Privacy Policy

APP Privacy Policy of Allmain Pty Ltd

This policy is dated 29 March 2019 and takes effect from 29 March 2019.

Introduction

Allmain is committed to managing Personal Information in an open and transparent way. This Australian Privacy Principles (APP) based Privacy Policy of Allmain Pty Ltd ACN 075 480 394 (Allmain) is our official privacy policy as required by the Privacy Act 1988 (the “Act”) and the Australian Privacy Principles (the “APPs”) and it applies to all Personal Information about Individuals collected by Allmain. Readers should refer to clause 46 of this policy for the meaning of terms that commence in the upper case.
In this policy we explain how and why we collect personal information about individuals, how we use it, and what controls individuals have over our use of it. The policy, as amended from time to time, is published on our website - www.allmain.net.au
Allmain is committed to complying with Commonwealth Privacy Laws that deal with how Allmain, may collect, hold and use Personal Information about individuals, how it protects and safeguards the privacy of individuals when they deal with us and how we deal with inquiries or complaints from individuals about Allmain’s compliance with the Australian Privacy Principles.
Allmain itself operates only within the confines of Australia. However, because some of Allmain’s Clients operate beyond Australian boundaries, from time to time we receive Personal Information of Individuals that may be subject to Foreign Privacy Law and Regulation. Where such circumstances apply, Allmain is committed to understanding the extent of its holdings of any relevant Personal Information and to the application of Foreign Privacy Law and Regulation to that Personal information.

Collection of information

Allmain will only collect Personal Information by lawful and fair means; its collection may be solicited or unsolicited by Allmain.
Some information provided to us by Clients, Individuals, Organisations and other parties might be considered private or personal. However, without such information we would not be able to carry on our business activities and provide our services. We will only collect Personal Information if that information is necessary for us to perform our functions and activities or to provide our services to our Clients. The types of personal information that Allmain may collect and hold in respect of Individuals may include:
1. names;
2. contact details and Identification Information;
3. financial information, including but not limited to, information about transactions and an Individuals trading history with Allmain;
4. financial information, including but not limited to, information about transactions and trading history with Clients that is required for Allmain to provide its Services to those Clients;
Personal Information is collected in the following situations by Allmain:
1. if an Individual contacts Allmain, we may keep a record of that communication or correspondence;
2. if an Individual submits an application or curriculum vitae or another form of information required to be completed by an Individual to enable and/or facilitate services and or/employment to be provided by Allmain to its Clients;
3. if an Individual provides information directly to Allmain, such as the provision of contact information necessary for the acceptance of an Allmain order or provision of an Allmain service;
4. if an Individual or Organisation provides information to an Allmain Client who in turns provides that information to Allmain to enable it to order or perform its services, functions and activities to the Allmain Client;
5. when conducting certain types of transactions such as cheque or credit card purchases or refunds;
6. when an individual submits their contact details to be included on our mailing lists;
7. when an order is placed with Allmain to provide services, we may require Individuals to provide us with contact information including their name, address, telephone number or email address and financial information (such as credit card details) for the purposes of Processing and fulfilling such an order;
8. when CCTV footage is recorded by Allmain whether on Allmain premises or otherwise; and
9. when conducting our services we regularly acquire photographs to verify the condition of property (both real and personal) which photographs may, but rarely do, also include images of an Individual.
At or before the time the personal information about an individual is collected by us, we will take reasonable steps to ensure that the individual is made aware of:-
1. who we are;
2. the fact that the individual is able to gain access to the Personal Information held about the Individual;
3. the purpose of the collection of the information;
4. the type(s) of organisations to which we may usually disclose the Personal Information collected about the Individual;
5. any laws or court/tribunal orders requiring or authorising the collection of the Personal Information;
6. the main consequences if all or part of the Personal Information is not collected;
7. the individual’s ability to access that information, to have it corrected, to complain about a breach under the APP’s in its management and how such breach will be managed by us; and
8. the countries of the recipients (if any) to which the information may be disclosed. Such steps may, where we are acting as service provider to our Clients, include reliance upon our Clients to make such disclosures to the Individual.
We may collect Personal Information about Individuals directly from that Individual. However, sometimes we may need to collect Personal Information about Individuals from third parties, for the purposes described in this policy. The circumstances in which we may need to do this include, for example, where we need information from a third party to assist us to deliver upon an order (such as to verify information an Individual has provided, or to assess the Individual’s circumstances) or to assist us to locate or communicate with the Individual.

