at 17 August 2023
Your privacy is important to us and we are committed to ensuring that your Personal Information is managed in accordance with the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (the Principles).
-
What is a Privacy Policy?
-
This Privacy Policy (Policy) sets out, in accordance with the Privacy Act 1988 (Cth) (Privacy Act), the Australian Privacy Principles (APPs) (if applicable) the way in which One Place Business Platform Pty Ltd (ACN 612 278 180) trading as Etani Business Platform (Etani, our, us, or we) may collect, store, use, disclose, manage and protect your Personal Information in order to carry out our services and functions. In this Privacy Policy “you” or “your” refers to the reader as an individual.
-
If you are a resident of a foreign jurisdiction, there may be additional provisions that apply to you, and which are set out in this policy below. In those cases, the law that will apply (in addition to the Privacy Act) will be:
- For EU & EMEA Residents: The European General Data Protection Regulation (GDPR);
- For United Kingdom residents: Data Protection Act 2018 (UK GDPR)
- For U.S. Residents: relevant U.S. privacy laws, and for California Residents: California Consumer Privacy Act of 2018 (CCPA);
- For New Zealand Residents: Privacy Act 2020 (New Zealand); and
- For Canadian Residents: Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial laws.
-
At the date of this Policy, Etani is not regulated by the Privacy Act 1988 (Cth) (Privacy Act), however we remain guided by the Australian Privacy Principles contained in the Privacy Act. Whilst guided by the Australian Privacy Principles, we are bound only to the terms of this Policy until such time as we become specifically regulated by any applicable laws. For the avoidance of doubt, Etani does not adopt by contract or otherwise any obligation outside of this policy unless required to by law.
-
This Privacy Policy may be supplemented or amended from time to time, and may be subject to privacy statements that are specific to certain areas of our website or services provided by us. By accessing our website, using our mobile applications and/or using our services you agree to be bound by the Privacy Policy that is in effect at the time you access our website, use our mobile applications and/or use our services. The Last Revised date of this Privacy Policy at 16.2 will inform you as to whether it has been updated since your last visit. This Privacy Policy is publicly available via our website or by contacting us and requesting the same.
-
By using our services, accessing, requesting information on, enquiring about, using, receiving or providing feedback in relation to our operations or services (online, in writing, by telephone or in person), seeking employment or becoming a business partner or affiliate with us; or otherwise providing, or consenting to the collection of, Personal Information by us or our officers, agents or employees, after this Policy has been brought to your attention, you acknowledge and consent to the use, collection, storage or disclosure of your Personal Information by us in accordance with this Policy and the Privacy Act.
-
If you do not agree to us handling your Personal Information in the manner set out in this Policy, we will not be able to provide our services to you and you should not provide us with any Personal Information.
-
-
What is Personal Information?
-
We follow the definition of personal given in the Privacy Act: “Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.”
Personal Information may include “Sensitive Information” being:
-
information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual orientation or practices; or
- criminal record;
- health information about an individual; or
- genetic information about an individual that is not otherwise health information; or
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates
however if the information is not Personal Information, it cannot then be Sensitive Information.
-
-
-
What happens if you want to deal with us anonymously or using a pseudonym?
-
When contacting us, you can do so either anonymously or by using a pseudonym. However, when accessing our services in such a way, we may not be able to provide you with accurate or useful information, and you may not be able to access a full range of our services. Further, we may not be able to investigate incidents or complaints you have made.
-
-
What kinds of Personal Information might we collect and hold?
-
General Personal Information
-
The Personal Information we may collect, hold, use and disclose about you depends upon your relationship with us, the service you have requested from us and how you interact with us. This information may vary depending on our specific needs, and may include but is not limited to:
- your name and date of birth;
- your gender and marital status;
-
your contact information, including:
- work, postal, and residential address(es);
- telephone and facsimile number(s); and
- email address(es);
-
your financial information, including:
- bank account or credit card details;
- income;
- assets and liabilities;
- account balances and financial statements;
- tax statements;
- employment details; and
- citizenship and residence status;
- records of your communications and other interactions with us; and
- any content that you provide in connection with the use of our website including, but not limited to, postings on any blogs, forums, wikis and other social media applications and services that we may provide.
-
-
Non-Personal Information
-
We may also collect, hold, use and disclose information about you that is not necessarily Personal Information including, but not limited to:
-
data relating to your activity on our website or our mobile applications via tracking technologies such as analytic, cookie and session tools, which can include:
- the identity of your internet browser;
- the type of operating system or mobile operating system you use;
- your IP address;
- the type of mobile device you use;
- the mobile device unique ID;
- the domain name of your internet service provider;
- the pages accessed on our site; and
- non-personal details of any survey responses you provide.
