By supplying us with your personal information you acknowledge that your personal information will be processed in accordance with this Policy. While we may update our Policy from time to time, the most recent version of this Policy will always be available on our website. If we change the Policy in any material way, we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email, notification or some other equivalent measure.
If you reside in New Zealand, we also handle your personal information in accordance with New Zealand’s Privacy Act 2020 (NZ) and Information Privacy Principles therein (IPPs).
If you reside in the European Union (EU) or the United Kingdom (UK), you may have rights under the General Data Protection Regulations (EU Regulation 2016/679) (GDPR) or the UK GDPR contained within the Data Protection Act 2018 (UK) (UK GDPR). For the purposes of the GDPR and UK GDPR, WGA is a data controller (as applicable). A reference to ‘personal information’ in this Policy is to be read as a reference to ‘personal data’ as defined by the GDPR and UK GDPR.
If you have any queries, concerns or complaints about how we handle your personal information, please contact our Privacy Officer in the first instance:
Privacy Officer Contact: Jude Teakle, Email: firstname.lastname@example.org
Attention: Privacy Officer, Wallbridge Gilbert Aztec, 60 Wyatt Street, Adelaide SA 5000
If you reside in the EU or UK, we will provide you with the contact details of our local representatives if required by the GDPR and UK GDPR (as applicable).
What types of information do we collect and why?
In the course of providing our goods and services we collect personal and other information about our customers, suppliers, employees and other persons in the ordinary course of business. “Personal information” means information or opinions about an identifiable individual, which may be collected through several mechanisms, including the following:
Collection from you
We may collect and store information you provide directly to us (either in person, by email, by phone, or by any other direct means) in order to deliver our goods and services and as part of our business operations. This includes:
- Contact information: such as your name, address, email address, and telephone number;
- Personal information: such as date of birth and driver’s licence details:
- Qualification information: such as accreditations, professional licences and other educational qualifications, as well as other information regarding your qualifications/eligibility to work with us;
- Financial and credit information: such as your payment information (credit card, bank account, etc);
- Business details: such as your Australian Business Number; and/or
- Credit information: such as consumer credit liability information, type and amount of credit sought, default information, repayment history information, and payment information relating to overdue payments.
We may also collect personal information from your agents or those authorised to act on your behalf including, but not limited to, accountants, business advisers, and lawyers.’
If you use our services or interact with us through a mobile device, we receive technical information about your device, numbers that may identify your device and your location information. This information is not associated with you but may be used for marketing purposes and website traffic analysis.
When you communicate with us, we may collect information such as your contact details (such as email address or phone number). We also engage third party services that provide us with information about how you interact with some communications we distribute. You can elect to not receive communications from us by contacting our Privacy Officer, or by using the unsubscribe option provided in our client mailing list emails. We will honour a request to unsubscribe within 5 working days.
If you access our goods or services by connecting a social media login (such as LinkedIn or Instagram), we can collect information derived, associated or connected with that platform where permitted by the platform’s terms of service. Any information we collect from social media, or other online platforms, is collected in accordance with that platform’s terms and conditions. Unsubscribe options for these platforms are in accordance with that platform’s terms and conditions.
Through other sources
Where necessary, we may also collect your information from publicly available records. This can include information relating to an individual’s credit worthiness and other information from credit providers, subject to legal restrictions. Where appropriate and necessary to do so, we may collect information from public records such as those maintained by the Australian Securities and Investments Commission, Australian Financial Security Authority (PPSR), and land titles offices in each Australian State and Territory, and New Zealand. We may do this where it is unreasonable or impractical to collect this information from you and relates to a purpose we have previously communicated to you.
If you have previously applied for employment with us, we may have received your personal information from third parties such as recruiters or external websites. We use the information we receive to contact you about any potential opportunities or to evaluate your candidacy.
We may collect information considered to be sensitive information under the Australian Privacy Act. We collect or are required to collect certain types of sensitive information in the course of providing our services to you or our other clients.
This sensitive information includes:
- political opinions;
- membership of a professional or trade association;
- membership of a trade union;
- health information; and
- criminal record histories.
We will only collect this information directly from you or where we have consent to collect the information from a third party. We may require this information prior to you working for or with our, or to provide our services to you.
You have the option of not identifying yourself or interacting with us using a pseudonym. However, this may not be practicable or possible for us to conduct certain business operations.
How do we use and process your information?
We will only use and process your information where we have a lawful basis to do so and for the purposes for which it was collected (primary purpose) or a purpose related to that primary purpose if it would be reasonably expected by you or where we have separately obtained your consent.
We use and process personal information for the primary purpose of providing our professional services.
How we use and process the information we collect depends, in part, on which services you use, how
you use them and any preferences you have communicated to us. If you would like to restrict how your personal information is handled beyond what is outlined in this Policy, please contact our Privacy Officer.
Related party and group transfers
We are part of a larger group of companies and as such we provide your information to other entities within the group of companies. This transfer of information is compliant with s 13B of the Australian Privacy Act. Transfers are subject to the security information obtained in paragraph 3 below.
Disclosure of personal information to third parties
We may disclose your information to third parties who assist us in providing and managing our professional services. We will also disclose your personal information where such disclosure is required by law and for any other use associated with such purposes or which you may authorise.
We disclose your personal information to third parties that:
- Deliver our services to you;
- Manage and enhance our customer database;
- Process information;
- Assess your interest in our services;
- Conduct customer research or satisfaction surveys;
- Send marketing information to you on our behalf;
- Other organisations listed as trade references in a credit application; and
- Other purposes related to the above.
