1. Introduction
Daraco IT Services (“Daraco”) values your privacy and is committed to protecting your personal data. The following notice sets out how we collect and use your information and the rights you have in relation to your information.
Personal data includes any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This Privacy Statement should be read in conjunction with our terms of use.
2. Data Controller – Who we are
Daraco IT refers to Daraco IT Services. Further details can be found on our website. Our contact details may be found in section 13 of this notice.
3. The legal basis for processing your personal information
Data protection laws set out various grounds on which an organisation may lawfully collect and process your personal data. These include:
- Consent
We can collect and process your data with your consent. In many circumstances where we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
- Contractual obligations
In many circumstances, we require your personal data to provide you with services. For example, we collect your identity and contact information when we verify you as a new client. IF you are unable to provide such information to us, we may not be able to perform services for you or your organisation.
- Legal Compliance
If the law requires us to, we may need to collect and process your personal data. For example, we may require your personal data to comply with anti-money laundering legislation. If you are unable to provide such information to us, we may not be able to provide our services to you or your organisation.
- Legitimate interests
In many situations, we require your personal data to pursue legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests. For example, it may be in our legitimate interests to use your personal information for marketing purposes to assist us with the growth of our business. In Australia, organisations must not collect personal information unless the information is reasonably necessary for one or more of the organisation’s functions or activities subject to some exceptions.
4. Personal data that we collect – What, when & why
We may collect personal data from you in the course of our business, including when you engage our services, through your use of our website, when you contact or request information from us, or as a result of your relationship with our staff and third parties.
The personal information that we process includes, but is not limited to:
- Contact information, such as your name, the company you work for, your title, position, your relationship to a person, your postal address, email address and phone number(s);
- Identification and background information provided by you or collected as part of our business acceptance processes, this may include your full name, photographic identification and gender;
- Financial information, such as bank account and payment card details;
- Technical information such as information collected from your visits to our website;
- Information you provide to us for the purposes of attending meetings and Daraco IT events including dietary requirements;
- Personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them.
We collect your personal information for a number of reasons. These may be to:
- Help us deliver our IT services;
- Confirm your identity
- Develop and market new services
- Comply with any applicable law or court order including Data Retention Law;
- Enforce our agreements with you’
- Recruit new employees
Daraco may be required to collect personal information under the Telecommunications Act 1997 and the laws made under it. Information relating to an individual or a communication to which an individual is party, may be required to be collected under the ‘data retention’ provisions of the Telecommunications (Interception and Access) Act 1979 (‘Data Retention Law’).
Data Retention Law information includes subscriber and account details, telecommunication device details, the source and destination of the communications, the date and time of communications and connections, the type of communication or service and location details.
We do not normally collect or store ‘sensitive information’ as defined in the Privacy Act 1988 (eg. Information about ethnic origin, religious beliefs or health). However, where we are required to and it is practicable to do so, we will seek your consent before collecting your sensitive information and inform you of the purpose at the same time.
Online data collection – Daraco website
Marketing Related Personal Data Processing
We may collect information from you online in a number of ways, such as through the use of our website. Certain services of our website invite you to connect with us. If you do so, we may collect your name, business email address, job title, organisation name and company address. We consider that the collection of this personal data is necessary to pursue our legitimate interests in a way which might reasonably be expected as part of operating and growing our business which does not materially impact on your rights, freedom or interests.
Recruitment
In some instances, Daraco may require you to complete an online job application form (via the careers section of the Daraco website) which allows you to provide us with information relating to your contact details, education, employment history and similar matters. This allows our hiring team to make an informed decision as to whether to proceed with your application. We consider that the collection of this personal information is necessary to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. We may also require your personal data to enter into a contract with you. We will not process any sensitive or special personal information unless we are able to do so under relevant legislation or with your explicit consent.
Automated technologies or interactions
As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data if you visit other websites employing our cookies including, analytics providers such as Google; advertising networks; and search information providers. We consider that the collection of this information is necessary to pursue our legitimate interests in a way which might reasonably be expected (eg. to analyse how our clients use our services, to develop our services and grow our business) and which does not materially impact your rights, freedom or interests. Please refer to our cookies policy for further information.
“Off-line” data collection
We use different methods to collect personal data from you and about you. These may be through direct interactions (such as when you provide us with your business card at a meeting or event), from third-party sources or from publicly available sources. We consider that the processing of this information is necessary to pursue our legitimate interests in a way which is to be expected, to comply with our legal obligations and to perform our contractual obligations.
