Gilders Electrical Pty Ltd
Privacy Policy
The client acknowledges that provided the correct Privacy Actdisclosures have been made that GildersElectrical Pty Ltd may conduct a credit report on the client for thepurposes of evaluating the credit worthiness of the client.
Gilders Electrical Pty Ltd ensures that all personal informationis held in a secure manner. Whereapplicable and to the best of Gilders ElectricalPty Ltd’s knowledge all computers or servers have the required securityprotections in place to safeguard and protect any personal information that is
held by Gilders Electrical Pty Ltd.We use cookies on our website. Cookies are small files which are storedon your computer. They are designed to hold a modest amount of data (including
personal information) specific to a particular client and website and can be
accessed either by the web server or the client’s computer. In so far as those
cookies are not strictly necessary for the provision of Gilders Electrical Pty Ltd’s services, we will ask you to consentto our use of cookies when you first visit our website.In the event that you utilise our website for the purpose ofpurchases/orders, Gilders Electrical Pty Ltdagrees to display reference to cookies and /or similar tracking technologies,
such as pixels and web beacons (if applicable), and requests consent for Gilders Electrical Pty Ltd collecting yourpersonal information which may include:(a) IP address, browser, email client typeand other similar details;
(b) Tracking website usage and traffic; and
(c) Reports are available to GildersElectrical Pty Ltd when GildersElectrical Pty Ltd sends an email to the client, so Gilders Electrical Pty Ltd may collect andreview that information
If you consent to Gilders Electrical PtyLtd’s use of cookies on our website and later wish to withdraw yourconsent, you may manage and control Gilders Electrical Pty Ltd’s privacy controls through your browser, includingremoving cookies by deleting them from your browser history when you leave the
site.Gilders Electrical Pty Ltd also regularly conducts internal riskmanagement reviews to ensure that its infrastructure (to the best of its
knowledge) is secure, and any identifiable risks have been mitigated as much as
they can be in the normal course of business.Procedures and responding to potential breaches of Privacy
In accordance with the NDB GildersElectrical Pty Ltd is aware of its responsibilities to notify itsclients in the event of a potential data breach that may cause serious harm to
clients. Further, in the event the client is located in the Europe Union
(“EU”), Gilders Electrical Pty Ltdacknowledges that any potential data breaches will be safeguarded by the
provisions of the GDPR.Gilders Electrical Pty Ltd will collect and process personal informationin the normal course of business. Thispersonal information may be collected and processed, but is not limited to, any
of the following methods;1/ Credit applications forms
2/ Work authorisation forms, quote forms orany other business documentation
3/ Publicly available databases that holdinformation
4/ Websites that detail information such asSensis, Facebook, Google etc
5/ By verbally asking you for information aspart of normal business practices
Where relevant to data processing as per the GDPR, and in particularwhere Gilders Electrical Pty Ltd uses newtechnologies, and takes into account the nature, scope, context and purposes of
processing and considers that the data processing is likely to result in a high
risk to the rights and freedoms of natural persons, the Privacy Officer shall,
prior to the processing of personal information, carry out an assessment of
impact of the envisaged processing operations by way of a protection impact
assessment. The data protection assessment will be required in instances
whereby:(a) a systematic and extensive evaluation ofpersonal aspects relating to natural persons which is based on automated
processing, including profiling, and on which decisions are based that produce
legal effects concerning the natural person or similarly significantly affect
the natural person;(b) processing on a large scale of specialcategories of data referred to in Article 9(1) of the GDPR, or of personal datarelating to criminal convictions and offences referred to in Article10 of theGDPR; or
(c) a systematic monitoring of a publicly accessible area on a large scale.