-
-
We may use this Non-Personal Information for internal purposes including, administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services.
-
-
Sensitive Information
-
If we require your Sensitive Information, we may collect, hold, use and disclose it only with your consent, only as permissible by law and only if the information is reasonably necessary, and directly related to our services and activities or as otherwise required by law. We will treat your sensitive information appropriately and with utmost confidentiality and respect.
-
By providing or enabling us to collect Sensitive Information, you consent to our collection, holding, use and disclosure of that information for the purpose of discharging our statutory and other functions.
-
If we wish to use or disclose your Sensitive Information for any secondary purpose, we will only do so with your consent and only if the secondary purpose is directly relevant to the primary purpose for which the information was collected.
-
We will only keep your sensitive information whilst you consent to us doing so, or if we are required to by law or to protect a legal right. If you want us to destroy or de-identify your sensitive information you may request we do so in writing. This may, however, limit our ability to serve and assist you.
-
-
Government related identifiers
- Other than where permitted by the Principles or any other law, we will not use or disclose any government related identifier of you or adopt it as our own identifier.
-
-
How do we collect Personal Information?
-
We generally collect Personal Information directly from you, this can be:
- when we contact you or you contact us;
- when information is uploaded into our systems by our clients or other third parties;
- when we communicate with you including, recording the information you provide via phone calls, interviews and other forms of communication;
- when you attend our office [OB1] ;
- through applications or other forms that you complete and provide to us including surveys;
- when you attend an event we have organised or sponsored;
- when you post about us on any blogs, forums, wikis and other social media applications and services;
- when you use our website or mobile applications including, through the use of third party analytics, cookie and session tools; and
- any other means by which you directly communicate or provide the information to us.
-
We only collect Personal Information about you that is necessary for us to perform the services you are seeking and when it is reasonably necessary and directly related to our services and functions.
-
We may also collect information about you from a third party, these may include but are not limited to:
- Information about you, your business, and your financial affairs where a third party makes use of our services to run their business;
- public records or sources of information (e.g., telephone directories, government registers, market research organisations, credit reporting bodies, etc.); and
- people authorised by you to provide us with your Personal Information (e.g., your lawyer, accountant, tax adviser, financial planner, insurance broker, employer, etc.).
-
We will only collect information from a third party if you have authorised us to collect information in this manner, where we reasonably believe you have given authority for us to collect the information from a third party, or where it is not reasonable or practical for us to collect this information directly from you.
-
If we receive your Personal Information in an unsolicited manner, within a reasonable period after receiving the information, we will determine whether or not we could have collected the information under the Act and the Principles as if we had solicited the information and:
- if we determine we could not have collected your Personal Information and your Personal Information is not contained in a Commonwealth record, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy your Personal Information or ensure that your Personal Information is de-identified; or
- if we determine we could have collected your Personal Information or your Personal Information is contained in a Commonwealth record, we will collect, hold, use and disclose your Personal Information in accordance with this Privacy Policy and any requirements of the Act and the Principles.
-
When using our virtual assistant, EVA, from time to time we may use pseudo-anonymisation to minimise the level of Personal Information accessed, processed or stored by us. Pseudo-anonymisation refers to the process of using substitute words for those that would otherwise disclose your Personal Information. Whilst the results of pseudo-anonymisation could potentially be reversed so as to re-identify you, we use this process to enable our system to provide you with the best possible service outcomes. In the event we do not use pseudo-anonymisation we will keep your information secure in accordance with our other practices. If you have any questions regarding the process of pseudo-anonymisation, please let us know.
-
-
How do we hold and secure your Personal Information?
-
We will generally hold your Personal Information as either physical records at our premises or off-site, as electronic records on our servers or on third party servers and, in any case, in accordance with the storage and security of Personal Information procedures detailed below.
-
We have in place reasonable commercial standards of technology and operational security to protect all Personal Information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure. We take steps to protect the Security of your Personal Information by regularly assessing risk and taking measures to address any potential risk.
-
We store your Personal Information digitally (unless legally required to retain in hard copy format). Any hard copy material is secured at our headquarters in Adelaide, South Australia. All digital material is secured using password protected computers and databases.
-
We primarily use data storage providers located inside Australia. However, some data may potentially be stored overseas, likely in the Philippines. Where appropriate, we have agreements with our storage providers to keep all Personal Information they store secure, using reasonable and appropriate security methods. We conduct regular audits of our compliance with this Policy and the Privacy Act to ensure that our privacy framework is in line with industry best-practice.