Anti-Money laundering, anti-terrorism, fraud and other background checks for new clients
There are laws and regulations that we are required to comply with when we take you on as a new client. In order to fulfil our legal obligations, we are obliged to verify the identity of new clients. In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. We consider that the legal basis for this processing is to perform contractual obligations and to comply with legal or regulatory obligations that we are subject to.
5. How we protect your data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and protect your personal data. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
We limit access to your personal data to those employees, agents, contractors and other third parties on a “need to know” basis. We have procedures in place to identify and respond to data security breaches. We will notify you and any data protection authority of a breach where we are legally required to do so.
6. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.
Daraco has a document retention and deletion policy. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).
In some circumstances, you can ask us to delete your data.
7. Who do we share your personal data with?
Daraco may share your personal data with a number of third parties (who may act as “data processors” or “joint data controllers”) in the course of providing our services. These may include, but are not limited to:
- Insurers;
- IT service providers;
- Various professional experts, including accountants and tax advisers;
- Document management services;
- Regulators or tax authorities.
We usually disclose the personal information we collect to our related entities and to third party service providers and contractors, who help us supply our products and services. For example, we may disclose personal information to technology vendors, to help resolve technical problems, or to third party contractors to install equipment on site.
We may be required, as a result of contractual or statutory obligations, to disclose personal information we collect to auditors, who conduct audits of our business and services, or to government agencies, like the Australian Prudential Regulation Authority or to authorised agencies under the Data Retention Law.
Except where indicated above, we will not use or disclose personal information unless:
- the individual concerned has consented to the use and disclosure;
- the third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
- the third party is your creditor, banker or financier; or
- the disclosure is permitted, required or authorised by or under law.
Daraco requires that all third parties that act as “data processors” for us provide sufficient guarantees to implement appropriate technical and organisational measures, only process personal data for specified purposes and have committed themselves to confidentiality.
8. Where your data may be processed
The Daraco website is hosted on servers in Australia. Personal data that you provide us with on our website (such as a request for support) is transferred directly to our Australian records management systems.
9. Direct Marketing
There are several ways you can stop receiving direct marketing communications from us. Click the ‘unsubscribe’ or ‘opt-out’ link in any email communication that we send you, or email us at privacy@daraco.com.au. We will then stop any further marketing related emails from Daraco. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
10. What are your rights over your personal data?
You have a number of rights in relation to the personal data that we hold about you.
Request access to the personal data we hold about you
Subject to any applicable exceptions, we will provide you with a copy of your personal data within the timescales set out in relevant legislation.
Right to rectification
If the information we hold about you is inaccurate, you have the right to have this information rectified.
Right to erasure / ‘Right to be forgotten’
You can ask us to delete or remove your information in certain circumstances.
Right to data portability
In certain circumstances, you may have the right to obtain your personal data in a structured, commonly used and machine readable format and to reuse it elsewhere or ask us to transfer it to a third party of your choice.
Right to object
In certain circumstances, you have a right to object to processing being carried out by us. Where personal data is being processed for direct marketing purposes, you have a right to object at any time.
11. Links to third party websites
Our website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. If you follow a link to any third party website, please be aware that these websites have their own privacy notices or policies and we do not accept any responsibility or liability for their policies.
12. Website & cookies
To ensure we are meeting the needs and wants of our website users, and to develop our online services, we may collect aggregated information by using cookies or similar electronic tools.
A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you register with Daraco, a cookie helps the Daraco website to recall your specific information on subsequent visits. This simplifies the process of recording your personal information, such as billing addresses, shipping addresses, and so on. When you return to the same Daraco website, the information you previously provided can be retrieved, so you can easily use the Daraco website features that you customised.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Daraco website services or web sites you visit.
We do not use this technology to access any personal information of a user in our records and a user cannot be personally identified from a cookie.
13. Contact us
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. This Privacy Notice sets out most of your rights under relevant laws, but not necessarily every right you have.
If you have any concerns, requests, complaints or questions that haven’t been covered, please contact our Data Compliance Officer who will be pleased to help you:
Email us on privacy@daraco.com.au, or write to us at:
Daraco IT Services, PO Box 6605 BAULKHAM HILLS NSW 2153, Australia
14. Complaints
You have a right to make a complaint to the Office of the Australian Information Commissioner (OAIC), GPO Box 5218, Sydney NSW 2001. We would appreciate the opportunity to understand your concerns in the first instance before your contact the OAIC.
15. Changes to this Privacy Notice and your duty to inform us of any changes to your personal data
This Privacy Notice was last updated on 16 July 2018. Should any substantive or material change be made to this Privacy Notice, we will notify you.
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if any of the personal data you have provided us with changes during your relationship with us.