The assessment shall be carried out in accordance with Article 35 (7) ofthe GDPR and carry out reviews of such data protection impact assessments when
there is any change of the risk associated with the processing of personal
information.As a client of Gilders Electrical PtyLtd and agreeing to Gilders Electrical Pty Ltd’s Terms and Conditions of Trade, which includes Gilders Electrical PtyLtd’s privacy statement you hereby agree and consent to the provisions of this Privacy Policy Manual,including but not limited to the collection, processing, use and disclosure of
your personal information. In the event that you withdraw your agreement and consent
to any of the above use, processing collection and disclosure, then Gilders Electrical PtyLtd warrants that any request by you to withdraw your consent oragreement shall be deemed as confirmation by you to cease any and/or all
collection use, processing and disclosure of your personal information. You may
make a request to withdraw your consent at anytime by telephone and/or by email
to the following contact details;The Privacy Officer
Gilders Electrical PtyLtd
2/7 Mooney Street
Bayswater WA6053
gilderselectrical@gmail.com
(08) 6270 1008
Gilders Electrical Pty Ltd will ensure that any Information thatis to be obtained from you is done so verbally or using Gilders Electrical Pty Ltd’s prescribed forms which;
Authorise Gilders Electrical Pty Ltd:
1/ To collect personal information; and
2/ Inform the individual what personal information is being collected; and
3/ Inform the individual why (the purpose) the personal information isbeing collected; and
4/ Inform the individual why & when personal information will bedisclosed to 3rd parties.
It is the responsibility of GildersElectrical Pty Ltd to ensure that any personal information obtained isas accurate and up to date as possible and information is only collected by
lawful means in accordance with the Act and relevantly, in accordance with the
GDPR.
Purposes For Which Information Is Collected, Held, Used And DisclosedDisclosure to ThirdParties
Gilders Electrical Pty Ltd will not pass on your personalinformation to third parties without first obtaining your consent.
In accordance with the Act, including the GDPR (where relevant),Personal Information can only be used by GildersElectrical Pty Ltd for the following purposes:
1/ Accessa credit reporter’s database for the following purposes:
a) To assess your application for a credit account; or
b) To assess your ongoing credit facility; or
c) To notify a credit reporter of a default by you (providing Gilders Electrical Pty Ltd are a member of anapproved OAIC External Dispute Resolution Scheme (“EDRS”) for consumer
defaults); ord) To update your details listed on a credit reporter’s database; or
2/ Checktrade references noted on the prescribed form for the following purposes:
a) To assess your application for a creditaccount; or
b) To assess your ongoing credit facility;or
c) To notify a default (subject to 1(c)above).
3/ MarketGilders Electrical Pty Ltd’s products andservices.
4/ Anyother day to day business purposes such as complying with ATO requirements,
managing accounting returns or legal matters.Relationship with Credit Reporter - In the event that notification of adefault has been reported to a Credit Reporter and your credit file has been
updated (including any changes to the balance outstanding or contact details),
then the Credit Reporter shall be notified as soon as practical of any such changes.Gilders Electrical Pty Ltd will only gather information for itsparticular purpose (primary purpose). Inaccordance with the Act, including the GDPR (where relevant), Gilders Electrical Pty Ltd will not disclosethis information for any other purpose unless this has been agreed to by both
parties.How An Individual May Access PersonalInformation Held, And How They May Seek Correction Of Such Information
You shall have the right to request from GildersElectrical Pty Ltd a copy of all the information about you that isretained by Gilders Electrical Pty Ltd. You also have the right to request (bytelephone and/or by email) that GildersElectrical Pty Ltd correct any information that is incorrect, outdatedor inaccurate.
Any requests to receive your personal information or to correct personalinformation should be directed to the following contact details;
Gilders Electrical Pty Ltd will destroy personal information upon your request (by telephone and/or by email) or whenthe personal information is no longer required. The exception to this is if the personal information isrequired in order for Gilders Electrical Pty Ltd to fulfil their performance of servicesor is required to be maintained and/or storedin accordance with the law.
Any complaints should be directed to the following contact details inthe first instance;
The Privacy Officer
Gilders Electrical PtyLtd
2/7 Mooney Street
Bayswater WA6053
gilderselectrical@gmail.com
(08) 6270 1008
In yourcommunication you should detail to Gilders Electrical Pty Ltd the nature of your complaint and howyou would like Gilders Electrical Pty Ltdto rectify your complaint.
