What this policy covers
Personal information is any information or opinion about you in which you are identified, or from which you are reasonably identifiable.
The Privacy Act applies to IIS
IIS has a deep commitment to privacy and so even though we are a small business we choose to be covered by the federal Privacy Act 1988 in all of our activities and seek to exceed the requirements of other law that protects personal information such as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth).
Why we collect personal information
We don’t collect much personal information, but when we do, we use it to provide services to you and to help us to carry out our business.
How we collect your personal information
The main ways we collect your personal information are:
- When you give it directly to us, for example when you contact us via the website, send us email, subscribe to receive IIS communications or exchange business cards with us
- In the course of discharging any commercial arrangements between IIS and you or your organisation
- Indirectly in the course of normal business, for example, when a third party gives us information about you, or we seek information about you from a third party. We might do this if we are finding people to invite to an event or to offer a service.
Personal information that we collect or hold
We don’t hold much personal information and we would very rarely collect or hold sensitive information such as health information. The sort of personal information we collect or hold may include:
- Information relevant to your business interactions with us such as your name and position, email address, phone number, business postal and street address, and information about our interactions
- The fact that you receive our newsletter and information about your interactions with the newsletter such as the fact that you opened the newsletter and that you clicked the link inside it.
How we use or share personal information
We only use or share personal information to
- Provide the agreed service to a client
- Send privacy news by email to people we have been in contact with and who have not opted out of receiving it
- Put an organisation hosting privacy related meetings in touch with people we know might be interested
If we share personal information with a subcontractor to help us with our work we make them sign a confidentiality agreement and enter into a contractual agreement to keep the information secure. We check from time to time that they have complied with their agreement.
We don’t use or share information about anyone for any other purpose without their permission unless the law requires it.
Overseas storage and disclosure
We use Tresorit an organisation in Switzerland to host our data which includes personal information. The information is encrypted both in transit and on the service provider’s servers. Only IIS personnel have access to it.
Marketing emails and newsletter
We use MailChimp an organisation in the USA to manage our marketing email campaigns. When you subscribe to receive communications from us, MailChimp collects your email and the IP address and location from which you signed in. MailChimp says the following about subscribers:
“Your subscriber lists are stored on a secure MailChimp server. We don't, under any circumstances, sell your lists, contact people on your lists, market to people on your lists, steal your lists, or share your lists with any other party, unless it's required by law. If someone on your list complains or contacts us, we may then contact that person. Only authorized employees have access to view Distribution Lists. You may export (download) your lists from MailChimp at any time, as long as we have a copy.”
You may opt out of our communications and also ask us to delete your subscriber profile from the mailing list.
MailChimp logs both individualised and aggregate information on how many subscribers open a message or click the links inside. We use this information to evaluate and improve the effectiveness of our communications.
Otherwise, we do not disclose personal information overseas to third parties unless we have your informed consent. In these cases we take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles.
IIS website - analytic, session and cookie tools
The time the current visit occurred
Whether the visitor has been to the site before
What site referred the visitor to the web page
The visitor's IP address.
IIS uses the statistics provided by Google Analytics to evaluate the effectiveness of our website and improve its functionality. We do not install any other cookies, local shared objects or other web bugs to research the habits of individual visitors.
For more information about how Google Analytics collects, uses and safeguards website traffic data, click here. You can opt out of Google Analytics by visiting here.
Your right of access to personal information we hold about you
You may ask us for access to personal information we hold about you. Please tell us whether you would like access to all or just a particular part of your personal information. We will respond to you within a reasonable time, which generally will be within 5 working days.
In line with our commitment to protect your privacy, we may ask you to verify your request.
You may ask us to delete personal information we hold about you and your organisation and we will take reasonable steps to do so.
Accuracy of personal information
If you think that personal information we hold about you is inaccurate please contact us at email@example.com and we will correct any identified inaccuracies or let you know why we cannot do so.
Complaints and inquiries
If you have a complaint about the way we have treated your personal information, please contact us and we will respond as soon as possible to resolve the issue. We also welcome any questions and comments you may have about our privacy practices.
Alternatively, write to:
Information Integrity Solutions Pty Ltd
PO Box 978
Strawberry Hills NSW 2012
If you are not satisfied with our response you can complain to the Office of the Australian Information Commissioner
Telephone: 1300 363 992 (from overseas +61 2 9284 9749)