with Australian Privacy Principles set out in the Privacy Act.
For information about our management of credit-related personal information, please see our Credit Reporting Policy.
What kinds of personal information do we collect and hold?
“Personal Information” is information or an opinion, in any form (whether true or not) about an individual or an individual who is reasonably
The kinds of personal information we collect and hold will vary depending on your dealings with us and the circumstances of collection. For example, whether we collect personal information from you as a customer, guarantor, contractor, job applicant, supplier, or in some other capacity.
The kinds of personal information we collect and hold may include any of the following:
- Your name, title, and residential or business address
- Your occupation or employer
- Your qualifications and career history
- Your date of birth and other forms of identification (such as a driver’s licence)
- Your telephone number and other contact details, including email addresses
- Your Internet Protocol (IP) address and online passwords
- Records of your communications and interactions with us
- Records of your application to us as a potential employee or contractor
- Records relating to your engagement, conduct, hours worked, and payment as a contractor
- Details relating to your use of our products and services
- Credit card or debit card information
- Banking details
- Your ABN and government related identifiers, such as tax file numbers
- Information about the way you use our website
You do not have to give us your personal information. However if you choose not to give us your personal information we may be unable to provide you with our products or services, grant credit terms to you, process or assess your application, finalise payment of products or services you have ordered, deliver products you have ordered, or otherwise do business with you or an entity you are connected with.
“Sensitive Information” includes information about your health, race, ethnic origin, and religious beliefs.
We will not generally collect sensitive information. However you may wish to provide us with sensitive information about you from time-to-time. For example, if you are a contractor you may wish to provide us with information about your health in connection with an incident on one of our work sites. If we do collect sensitive information about you we will only do so with your consent or where the collection is required or authorised by law.
Government related identifiers
“Government related identifiers” are identifiers such as driver’s licence numbers or tax file numbers. We do not collect, use, or disclose government related identifiers unless they are reasonably necessary to verify your identity for our business purposes, or where the use or disclosure is required or authorised by law. We do not adopt those identifiers to identify you or the information we may have collected about you.
Can you deal with us anonymously or by using a pseudonym?
You have the option of dealing with us anonymously or through the use of a pseudonym where it is practical to do so. For example, when you make general enquiries with us about the type of products or services we supply, or when you provide us with feedback. If you choose to deal with us using a pseudonym we will not link that pseudonym to your personal information.
However we may be unable to deal with you or an entity you are connected with if we cannot identify you. For example, we may not be able to supply purchased goods or services to you without knowing your name and address. In some circumstances we may be required by law only to deal with an individual who has identified themselves.
How do we collect your personal information?
We will collect your personal information from you directly whenever it is reasonable and practical to do so. There are a number of ways we may collect your personal information, including when you:
- Submit information through our website
- Deal with us face-to-face, in writing (by letter, facsimile, or email), or by telephone
- Participate in any of our events or promotions, or subscribe to any of our publications
- Submit an application, quote, purchase order and/or service request to us
- Visit our website (such as through the use of ‘cookies’ to record the way you use our website)
- In the course of supplying products and service to you, or through our other dealings with you
Where we outsource our functions to third party service providers, those providers may also collect personal information from you on our behalf.
In some cases we may collect your personal information from publicly available records, our related bodies corporate, or non-related third parties. The circumstances where we collect your personal information from third parties may include:
- From your employer, in relation to products or services we supply to your employer as our contractor or as our customer
- From an individual or entity who may be providing services to you as our contractor
- From a third party who supplies us with products or services, including our suppliers, agents and advisors
- From a third party (such as a trade referee or credit reporting body) to assist us in assessing your application for credit. For example, to
verify the information you have provided to us or to assess your circumstances
- Where we need information from your current or former employer to assist us in assessing your job application or expression of interest as
- From a third party to assist us in locating or communicating with you
- From a third party to otherwise assist us in supplying you with products or services
At all times we will ensure that your personal information is collected in a lawful and fair way, and that we comply with the Privacy Act and the Australian Privacy Principles.