We may also disclose your information to:
- parties we contract with (including on larger projects);
- parties we partner with for the delivery of our services;
- our customers; and
- industry bodies, regulators and similar entities.
We will not sell or license your information to third parties or otherwise disclose your personal information unless we believe on reasonable grounds that you have provided your authorisation. In certain circumstances we may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose your personal information.
Disclosure of credit information to third parties
The following are notifiable matters in relation to any of your personal or credit information disclosed by us to a credit reporting body for the purposes of undertaking a credit check or disclosing payment default information.
When undertaking credit checks or disclosing payment default information, we collect and may disclose your certain personal and credit information to credit reporting bodies. These credit reporting bodies include Experian and Illion. Where we disclose your personal information to a credit reporter in New Zealand that is subject to the Credit Reporting Privacy Code 2020 (NZ), the credit reporter is responsible for compliance with the appropriate code and we have no liability in their compliance.
Credit reporting bodies may include any of your personal or credit information we disclose in reports provided to other credit providers, to assist other credit providers, or to assess your credit worthiness.
You may request credit reporting bodies do not use or disclose your credit reporting information:
- for the purposes of pre-screening of direct marketing by a credit provider; or
- if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud.
If you fail to meet any of your payment obligations under the terms of the credit that we provide to you, or if you commit a serious credit infringement, we may be entitled to disclose this to credit reporting bodies.
How do we store and secure the information we collect?
We store your personal and credit information as physical files in a secured area or on our electronic data base system and on computers with appropriate back up and security systems.
Security and management of personal information
We will take reasonable steps to protect the personal information we hold from misuse, loss, unauthorised access and accidental access, modification or disclosure, destruction and other misuse and actions which prevent us from accessing your information on a temporary or permeant basis. We do this by:
- Putting in place physical, electronic and procedural safeguards in line with industry standards;
- Using two-factor authentication to protect personal information;
- Requiring any third party providers to have acceptable security measures to keep personal information secure;
- Limiting access to the information we collect about you;
- Imposing confidentiality requirements on our employees;
- Only providing access to personal information once proper identification has been given; and
- Requiring all third party personal information processors to enter into contractual agreements that restrict their use, disclosure and processing of personal information (if applicable).
While we take all steps reasonable in the circumstances to protect your information. In the unlikely event of a data breach, we will notify you in accordance with our obligations under Australian and New Zealand laws. If the data breach is likely to cause you serious harm, we will notify you and any relevant authorities in accordance with Australian and New Zealand laws.
We will only keep your Personal Information for as long as we require it for the purpose for which it was collected. However, we may also be required to keep some of your Personal Information for specified periods of time, for example under certain laws relating to companies, money laundering and financial reporting legislation. If we no longer require your personal information, and are not legally required to retain it, we will take reasonable steps to destroy or de-identify the personal information.
Sending information overseas
WGA operates in Australia and New Zealand. As such, WGA will transfer personal information between the two countries as necessary to provide its services to you.
We may engage with customers or service providers in other countries. This may require us to disclose personal information to other countries. We take all steps reasonable in the circumstances to ensure that when we disclose personal information overseas, we protect your information. This includes the use of contractual arrangements to control how third parties use and handle personal information overseas.
We may utilise data centres located in countries overseas. While we may store information overseas, this information is not provided or disclosed to other entities overseas except as otherwise provided for in this Policy.
Export of personal information out of New Zealand
We process personal information in Australia and New Zealand.
When importing and exporting personal information between different countries, we take steps as are reasonable in the circumstances to ensure that the transfer of personal information is undertaken in a secure manner. As part of this process, we may enter into binding contractual arrangements with third parties to ensure the protection of personal information occurs in a way comparable to the safeguards in the Privacy Act and NZ Privacy Law.
Export of personal information out of the EU and UK
We process personal information in Australia. If you are based in a jurisdiction outside of Australia, we are required to import your personal information into Australia. To provide you with our services, we may also be required to export personal information from Australia into other countries.
When importing and exporting personal information, we take steps as are reasonable in the circumstances to ensure that the transfer of personal information is undertaken in a secure manner. As part of this process, we may enter into binding contractual arrangements with third parties to ensure the protection of personal information.
How to access and control your information?
Accessing the information we hold about you
Under the APPs and IPPs you may have a right to obtain a copy of the personal information that we hold about you. To make a request to access this information please contact our Privacy Officer in writing. We will require you to verify your identity and specify what information you wish to access. If eligible, we will grant you access to the information within 30 days.
Where permitted by law, we may charge a fee to cover the costs of verifying your application, and retrieving, reviewing and copying any material requested.
Updating your personal information
We endeavour to ensure that the personal information we hold about you is accurate, complete and current. Please contact us at the details above if you believe that the information we hold about you requires correction or is out of date.
We endeavour to process any request within 30 days. We will provide written reasons if your request is rejected, as well as provide details for making a complaint about the refusal if necessary.
For corrections to credit information, we will provide, where practicable, written notice of the correction to any entity we have disclosed this information to previously.
If you are concerned that we have not complied with the applicable privacy laws, contact our Privacy Officer in the first instance. Please contact our Privacy Officer (contact details above) with a thorough description of your concerns and a response will be provided within a reasonable period. All complaints must be in writing.
When considering a complaint, we will require you to provide us with information to confirm your identity before processing a request related to information we may hold about you.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:
Director of Compliance Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
For more information on privacy law in Australia, see the Australian Information Commissioner’s website.
If you are based in New Zealand, you may also contact the New Zealand Office of the Privacy Commissioner at:
Office of the Privacy Commissioner, PO Box 10 094, Wellington 6143
For more information on privacy law in New Zealand, see the Office of the Privacy Commissioner’s website