Use of information collected and disclosure of personal information to others

We may use or disclose Personal information held about an Individual as permitted by law and for the primary purposes for which it is collected (e.g. provision of our services, administration of our services, notifications about changes to our services, record-keeping following termination of our services and technical maintenance of our services) to carry on our business activities and provide services to our Clients. We may also use such Personal Information about Individuals for a purpose related to the primary purpose for which it was collected. Where the Personal Information collected is Sensitive Information Allmain will only disclose the Sensitive Information if it is directly related to the primary purpose for which the Personal Information was collected by us or where the Individual would reasonably expect that we would use the Personal Information in such a way. Personal Information is only disclosed by us to third parties outside of Allmain in the circumstances set out in this policy, or as otherwise notified to the Individual at the time of collection of the Personal Information.
Allmain’s primary purposes for which Personal Information is collected, used and disclosed may include:-
1. Processing an Allmain service request, including but not limited to verifying an Individual’s identity and verifying other Personal Information for that service request;
2. managing Allmain services or other commercial relationships and arrangements, including Processing receipts, payments and invoices;
3. assessing and monitoring credit worthiness;
4. detecting and preventing fraud and other risks to us and our Clients ;
5. responding to inquiries about Allmain Services, accounts or other services or arrangements;
6. understanding our customers’ needs and developing and offering Allmain services to meet those needs;
7. researching and developing our services and maintaining and developing our systems and infrastructure (including undertaking testing);
8. ensuring workplace health and safety and productivity of Personnel at Allmain’s workplace premises;
9. dealing with complaints;
10. meeting legal and regulatory requirements. (Various Australian laws may expressly require us to collect/and or disclose personal information about Individuals, or we may need to do so in order to be able to comply with other obligations under those laws);
11. enforcing our rights, including but not limited to undertaking debt collection activities and legal proceedings.
In addition we are permitted to use or disclose Personal Information held about Individuals:
1. where the Individual has consented to the use or disclosure of the Individuals Personal Information. This consent may have been provided directly to Allmain or indirectly to Allmain’s by its Clients’ through a consent to use the Personal Information provided to the Client, that extends to the Client’s agents and/or subcontractors.
2. where we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious immediate threat to someone’s health or safety or the public’s health or safety;
3. where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure of the Personal Information is a necessary part of our investigation of or our reporting of the matter to the relevant authorities;
4. where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
5. where we reasonably believe that the use or disclosure is necessary for prevention, investigation, prosecution and punishment of crimes or wrongdoings or for the preparation and conduct of proceedings before any court or tribunal or the implementation of the orders of a court or tribunal by or on behalf of an enforcement body.
6. where a person (being the Individual or a person related to the Individual) has requested a service to be provided by us and we are required to disclose the information to a third party in order to facilitate the provision of the service for the Individual. In most, if not all cases, any such disclosure will be with the consent of the Individual.
Third parties to whom we may disclose personal information about individuals in accordance with Allmain’s primary purposes set out above may include:
1. Allmain’s Clients;
2. Allmain’s legal advisors;
3. Allmain’s IT service providers;
4. regulatory bodies in Australia;
5. Allmain’s financial advisors;
6. Allmain’s Subcontractors, including without limitation mercantile agents engaged by Allmain as part of its functions and activities;
7. where our scope of works with a Client requires us to collect the Personal Information of an Individual and our client provides us with written instructions to disclose the Personal Information of that Individual to the duly appointed agents, subcontractors or other third parties nominated by that Client provided the Client has first confirmed that such disclosure is reasonably required for the Client to effectively carry on their business;
8. participants in financial and payment systems, such as banks, other credit providers, and credit card associations;
9. guarantors and security providers associated with individuals;
10. debt collectors;
11. cloud information storage providers; and
12. other credit providers.