-
We destroy or de-identify Personal Information in a secure manner when we no longer need it, subject to any legal requirement to maintain Personal Information for a specific period of time.
-
-
Why do we collect, hold, use and disclose Personal Information?
-
We offer a wide range of products and services to our clients and we need to collect certain Personal Information in order to be able to provide these effectively. We will collect, hold, use and disclose your Personal Information where it is reasonably necessary to:
- provide or offer you relevant products and services (including mobile applications);
- respond to your requests or inquiries;
- establish, manage and maintain any relevant products and services provided to you;
- arrange for other related products or services to be provided or offered to you by third parties;
- any other purpose you may reasonably expect;
- any other purposes that have been disclosed to and authorised by you (including but not limited to those you consent to below); and
- any purpose authorised or required by law, a court or tribunal including those required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Corporations Act 2001 (Cth), and the US Foreign Account Tax Compliance Act (US).
-
These primary purposes may include disclosures to organisations or third parties that handle information on our behalf or provide us with technical support services and professional advice.
<
li>
- you have consented to the use or disclosure of the Personal Information; or
- you would reasonably expect us to use or disclose the Personal Information for the other purpose and the other purpose is:
- if the information is Sensitive Information – directly related to the primary purpose; or
- if the information is not Sensitive Information – related to the primary purpose; or
- otherwise authorised by law, a court or tribunal.
If we have collected Personal Information (other than a government related identifier) for a primary purpose, we will not use or disclose the Personal Information for another purpose (other than for Direct Marketing) unless:
-
-
By providing us with your Personal Information, you consent to us collecting, holding, using and disclosing your Personal Information (including holding by, using by and disclosure to any third parties or overseas recipients):
- in the manner set out in this Privacy Policy;
- for the primary purposes referred to above;
- for the secondary purposes referred to above;
- for any other purpose(s) specified in this Privacy Policy;
- to provide you with news and information about our products and services or events;
- for any purpose necessary or incidental to the provision of our products and services (including mobile applications);
- to provide you with functionality on our website including customising and improving your online experience with us;
- to personalise your experience with our products and services (e.g., via use of blogs, forums, wikis and other social media applications and services);
- for internal purposes including administering our services, diagnosing problems, generating statistics and trends and improving the quality of our products and services;
- to send you marketing and promotional material (including Direct Marketing) that we believe you may be interested in, either from any of our related entities or a third party business which we consider may be of interest to you;
- to seek your feedback on our products and services, or for market research purposes;
- as part of a corporate transaction such as a sale, divesture, merger or acquisition; and
- for any other purpose required or authorised by law, a court or tribunal.
-
Your Personal Information may also be used and disclosed in order to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosure to law enforcement, regulatory or government agencies.
Who do we share your Personal Information with?
-
We may share your Personal Information with third parties for the reasons referred to in section 7, or where the law otherwise allows or requires us to.
-
The types of third parties include:
- our clients in order to facilitate the use and operation of the services we offer;
- your accountant, tax adviser or financial planner;
- contracted service providers and specialist advisers we engage to provide us with services such as administrative, financial, insurance or research services, some of whom may contact you on our behalf;
- third party suppliers (each a Third Party Supplier) who provide us with necessary hardware, software, networking, connectivity, functionality, storage and related technology required to provide our products and services (including mobile applications) some of whom may contact you on our behalf;
- third-party data sources (each a Third Party Connector) that you may connect to and import data from whilst using our products and services (including mobile applications);
- courts, tribunals and other dispute resolution bodies in the course of a dispute;
- credit reporting or reference agencies or insurance investigators;
- anyone authorised by you or to whom you have provided your consent (either expressly or impliedly); and
- anyone to whom we are required or authorised by law to disclose your Personal Information (e.g., law enforcement agencies and national and international government and regulatory authorities including but not limited to the Australian Taxation Office, the Australian Prudential Regulation Authority, The Australian Securities and Investments Commission, the Australian Transaction Reports and Analysis Centre and the United States Internal Revenue Service.
Do we use your Personal Information for Direct Marketing purposes?
-
We may use your Personal Information to communicate directly with you to promote our products and services and provide you with information about our products, services and activities that we believe you may be interested in (Direct Marketing).
-
If you receive Direct Marketing material from us, and do not wish to continue receiving it, please contact us by any of the methods stated in this Policy, asking to be removed from all future Direct Marketing programs. Once we have received your opt-out request, we will remove you from our Direct Marketing programs as soon as reasonably practicable.
Do we transmit your information via the internet?
-
Where appropriate we use secure transmission facilities; however, no transmission of information over the internet can be guaranteed to be completely secure and we do not warrant the security of any information transmitted by or to us over the internet. Users enter our website and use our mobile applications and other products and services at their own risk.