We will respondto that complaint within 7 days of receipt and will take all reasonable steps
to make a decision as to the complaint within 30 days of receipt of the
complaint.We will discloseinformation in relation to the complaint to any relevant credit provider and or
Credit Reporting Body that holds the personal information the subject of the
complaint.In the eventthat you are not satisfied with the resolution provided, then you can make a
complaint to the Information Commissioner on the OAIC website at www.oaic.gov.auWill Personal Information Be DisclosedTo Overseas Recipients
Gilders Electrical Pty Ltd does not disclose information about theclient to third party overseas recipients unless the client has provided its
consent. Gilders Electrical Pty Ltd willnotify you if circumstances change regarding overseas disclosure and will
comply with the Act and the GDPR in all respects.Unless otherwise agreed, GildersElectrical Pty Ltd agrees not to disclose any personal information aboutthe client for the purpose of direct marketing. You have the right to request
(by telephone and/or by email) that GildersElectrical Pty Ltd does not disclose any personal information about youfor the purpose of direct marketing.Availability Of This Privacy Policy Manual
This Privacy Policy manual is available to all clients of Gilders Electrical Pty Ltd. It will be made available (where applicable)on Gilders Electrical Pty Ltd’swebsite.
This manual will also be available upon request at Gilders Electrical Pty Ltd’s business premisesand is available to be sent to you if required.
If you require a copy of this Privacy Policy please make a requestutilising the following contact information in the first instance:
If a person complains to the Privacy Commissioner that Gilders Electrical Pty Ltd has breached theirprivacy, the Information Commissioner may contact the Privacy Officer to
discuss the complaint, and to see whether there is any means of settling the
matter. The Privacy Officer shall provide whatever assistance is necessary. The
Privacy Officer may be asked to provide background information or identify the
staff members who can do so.Complaints
In the event that a complaint aboutprivacy issues is received the Privacy Officer will:
1/ Take ownership of the complaint andensure that it is dealt with in a timely manner.
2/ Acknowledge receipt of the complaintwithin 24 hours and advise the complainant of their rights.
3/ Fully investigate the complaint.
4/ Respond, with findings, to thecomplainant within 30 days of receipt.
5/ Keep a record of all complaints receivedfor ongoing review of policies and procedures.
In the event that a complaint aboutprivacy issues is received via a credit reporter the Privacy Officer will:
1/ Take ownership of the complaint andensure that it is dealt with in a timely manner.
2/ Acknowledge receipt of the complaint tothe credit reporter within 24 hours.
3/ Fully investigate the complaint.
4/ Respond, with findings, to the creditreporter within 7 days of receipt.
5/ Keep a record of all complaints receivedfor ongoing review of policies and procedures.
APPENDIX A - INFORMATION PRIVACY PRINCIPLES
Part 1 – Consideration Of Personal Information Privacy
AustralianPrivacy Principle 1 – open and transparent management of personalinformation
1.1 The object of this principle is to ensurethat APP entities manage personal information in an open and transparent way.
Compliance with the Australian Privacy Principles etc.
1.2 An APP entity must take such steps as arereasonable in the circumstances to implement practices, procedures and systems
relating to the entity’s functions or activities that:(a) will ensure that the entity complies withthe Australian Privacy Principles and a registered APP code (if any) that binds
the entity; and(b) will enable the entity to deal withinquiries or complaints from individuals about the entity’s compliance with the
Australian Privacy Principles or such a code.APP Privacy policy
1.3 An APP entity must have a clearly expressedand up to date policy (the APP privacy policy) about the management ofpersonal information by the entity.
1.4 Without limiting sub-clause 1.3, the APPprivacy policy of the APP entity must contain the following information:
(a) the kinds of personal information that theentity collects and holds;
(b) how the entity collects and holds personalinformation;
(c) the purposes for which the entitycollects, holds, uses and discloses personal information;
(d) how an individual may access personalinformation about the individual that is held by the entity and seek the
correction of such information;(e) how an individual may complain about abreach of the Australian Privacy Principles, or a registered APP code (if any)
that binds the entity, and how the entity will deal with such a complaint;(f) whether the entity is likely to disclosepersonal information to overseas recipients;
(g) if the entity is likely to disclosepersonal information to overseas recipients—the countries in which such
recipients are likely to be located if it is practicable to specify those
countries in the policy.Availability of APP privacy policy etc.
1.5 An APP entity must take such steps as arereasonable in the circumstances to make its APP privacy policy available:
(a) free of charge; and
(b) in such form as isappropriate.
Note: An APP entity will usually make its APP privacy policyavailable on the entity’s website.