Transfer of information overseas

Allmain only discloses Personal Information of an Individual to overseas recipients:-
1. where we reasonably believe that:
  1. the recipient is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and
  2. there are mechanisms that the Individual can access to take action to enforce that protection of the law or binding scheme; or
2. we have informed the Individual that 15(a)(i) does not apply and the Individual consents to the disclosure; or
3. the disclosure of the information is required or authorised by or under an Australian law or a court or tribunal order; or
4. a Permitted General Situation (other than the situation referred to in items 4 or 5 of the table in subsection 16A(1) of the Privacy Act) exists in relation to the disclosure of the information by Allmain.
Allmain utilises cloud services for the purpose of storing Personal Information. Personal Information may be disclosed to an Allmain cloud service provider for that purpose. While Allmain’s cloud service providers are located in Australia, the country location of our cloud service providers may periodically change.

Use of and Disclosure of Tax file Numbers and other Government related Identifiers

Allmain does not adopt as its own identifier, tax file numbers and other government related identifiers of Individuals unless it is required or authorised by Australian law or an Australian Court or tribunal to do so.
Allmain does not use or disclose Tax File numbers and other Government related identifiers unless:
1. they are reasonably required for us to conduct our functions or activities; or
2. they are required for us to comply with our obligations with State and Territory agencies and authorities; or
3. it is required or authorised by an Australian Law, or an order of an Australian court or tribunal; or
4. we reasonably believe that the use or disclosure is required for an enforcement related activity conducted by an enforcement body; or
5. a specific regulation of the Privacy Act authorises their use or disclosure.

Anonymity and Pseudonymity

Individuals have the option of dealing with Allmain anonymously. However, this only applies where it is not impracticable for Allmain to deal with individuals acting anonymously or under a pseudonym. For example, individuals making general enquiries of Allmain may do so anonymously or under a pseudonym. However, if the dealing with Allmain is for Allmain to supply services to the Individual, to enter into contractual relations with the Individual or to perform a function or activity which supports an Allmain Client service, then it is impracticable for Individuals to deal with Allmain on an anonymous basis or under a pseudonym.

Direct Marketing

As part of Allmain’s functions and activities and to promote the services we can provide to our Clients and potential Clients, Allmain may use Personal Information and/or statistical information that individuals have provided to Allmain for the purposes of direct marketing. However, this information would always be specific to the particular Client or Potential Client and would not include or involve information about other Clients. Direct marketing includes, but is not limited to, sending information to our Clients and potential Clients or other parties (including Individuals) and/or contacting them in relation to promotions relating to Allmain. Recipients of direct marketing are always made aware of their right to, and are able, to opt out of receiving direct marketing communications by sending an email to Allmain’s Privacy Officer. In any direct marketing communication we remind recipients of their right to opt out of receiving direct marketing communications. We will not use any Sensitive Information about an Individual for the purposes of direct marketing without the Individual’s consent.

Links

Our web site may contain links to other web sites and those third party web sites may collect Personal Information about Individuals if these links are accessed. We are not responsible for the privacy practices of other businesses or the content of web sites that are linked to our web site. Allmain encourages users to be aware when they enter the site to read the privacy statements of each and every web site that collects personally identifiable information.

Personnel and Subcontractors

As part of its adherence to this Policy, Allmain:-
1. uses all reasonable endeavours to ensure:
  1. that all Personnel involved in the provision of its Services are properly trained in the correct handling and Processing of Personal Information (including, without limitation, so as to minimise the risk of accidental Security Breaches); and
  2. the reliability of any of its Personnel who will have access to Personal Information; and
2. ensures that each Subcontractor it subcontracts or proposes to subcontract the performance of any service which it provides:
  1. is capable of performing all of the services that are subcontracted to it, including (without limitation) by providing the level of protection for Personal Information that is required under this Policy; and
  2. is subject to a contract that includes enforceable provisions that are consistent with the privacy, security and data protection obligations in this Policy, including (without limitation) applicable Privacy Laws.