What about Cookies and analytics?
-
Our website and mobile applications may use a range of tools provided by third parties, including Google, Bing and our web hosting company to collect or view website and internet traffic information. These sites have their own privacy policies.
-
We may also use cookies [1] and session tools to improve and customise your experience when accessing our websites. Cookies are frequently used on the internet and you can choose if and how a cookie will be accepted by changing your preferences in your browser. You may not be able to access some parts of our website if you choose to disable the cookies, particularly the secure parts of the website. We therefore recommend you enable cookie acceptance to benefit from all the services on the website.
-
Website analytics measurement software may also be used to assist in tracking traffic patterns to and from websites, anonymously surveying users of the sites. The system is used to collect such information as the number of unique visitors, how long these visitors spend on a website when they do visit, and common entry and exit points into and from a website. This Non-Personal Information is collected and aggregated by third party software and provided to us to assist in our analysis of our websites and mobile applications. You cannot be identified personally from this information and no Personal Information is stored about you.
What about social networking services and linked websites?
-
We may use social networking services such as Twitter, Facebook LinkedIn and YouTube to communicate with you and the public at large about our work. When you communicate with us using these services we may collect your Personal Information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your Personal Information for its own purposes. These social networking services have their own privacy policies and we strongly recommend that you review them.
-
Our websites and mobile applications may contain links to external third party websites or mobile applications that we believe may be of relevance or use to you. This Privacy Policy does not apply to any of these linked websites or mobile applications and they are not subject to our privacy standards and procedures. A linked website or mobile application may contain its own privacy statement and we strongly recommend that you review it before using the website or mobile application.
Do we send your information overseas?
-
We are a South Australian based organisation, however we may disclose your Personal Information to our servers, agents and employees, Third Party Suppliers, Third Party Connectors, and other third parties and service providers located overseas (each an Overseas Recipient) including holding your Personal Information on third party servers located overseas. The country in which an overseas recipient is likely to be located is the Philippines.
-
In relation to Third-Party Connectors, we are not able to inform you of which overseas countries they may be located in as this will depend on your actions and whatever agreement(s) you have with Third-Party Connectors which is beyond our control and knowledge.
-
In the event that your information is sent overseas, we will use our best endeavours to ensure that any overseas supplier will keep all Personal Information secure.
-
We will only do so with your consent (including your consent given above or any implied consent) or otherwise in compliance with the Privacy Act and the Principles. We will inform you as far as reasonably practical of the countries in which overseas recipients are likely to be located.
-
Web traffic information may be disclosed to Google Analytics or other analytics providers when you visit our websites. These analytics providers may store this information across a large multitude of countries, to which it is impracticable to name each one.
-
When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may also collect and hold your Personal Information overseas across a large multitude of countries. These social networking services have their own privacy policies and we strongly encourage you to review them.
How can you access and/or correct your Personal Information?
-
We will take reasonable steps to ensure that your Personal Information is accurate, complete, up to date and relevant whenever it is collected, used or disclosed. We rely on the accuracy of the information you, and anyone authorised by you, provides to us. If you think that we may hold information about you that is incorrect in any way, please contact us. If your Personal Information is found to be inaccurate, not up to date, incomplete, irrelevant or misleading having regard to the purpose for which it is held, we will take reasonable steps to correct your Personal Information.
-
You may request access to your Personal Information by contacting the Privacy Officer. You are also welcome to contact our Privacy Officer to:
- seek more information about anything contained in this Privacy Policy;
- request a copy of this Privacy Policy in a different format;
- update or correct your Personal Information;
- ask about accessing or correcting your Personal Information that we hold;
- opt-out of receiving Direct Marketing information; or
- make a privacy related complaint.
-
Subject to us being permitted or required by law to withhold your Personal Information, we would be happy to advise you what Personal Information we hold about you. We will respond to all requests within a reasonable period. An administrative fee may be charged to cover our costs in providing you with access to such information. This fee will be explained to you before it has been incurred.
-
You may request access to Personal Information we hold about you. Upon receiving an access request, we may request further details from you to verify your identity. The steps appropriate to verify an individual’s identity will depend on the circumstances and we seek the minimum amount of Personal Information needed to establish an individual’s identity.
-
We reserve the right not to provide you with access to Personal Information that we hold about you if we cannot verify your identity to our reasonable satisfaction.
-
We will respond to your access or correction request within a reasonable period of time.
-
If we refuse to provide you with access, we will notify you of our reasons and mechanism by which you can complain about our decision. Access may be denied where:
- we believe your request is frivolous or vexatious;
- we are entitled to reject a request by law;
- we are unable to verify your identity; or
- you have not paid the administrative fee (if any).