1.6 If a person or bodyrequests a copy of the APP privacy policy of an APP entity in a particular
form, the entity must take such steps as are reasonable in the circumstances to
give the person or body a copy in that form.AustralianPrivacy Principle 2 – anonymity and pseudonymity
2.1 Individuals must have the option of notidentifying themselves, or of using a pseudonym, when dealing with an APP
entity in relation to a particular matter.2.2 Sub-clause 2.1 does not apply if, inrelation to that matter:
(a) the APP entity is required or authorised byor under an Australian law, or a court/ tribunal order, to deal with
individuals who have identified themselves; or(b) it is impracticable for the APP entity todeal with individuals who have not identified themselves or who have used a
pseudonym.Part 2 – Collection Of Personal Information
AustralianPrivacy Principle 3 – collection of solicited personal information
Personal information other than sensitive information
3.1 If an APP entity is an agency, the entitymust not collect personal information (other than sensitive information) unless
the information is reasonably necessary for, or directly related to, one or
more of the entity’s functions or activities.3.2 If an APP entity is an organisation, theentity must not collect personal information (other than sensitive information)
unless the information is reasonably necessary for one or more of the entity’s
functions or activities.Sensitive information
3.3 An APP entity must not collect sensitiveinformation about an individual unless:
(a) the individual consents to the collectionof the information and:
(i) if the entity is an agency—the informationis reasonably necessary for, or directly related to, one or more of the
entity’s functions or activities; or(ii) if the entity is an organisation—theinformation is reasonably necessary for one or more of the entity’s functions
or activities; or(b) sub-clause 3.4 applies in relation to theinformation.
3.4 This sub-clause applies in relation tosensitive information about an individual if:
(a) the collection of the information isrequired or authorised by or under an Australian law or a court/tribunal order;
or(b) a permitted general situation exists inrelation to the collection of the information by the APP entity; or
(c) the APP entity is an organisation and apermitted health situation exists in relation to the collection of the
information by the entity; or(d) the APP entity is an enforcement body andthe entity reasonably believes that:
(i) if the entity is the ImmigrationDepartment—the collection of the information is reasonably necessary for, or
directly related to, one or more enforcement related activities conducted by,
or on behalf of, the entity; or(ii) otherwise—the collection of the informationis reasonably necessary for, or directly related to, one or more of the
entity’s functions or activities; or(e) the APP entity is a non-profit organisationand both of the following apply:
(i) the information relates to the activitiesof the organisation;
(ii) the information relates solely to themembers of the organisation, or to individuals who have regular contact with
the organisation in connection with its activities. Note: For permittedgeneral situation, see section 16A. For permitted health situation,see section 16B.Means of collection
3.5 An APP entity must collect personalinformation only by lawful and fair means.
3.6 An APP entity must collect personalinformation about an individual only from the individual unless:
(a) if the entity is an agency:
(i) the individual consents to the collectionof the information from someone other than the individual; or
(ii) the entity is required or authorised by orunder an Australian law, or a court/tribunal order, to collect the information
from someone other than the individual; or(b) it is unreasonable or impracticable to doso.
Solicited personal information
3.7 This principle applies to the collection ofpersonal information that is solicited by an APP entity.
AustralianPrivacy Principle 4 – dealing with unsolicited personalinformation
4.1 If:
(a) an APP entity receives personalinformation; and
(b) the entity did not solicit the information;
the entity must, within areasonable period after receiving the information, determine whether or not the
entity could have collected the information under Australian Privacy Principle
3 if the entity had solicited the information.4.2 The APP entity may use or disclose thepersonal information for the purposes of making the determination under
sub-clause 4.1.4.3 If:
(a) the APP entity determines that the entitycould not have collected the personal information; and
(b) the information is not contained in aCommonwealth record;
the entity must, as soon aspracticable but only if it is lawful and reasonable to do so, destroy the
information or ensure that the information is de-identified.4.4 If sub-clause 4.3 does not apply in relationto the personal information, Australian Privacy Principles 5 to 13 apply in
relation to the information as if the entity had collected the information
under Australian Privacy Principle 3.AustralianPrivacy Principle 5 – notification of the collection of personalinformation
5.1 At or before the time or, if that is notpracticable, as soon as practicable after, an APP entity collects personal
information about an individual, the entity must take such steps (if any) as
are reasonable in the circumstances:(a) to notify the individual of such mattersreferred to in sub-clause 5.2 as are reasonable in the circumstances; or
(b) to otherwise ensure that the individual isaware of any such matters.