Our Clients Compliance with Privacy Law

Allmain is a service provider to Clients who are subject to strict compliance with Privacy Law concerning services provided to their own clients which are usually much broader in scope than the Allmain Services provided to them. Under its contracts with such Clients (both during and after the terms of its agreements) Allmain is committed:-
1. for the holding of Personal Information acquired pursuant to our agreements with those Clients, to comply with our Clients obligations under Privacy Laws as if Allmain was itself subject to such obligations;
2. to comply with its Clients’ applicable Privacy Policies, guidelines, directions and instructions in relation to the Processing of Personal information;
3. to only collect, use, disclose, transfer or otherwise Process Personal Information in accordance with Client instructions as set out in its agreement with the Client or other governing document;
4. to act in accordance with its Clients instructions in relation to the performance of any obligation which effect its Client’s compliance with any Privacy Laws;
5. to take reasonable steps to ensure that Personal Information is protected against accidental or unlawful misuse, destruction, loss, alteration, interference and unauthorised access, modification or disclosure;
6. to not transferring Personal Information outside Australia except in accordance with Clients’ written authorisation or consent;
7. to not otherwise do anything that would cause its Clients to breach any privacy laws; and
8. to assist and cooperate with its Clients in:-
  1. responding to requests from Individuals to exercise their rights under applicable Privacy Laws (including, without limitation, Personal Information access requests); and
  2. resolving any complaint or investigation made against the Client under Privacy Laws.

Our Clients Compliance with European Privacy Law

In addition to its general obligations to Clients pursuant to clause 15 of this Agreement, where Allmain is duly notified of the applicability of European Privacy laws to Personal information held by it :-
1. our clients act as Data Controller (or its equivalent in the relevant jurisdiction); and ,
2. Allmain acts as Data Processor (or its equivalent in the relevant jurisdiction).
In relation to Personal Information holdings, under European Law and our contracts with our Clients we are:-
1. permitted to transfer Personal Information to our Clients when they are located in the EEA or a country with a “finding of adequacy” by the European Commission, where those Clients need to Process Personal Information in connection with the provision of the Allmain Services provided that:-
  1. our Client’s or where required, their Related Companies and Subcontractors, execute standalone Model Clauses compliant with the GDPR at the time of transfer; and
  2. our contract with our Clients or their Related Companies or Subcontractors contains appropriate acknowledgements from the Clients or their Related Companies or Subcontractors in relation to the roles performed by the parties with respect to the Personal Information which is the subject of any transfer; and
2. committed to enforcing the Model Clauses against all of our Clients and their Related Companies or Subcontractors in accordance with their terms.
Our obligations as Data Processor under European Privacy Laws (and under Client contracts relating thereto) also include assisting Allmain’s Clients-:-
1. to respond to requests by individuals in relation to their Personal Information;
2. to conduct data protection impact assessments;
3. to effect notifications to a competent data protection supervisory authority or body under applicable Privacy Laws and/or communications to individuals by our Clients in response to any Security Breach;
4. to comply with their obligations with respect to the security of Personal Information Processing;
5. by providing our Clients, on a regular basis, with evidence that our Personnel are compliant with Privacy Laws (for example, by providing copies of contractual terms we require our Personnel to sign to confirm their compliance with Privacy Laws, providing information regarding the training of our Personnel on applicable Privacy Laws, and by providing our procedures and copies of Allmain’s privacy policies);
6. by providing proof that our technical and organisational security measures comply with the requirements of applicable Privacy Laws (for example, by providing copies of relevant certifications and specifications of security arrangements);
7. by detecting any instruction from our Clients that may breach any applicable Privacy Laws; and
8. by Cooperating with Regulators in accordance with the GDPR under duly authorised instruction from our Clients

