3.2 Privacy and Personal Data Protection Policy
3.2.1 The Australian Privacy Act
Mandalay Technologies complies with the Australian Privacy Act 1988 by adhering to the Australian Privacy Principles.
Mandalay is committed to safeguarding the privacy of our customers and users of our systems; this policy sets out how we will treat your personal information.
Any privacy concerns can be addressed by email to [email protected] or by post to PO Box 5207, West End QLD 4101.
3.2.2 Scope of This Policy
3.2.3 What is Personal data
Personal data is defined as: any information relating to an identified or identifiable natural person (‘data subject.); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
3.2.4 How we collect personal information
We must collect personal information only by lawful and fair means. We will collect personal information directly from you if it is reasonable or practical to do so. We may collect personal information in several ways, including without limitation:
- Through our website;
- By technology that is used to support communications between us;
- By email or other written mechanisms;
- Over a telephone call;
3.2.5 Why we collect personal information
We collect personal information from you for the following purposes:
- To enable us to deliver the products and services that you have requested;
- To provide you with further information about the products and services you have requested;
- To personalise and customise your experiences with us;
- To help us review, manage and enhance our services;
- To communicate effectively with you;
- For administrative purposes, including charging, billing and collecting debts;
- To promote and market our products and services which we consider may be of interest to you;
- When considering making offers to job applicants and prospective employees or for employment purposes.
- We may also collect, hold, use and/or disclose personal information if you consent or if required or authorised under law.
3.2.6 What personal information we collect
We collect personal information that is reasonably necessary for one or more of its functions or activities. The type of information collected depends on the nature of the relationship with us. For example:
Customer of the company – we may collect and hold information such as your name, address, email address, contact telephone number, gender
Prospective Employee – we may collect and hold information such as your name, address, email address, contact telephone number, gender, age, employment history, references, resumes, emergency contact, qualifications and any other information they may provide.
Supplier of the company – we may collect and hold information including your name, address, email address, contact telephone number, billing information, insurance details and information about goods and services provided.
3.2.7 Employee Records
This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.
3.2.8 Sharing of information collected
We may use personal information to generate anonymised and aggregated statistical and analytical data (Analytical data).
Information collected about you that does not identify you may be used for research, evaluation of services, product development purposes and to conduct statistical analysis and identify trends and insights. This Analytical data may be supplied to third parties.
3.2.9 International transfer of personal information
Personal Information is not transferred outside of Australia, only anonymised and aggregated statistical and analytical data is transferred outside of Australia, except as part of required third-party sub-processors, such as Microsoft Azure and Active Campaign who both implement similar protections to the Australian Privacy Principles.
3.2.10 Integrity and security of your personal information
We will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that we:
- collect is accurate, up-to-date and complete; and
- use or discloses, having regard to the purpose of the use or disclosure, is accurate, up-to-date and complete.
- We will take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
- If we hold personal information, it no longer needs the information for any purpose for which the information may be used or disclosed, the information is not contained in any Commonwealth record and we are not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
3.2.11 How to exercise your data protection rights
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing at [email protected].
It is important to us that your Personal Information is up to date. We take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find the information we have is not up to date or is inaccurate, please advise us as soon as practical at [email protected] so we can update our records and ensure we can continue to provide quality services to you.
3.2.12 Changes to this policy and amendments
This policy may change from time to time and is available on our website.