-
If you believe that the Personal Information we hold about you is inaccurate or otherwise requires correction, you may send us a correction request by contacting us. If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
How to make a complaint
-
You may contact our Privacy Officer at the contact details below at any time if you have any questions or concerns about this Policy or about the way in which we handle your Personal Information.
-
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
-
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
-
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
-
If you are not satisfied with our response to your complaint, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC) (for the most up-to-date contact details, please go to the OAIC’s website www.oaic.gov.au). The OAIC is independent to us.
-
If you have a question or complaint, you can raise it with us by contacting our Privacy Officer on the details below.
Contact us
-
Our Privacy Officer’s contact details are:
- Email: cameron@etani.com.au [OB1]
- Phone: 0488 559 069 (please ask for the Privacy Officer)
- By post: Privacy Officer, PO Box 6233, Linden Park South Australia 5065
Does this Policy ever change?
-
From time to time, we may make changes to this Policy, with or without notice to you. We recommend that you visit our website to keep up to date with any changes.
-
This policy was last reviewed on 11 August 2023.
GDPR and UK GDPR – Notice
-
This notice is to European residents and residents of the United Kingdom and is supplementary to our Privacy Policy to explain your additional or specific rights as a European resident.
-
The GDPR is the European Union (EU) data protection law. The UK GDPR is the law implementing the GDPR in the United Kingdom. Australian-based organisations that offer goods or services to persons in the EU/UK or who may access their website. This provision will not apply to a significant portion of the persons who use our site or services.
-
From time to time, we may capture or collect Personal Information that passes through the EU or UK. This might occur, for example, if a person in the EU or UK accesses the Site and we collect analytical data about them, enquiries about our services from the EU or UK, or if one of our customers gives us information about a person in the EU or UK. If this occurs, we will treat the Personal Information received in accordance with this policy.
-
Where data is processed or monitored in the EU or UK, you may have additional rights, such as:
- the right to request that we delete your Personal Information (unless we require that information to comply with a legal obligation, or need it to bring or defend a legal claim);
- the right to restrict our processing of your Personal Information (where it is inaccurate, would be unlawful to process, or where it has not been deleted due to us needing it to meet a legal obligation);
- the right to receive your Personal Information in a readable format (Right to Data Portability); and
- the right to object to the processing of Personal Information.
-
A complete list of your rights may be viewed here: General Data Protection Regulation (GDPR) – Official Legal Text (gdpr-info.eu)
-
We also have certain obligations in relation to the management of a data breach, including:
- We must advise the relevant statutory authority of a data breach within 72 hours of becoming aware of the breach; and
- We must advise affected persons.
CCPA – Notice
-
This notice is to California residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a Californian resident (if we are deemed a CCPA Business). This provision will not apply to a significant portion of the persons who use our site or services.
-
You have the right to:
- request access to Personal Information we collect, use, disclose and if relevant sell up to two times per year;
- request we delete Personal Information we collect from you, subject to applicable legal exceptions;
- (if relevant) opt-out of sale of Personal Information.
-
To make an access or deletion request please contact the email specified in paragraph 16 above.
PIPEDA - Notice
-
This notice is to Canadian residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a Canadian resident (if we are deemed a PIPEDA Business). This provision will not apply to a significant portion of the persons who use our site or services.
-
You have the right to:
- access your Personal Information;
- challenge the accuracy of your Personal Information;
- challenge our compliance with the PIPEDA by raising your concerns with our Privacy Officer.
-
To make an access request, request correction of your Personal Information or challenge our compliance with the PIPEDA please contact the email specified in paragraph 16 above.
NZ Privacy Act – Notice
-
This notice is to New Zealand residents and is supplementary to our Privacy Policy to explain your additional or specific rights as a resident of New Zealand (if we are deemed to come under the Privacy Act 2020).
-
You have the right to:
- be told how, when and why we are collecting your Personal Information;
- be told what will happen if you do not give us your Personal Information;
- have your Personal Information kept safe; and
- see your information and request that it be corrected.
-
To make an access or correction request please contact the email specified in paragraph 16 above.
[1] ‘Cookies’ are small text files that are stored by the browser (e.g., Internet Explorer, Firefox, Chrome or Safari) on your computer or mobile device. They allow websites to store such things as user preferences and to help us determine the type of browser and settings you are using, where you have been on the web site, when you return to the web site, the next page you accessed and where you came from. The purpose of this information is to provide you with a more relevant and effective experience on our website, including presenting web pages according to your needs or preferences.