Security and storage

Allmain places a great importance on the security of all information associated with our Clients, Individuals and others who deal with us. We have security measures in place to protect against the loss, misuse and alteration of personal information under our control. Allmain takes all reasonable steps to protect personal information that is under Allmain’s control from misuse, interference, loss and/or unauthorised access, modification or disclosure. All personal information held is kept securely and that which is held electronically is held on secure servers in controlled facilities.
Personal information is de-identified or destroyed securely when no longer required by us.
Allmain retains information provided to us including Individuals’ contact and financial and transactional information to enable us to verify transactions and customer details and to retain adequate records for legal and accounting purposes. Such information is held securely, including on secure servers in controlled facilities.
Information stored within our computer systems or by our agents who provide electronic storage facilities can only be accessed by those entrusted with authority and computer network password sanctions.
No data transmission over the Internet can be guaranteed to be absolutely secure. As a result, while we strive to protect users’ personal information, Allmain cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once Allmain receives a transmission, we make every effort to ensure the security of such transmission on our systems.

Access to and correction of personal information

Allmain is committed to and takes all reasonable steps in respect of maintaining accurate, timely, relevant, complete and appropriate information about our customers, Clients and web-site users.
Any individual may request access to personal information about them held by Allmain. Such a request for access to personal information is to be made to Allmain’s Privacy Officer:

Allmain’s Privacy Officer
PO Box 5212
Manly Qld 4179
Telephone: 07 3386 4999
Allmain does require that, as part of any request by an Individual for access to Personal Information, the Individual verifies their identity so that Allmain may be satisfied that the request for access is being made by the Individual concerned.
It is noted that Allmain is not required to give an individual access to Personal Information in circumstances where:-
1. Allmain reasonably believes that giving access would pose a serious threat to the life, health or safety of any Individual, or to public health or public safety; or
2. giving access would have an unreasonable impact on the privacy of other Individuals; or
3. the request for access is frivolous or vexatious; or
4. the information relates to existing or anticipated legal proceedings between Allmain and the Individual, and would not be accessible by the process of discovery in those proceedings; or
5. giving access would reveal the intentions of Allmain in relation to negotiations with the Individual in such a way as to prejudice those negotiations; or
6. giving access would be unlawful; or
7. denying access is required or authorised by or under an Australian law or a court/ tribunal order; or
8. both of the following apply:
  1. Allmain has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Allmain’s functions or activities has been, is being or may be engaged in; and
  2. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
9. giving access would reveal evaluative information generated within Allmain in connection with a commercially sensitive decision-making process.
Inaccurate information will be corrected upon receiving advice to this effect including, at the Individual’s request, notification of the correction to any third party who is subject to Privacy Law. To ensure confidentiality, details of an Individual’s personal information will only be passed on to the Individual if we are satisfied that the information relates to the Individual. From time to time, and having regard to the purpose of the collection and use of Personal Information about Individuals, we may contact individuals to seek confirmation that the Personal Information provided to us by the Individual is accurate, up-to-date and complete.
If we refuse to provide an Individual with access to Personal Information or we refuse to correct the Personal Information held by us about the Individual, then we will provide reasons for such refusals. Such reasons will set out the grounds for refusal, the mechanisms available to complain about the refusal and any other matters that are required by the Privacy Act.
Allmain will respond to any requests for access or correction within a reasonable time of receipt of the request, but by no later than 30 days of the request being received.