5.2 The matters for the purposes of sub-clause5.1 are as follows:
(a) the identity and contact details of the APPentity;
(b) if:
(i) the APP entity collects the personalinformation from someone other than the individual; or
(ii) the individual may not be aware that theAPP entity has collected the personal information;
the fact thatthe entity so collects, or has collected, the information and the circumstances
of that collection;(c) if the collection of the personalinformation is required or authorised by or under an Australian law or a
court/tribunal order— the fact that the collection is so required or authorised (including the name of theAustralian law, or details of the court/ tribunal order, that requires or
authorises the collection);(d) the purposes for which the APP entitycollects the personal information;
(e) the main consequences (if any) for theindividual if all or some of the personal information is not collected by the
APP entity;(f) any other APP entity, body or person, orthe types of any other APP entities, bodies or persons, to which the APP entity
usually discloses personal information of the kind collected by the entity;(g) that the APP privacy policy of the APPentity contains information about how the individual may access the personal
information about the individual that is held by the entity and seek the
correction of such information;(h) that the APP privacy policy of the APPentity contains information about how the individual may complain about a
breach of the Australian Privacy Principles, or a registered APP code (if any)
that binds the entity, and how the entity will deal with such a complaint;(i) whether the APPentity is likely to disclose the personal information to overseas recipients;
(j) if the APP entity is likely to disclosethe personal information to overseas recipients—the countries in which such
recipients are likely to be located if it is practicable to specify those
countries in the notification or to otherwise make the individual aware of
them.Part 3 – Dealing With Personal Information
AustralianPrivacy Principle 6 – use or disclosure of personal information
Use or disclosure
6.1 If an APP entity holds personal informationabout an individual that was collected for a particular purpose (the primary
purpose), the entity must not use or disclose the information for another
purpose (the secondary purpose) unless:(a) the individual has consented to the use ordisclosure of the information; or
(b) sub-clause 6.2 or 6.3 applies in relationto the use or disclosure of the information.
Note: Australian Privacy Principle 8 sets out requirements for thedisclosure of personal information to a person who is not in Australia or an
external Territory.6.2 This sub-clause applies in relation to theuse or disclosure of personal information about an individual if:
(a) the individual would reasonably expect theAPP entity to use or disclose the information for the secondary purpose and the
secondary purpose is:(i) if the information is sensitiveinformation—directly related to the primary purpose; or
(ii) if the information is not sensitiveinformation—related to the primary purpose; or
(b) the use or disclosure of the information isrequired or authorised by or under an Australian law or a court/tribunal order;
or(c) a permitted general situation exists inrelation to the use or disclosure of the information by the APP entity; or
(d) the APP entity is an organisation and apermitted health situation exists in relation to the use or disclosure of the
information by the entity; or(e) the APP entity reasonably believes that theuse or disclosure of the information is reasonably necessary for one or more
enforcement related activities conducted by, or on behalf of, an enforcement
body.Note: For permitted general situation, see section 16A. For permittedhealth situation, see section 16B.
6.3 This sub-clause applies in relation to thedisclosure of personal information about an individual by an APP entity that is
an agency if:(a) the agency is not an enforcement body; and
(b) the information is biometric information orbiometric templates; and
(c) the recipient of the information is anenforcement body; and
(d) the disclosure is conducted in accordancewith the guidelines made by the Commissioner for the purposes of this
paragraph.6.4 If:
(a) the APP entity is an organisation; and
(b) subsection 16B(2) applied in relation tothe collection of the personal information by the entity;
the entity must take such stepsas are reasonable in the circumstances to ensure that the information is de-identified
before the entity discloses it in accordance with sub-clause 6.1 or 6.2.Written note of use or disclosure
6.5 If an APP entity uses or discloses personalinformation in accordance with paragraph 6.2(e), the entity must make a written
note of the use or disclosure.Related bodies corporate
6.6 If:
(a) an APP entity is a body corporate; and
(b) the entity collects personal informationfrom a related body corporate;
this principle applies as if theentity’s primary purpose for the collection of the information were the primary
purpose for which the related body corporate collected the information.Exceptions
6.7 This principle does not apply to the use ordisclosure by an organisation of:
(a) personal information for the purpose ofdirect marketing; or
(b) government related identifiers.
© Gilders Electrical Pty Ltd 2024