Collection of “cookies” and IP addresses
We use technology known as “cookies” when you visit our website to collect information about the session between your computer and our website.
A “cookie” is a small data file that will be stored on your computer hard drive or browser, recording the way you use our website. For example, cookies may record which pages of our website you have looked at or the information you searched for. We may also create cookies to display information and enable a “remember me” option to automatically log you in the next time you use our website. You can refuse all cookies by turning them off in your browser, although this may mean you cannot access certain parts of the website.
Our system automatically collects the unique network address of your computer (generally known as an IP Address) so that our system can send information to your computer. While it is possible to determine the general location of a computer from its IP address, an IP address is otherwise anonymous. If you have an online account with us, we may collect and hold:
- The IP address of each login attempt against your email account
- Details of the log in request (such as the operating system and browser) so that we can better identify your system and improve our support
- Details of the login request time, success time, and the reason for any failure to log in
We do not otherwise use your IP address to personally identify you.
The internet is not a secure method of transmitting information. Other than where we use Secure Socket Layer (SSL) technology (such as for the transmission of credit card information), to the maximum extent permitted by law we cannot and do not accept responsibility for the security of information you send to or receive from us over the internet, or for the unauthorised access or use of that information.
How do we manage unsolicited information?
If we receive any unsolicited personal information about you, which is not reasonably necessary for our business purposes, we will take steps to destroy or permanently de-identify that information as soon as it is reasonable and practical for us to do so. However we may be unable to destroy or de-identify unsolicited personal information if it would be unlawful for us to do so.
Why do we collect, hold, use, and disclose your personal information?
We collect, use, and disclose personal information reasonably necessary for our business purposes and as required by law. Those purposes may include:
- Supplying our customers with products and services
- Managing the supply of our products and services (including processing invoices, receipts and payments)
- Managing relationships with our customers and stakeholders
- Responding to enquiries about applications, accounts, and our products and services (including through our technical publications and catalogues)
- Assessing credit applications and/or guarantees (which may involve disclosures to trade referees or credit reporting bodies for those purposes)
- Conducting checks for credit worthiness and/or fraud
- Assessing job applications or expressions of interest from potential contractors (which may involve verifying identity and/or work history for
those purposes) and managing relationships with our contractors
- Assessing and investigating insurance claims or risks
- Dealing with complaints
- Ensuring safety on our work sites
- Conducting research, development, and marketing (including direct marketing)
- Debt collection, confidential dispute resolution, legal proceedings, or otherwise establishing, exercising or defending a legal or equitable claim
- Complying with legal and regulatory requirements. There are various Australian laws which require us to collect and/or disclose your personal information including the Personal Property Securities Act 2009 and laws governing State and Territory real property and security interests (for example, to register and search for security interests).
We may also use or disclose your personal information for another purpose related to the primary purposes set out above. For example, we may use the information you have already given us to supply you with further products and services. However we will only use or disclose information for another purpose with your consent or if you would reasonably expect us to do so.
When will we disclose your personal information to third parties?
We may disclose your personal information to our related bodies corporate and third parties for the purposes set out above. The third parties to whom we may disclose your personal information include:
- The manufacturers, suppliers, and contractors we use in our business
- Insurers, assessors, and underwriters
- Professional advisors and consultants (such as lawyers, accountants, and auditors)
- Debt collectors
- Your guarantors and security providers
- Credit reporting bodies, credit providers and other information providers
- Government and regulatory authorities (as required by law)
- Website hosts
- Organisations that assist us in research and development
- Third party service providers to whom we outsource some of our functions
Use of third party service providers
We will disclose your personal information when we outsource certain of our functions to third party service providers. The functions we may outsource include:
- Managing the supply of our products and services (including processing invoices, receipts and payments)
- Establishing credit accounts and managing the credit provided to our customers
- Assessing credit applications and/or guarantees (which may involve disclosures to trade referees or credit reporting bodies for those
- Responding to enquiries about applications, accounts, and our products and services
- Conducting checks for credit worthiness and/or fraud
- Debt collection
Direct marketing involves communicating with you directly for the purpose of promoting our goods and services to you. From time-to-time we may use and disclose the personal information we hold about you to let you know about special offers, promotions, and products and services we think may be of interest to you. We will engage in marketing unless you tell us otherwise. However you can opt-out of receiving marketing communications from us by contacting our Privacy Officer using the details set out below. We will ensure that your name is removed from our marketing list in those circumstances. You also have the right to ask us to identify the source of the personal information we use or disclose for the purpose of direct marketing.