Data Security Breach

Definition
1. Data Security Breach is defined in clause 46 of this Policy.
2. Examples of a data breach include the following incidents:-
  1. a device containing an Individuals Personal Information is lost or stolen;
  2. a database containing Personal Information is hacked; or
  3. Personal Information is mistakenly provided to the wrong person.
Notifiable Data Breaches Scheme
1. Allmain is subject to and maintains compliance with the Notifiable Data Breaches Scheme (NDB) under the Privacy Act.
2. The NDB applies to data breaches involving Personal Information that are likely to result in serious harm to any Individual affected. These are referred to as ‘eligible data breaches’.
3. Under the NDB, where Allmain suspects that an eligible data breach may have occurred it must undertake a reasonable and expeditious assessment to determine if the Data Security Breach is likely to result in serious harm to any Individual affected. When Allmain is aware of reasonable grounds to believe an eligible data breach has occurred, it must promptly notify Individuals at likely risk of serious harm. The OAIC must also be notified as soon as practicable through a statement about the eligible data breach.
4. In line with OAIC guidelines Allmain maintains a data breach response plan which includes:-
  1. its strategies for containing and remediating Data Security Breaches including compliance with its contractual agreements and protocols with its Clients as to the allocation of responsibility for the rectification of breaches, management of breach responses and for the communication with Individuals affected by a breach;
  2. ensuring it has the capability to implement those strategies as a matter of priority;
  3. a clear and immediate communications strategy incorporating Allmain’s contractual responsibilities and protocols agreed with its Clients that allows for the prompt notification of breaches to affected Individuals and other relevant entities (eg regulators);
5. Our plan for responding to Data Security Breaches includes action steps to:-
  1. Contain the data breach to prevent any further compromise of Personal Information;
  2. Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected Individuals and, where possible, taking action to remediate any risk of harm to Individuals;
  3. Notify Individuals and the OAIC if required. If the breach is an ‘eligible data breach’ under the NDB scheme, it may be mandatory for the entity to notify; and.
  4. Review the incident and consider what actions can be taken to prevent future breaches.
6. Our plan includes adherence to Processes (agreed with our Clients as contractual commitments) to ensure the best response to an actual or suspected Data Security Breach or complaints relating thereto including:-
  1. informing our Clients as soon as practicable (usually within 24 hours) of any affected data which is the subject of our contract(s) with them; and
  2. liaising and take instruction from our Clients in both the remediation of and the reporting of those breaches and or complaints. This plan may result in actions being taken by Allmain Clients on Allmains behalf in response to a Data Security Breach, but such actions must be sufficient and appropriate (according to Allmain’s own determination) for Allmain to comply with its own obligations under Privacy Law.

Complaints

If an individual has a complaint about our APP Privacy Policy or Allmain’s collection, use or safe disposal or destruction of Personal Information about the Individual, any complaint should be directed in the first instance to Allmain’s Privacy Officer at the contact details set out at clause 33 of this policy.
We will investigate any complaint within 30 calendar days and attempt to resolve any breach that might have occurred in relation to the collection, use or destruction of Personal Information held by us about the complainant in accordance with the Commonwealth Privacy legislation and the APPs. If a complainant is not satisfied with the outcome of this procedure then the complainant may contact the Office of the Australian Information Commissioner (“OAIC”) at www.oaic.gov.au.

Cookies

Allmain collects information from the site using “IP files”.
When a user visits Allmain’s web site to read, browse or download information, our system will record/log the user’s IP address (the address which identifies the user’s computer on the internet and which is automatically recognised by our web server), date and time of the visit to our web site, the pages viewed and any information downloaded. This information will only be used for the purpose of site analysis and to help us offer improved online service. We may automatically collect non-personal information about users such as the type of Internet browsers used or the site from which the user linked to our web sites. Individuals cannot be identified from this information and it is only used to assist us in providing an effective service on our web sites.

Changes to APP Privacy Policy

If Allmain decides to or is required to change its APP Privacy Policy, we will notify of such amendments on our web site and post changes on this APP Privacy Policy page so that users may always be aware of what information is collected by us, how it is used and the way in which information may be disclosed. As a result, please refer back to this APP Privacy Policy regularly to review any amendments.

Definitions and Interpretation

The following terms have the following meanings where used in this privacy policy:-
1. Allmain means Allmain Pty Ltd and its Related Companies.
2. Client means an individual or organisation with whom Allmain provides or is contracted to provide services and includes their Related Companies (including Foreign Companies) and Sub-contractors.
3. Data Controller has the meaning in the existing Directive 95/46/EC, as amended by the GDPR.
4. Data Processor has the meaning in the existing Directive 95/46/EC, as amended by the GDPR.
5. Directive 95/46/EC means the Data Protection Directive 95/46/EC.
6. Foreign Privacy Law and regulation means law or regulation created by any country or jurisdiction outside Australia and specifically includes the General Data Protection Regulation (“GDPR”) of the European Economic Area (EEA) applicable to:-
  1. all member states of the European Union; and
  2. the member states of the European Free Trade Association.
7. Finding of Adequacy means a decision of the European Commission recognising a country or territory under applicable Privacy Laws from time to time as providing adequate protection for Personal Information.
8. General Data Protection Regulation or GDPR means the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Information data and on the free movement of such information, and repealing Directive 95/46/EC.
9. Identification Information about an individual means:
  1. the individual’s full name; or
  2. an alias or previous name of the individual; or
  3. the individual’s date of birth; or
  4. the individual’s sex; or
  5. the individual’s current or last known address, and 2 previous addresses (if any); or
  6. the name of the individual’s current or last known employer; or
  7. if the individual holds a driver’s licence—the individual’s driver’s licence number.
10. Individual means a natural person.
11. Model Clauses mean the contractual clauses for the transfer of Personal Information to third countries under Directive 95/46/EC contained in the Annex to the European Commission Decision 2010/87/EU of s February 2010.
12. The Notifiable Data Breaches Scheme (“NDB”) means the scheme applicable from 22 February 2018 to all agencies and organisations with existing personal information security obligations under the Privacy Act. It was established by the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017.
13. Organisation means a legal entity that is not an individual and is not a Government agency.
14. Permitted General Situation has the meaning given by section 16A of the Privacy Act.
15. Personnel means any employee of Allmain.
16. Personal Information means:-
  1. information or an opinion about an identified individual, or an individual who is reasonably identifiable:
    - whether the information or opinion is true or not; and
    - whether the information or opinion is recorded in a material form or not.
  1. Any further meaning given to it in the relevant Privacy Law (including, without limitation, 'Personal Data' as defined in the GDPR).
1. Privacy Law means:
1. Process means any act or practice in connection with, or processing applied to, any Personal Information, and includes:
  1. the collection, use, handling, disclosure or storage of, or the granting of access rights to, Personal Information; and
  2. 'processing' as defined in any Privacy Law, and Processing has a corresponding meaning;
2. Regulator means any third-party entity which is able to exercise authority over Allmain or a client of Allmain for which Allmain provides an Allmain Service, through operation of a Law, and includes the Australian Prudential Regulation Authority, and any competent data protection supervisory or any other body with regulatory powers with respect to the protection of Personal Information (including, without limitation, the Office of the Australian Information Commissioner).
3. Related Company has the meaning given in the Corporations Ac
4. Security Breach means:
  1. any breach of security:
    - where Allmain suspects or validates an exposure that materially and substantially affects the security, integrity, confidentiality or availability of the Allmain Services, its Confidential Information or data;
    - leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Allmain data; or
    - which impacts, or risks impacting, the provision of the Allmain Services to its clients,
  2. any:
5. Sensitive information means:-
  1. information or an opinion about, an individuals,
    - acial or ethnic origin; or
    - political opinions; or
    - membership of a political association; or
    - religious beliefs or affiliations; or
    - philosophical beliefs; or
    - membership of a professional or trade association; or
    - membership of a trade union; or
    - sexual orientation or practices; or
    - criminal record,
    that is also Personal Information; or
  2. health information about an individual; or
  3. genetic information about an individual that is not otherwise health information; or
  4. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
  5. a biometric template.
6. Subcontractor means any individual or organisation contracted to provide to Allmain the whole or any part of an Allmain Service, function, activity or Process.

Contacting us

For further information regarding our APP Privacy Policy, please contact us.
For more information on privacy legislation or the APPs please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.