We do not provide your personal information to other organisations for the purposes of direct marketing without your express consent.
Do we send your personal information overseas?
We are not likely to disclose your personal information to overseas recipients.
How do we store and protect your personal information?
We store personal information in both paper-based records and in electronic form (such as on computer servers) on our systems or the systems of our service providers. We take all reasonable precautions to safeguard your personal information from misuse, interference and loss, and unauthorised access, modification or disclosure, including:
- Restricting access to personal information stored in our electronic and paper-based records
- Using technology products to prevent unauthorised access to our electronic databases (such as industry standard firewalls)
- Staff training, policies and procedures in relation to the use of our computers and management of personal information
- Requiring all of our third party service providers to handle personal information in accordance with the Privacy Act and APPs
When we no longer need your personal information we will take reasonable steps to destroy or permanently de-identify that information.
How can you access your personal information?
We take all reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant. If your personal details change at any time (such as your address or phone number) please contact our Privacy Officer.
Under the Privacy Act you have a right to access the personal information we hold about you, subject to some exceptions allowed by law. Factors affecting your right to access include:
- We reasonably believe that access would pose a serious threat to the life, health or safety of any individual, or to public health or safety
- Access would have an unreasonable impact on the privacy of another individual
- The request for access is frivolous or vexatious
- The information relates to existing or anticipated legal proceedings between you and us, and would not be accessible by the discovery process
- Access would prejudice our negotiations with you
- Access would be unlawful
- Denying access is required or authorised by or under an Australian law or a court/tribunal order
- Access would prejudice appropriate action being taken in relation to enforcement related activities, unlawful activity or serious misconduct
- The information relates to a commercially sensitive decision-making process
If you would like access to your personal information, please contact our Privacy Officer using the contact details set out below.
We will usually respond to requests for access to personal information within 30 days of receiving the request. If we refuse your request, we will give you a written notice setting out the reasons for our refusal (except to the extent it would be unreasonable to do so) and the mechanisms available to you to complain about the refusal.
We will not charge you for an access request, however we may charge you a reasonable fee for retrieving your information. We will inform you of any fee and obtain your agreement to that fee before the information is provided to you. We will usually respond to requests for access to your personal information within 30 days of receiving the request.
How can you request correction of your personal information?
We take all reasonable steps to ensure that the personal information we collect is accurate, up-to-date, complete, relevant, and is not misleading. However if you believe that is not the case you have a right under the Privacy Act to request that we correct your personal information.
If you would like to do so, please contact our Privacy Officer using the contact details set out below.
We will usually respond to requests for correction of personal information within 30 days of receiving the request. If we refuse your request, we will give you a written notice setting out the reasons for our refusal (except to the extent it would be unreasonable for us to do so) and the mechanisms available to you to complain about the refusal. You may also request us to associate a statement with your information to the effect that you believe the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading, so that it is apparent to other users of the information.
We will not charge you for correcting personal information or for associating a statement with your personal information.
How can you contact our Privacy Officer or make a complaint?
The Privacy Officer:
In writing: BMI Group
PO Box 226
By telephone: (07) 3254 2933
By Fax: (07) 3358 3397
By email: firstname.lastname@example.org
We will investigate any complaints and respond to you as soon as practicable. If you are not satisfied with the way your privacy-related complaint is handled by us, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC). Details of how to lodge a complaint with the OAIC may be found at www.oaic.gov.au or by calling 1300 363 992.