Data Box Pty Ltd ABN 26 620 279 263 (Data Box, we, us, our) is a privately owned company operating in Australia and New Zealand.
We are bound by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) when collecting, using, disclosing, handling and accessing your personal information. The APPs establish minimum standards for the collection, use, disclosure and handling of personal information. They apply to personal information in any form, including electronic and digital form. The APPs can be accessed at the website of the office of the Australian Information Commissioner, www.privacy.gov.au.
Other Australian laws that protect personal information include the Telecommunications Act 1997 (Cth), Spam Act 2010 (Cth), data retention laws and certain State and Territory laws specifically relating to health records.
Personal information and sensitive information
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The types of personal information we collect may include:
- your name;
- address details;
- contact information;
- financial information.
In the event that we collect sensitive information we will only collect this information with your consent and use it for the purposes you have provided it to us.
Why we collect personal information
We only collect personal information where it is reasonably necessary for our functions or activities or as required by law. These include:
- providing services to our customers;
- administering and managing our relationships with suppliers and customers, including for billing, credit control and investor purposes;
- marketing and promotional activities to grow and promote our business;
- undertaking research and development to improve our services;
- obtaining services from other businesses;
- employing staff; and
- complying with our legal and regulatory obligations.
The type of personal information that we collect will depend on your interaction with us. If we can’t collect the personal information that we need we may not be able to provide services or meet the expectations of customers.
How we collect personal information
We receive personal information through a variety of sources. These include telephone, face to face communications, digital and online sources, email and hard copy communications. We also collect information directly and indirectly from our contractors, suppliers or agents such as:
- social media platforms;
- marketing lists, databases and data aggregation services;
- websites or websites hosted or operated by our contractors, suppliers or agents;
- credit reporting agencies if you become our customer.
If we collect personal information about you from a third party and it is unclear that you have consented to the disclosure of your personal information to us, we will take reasonable steps to contact you and ensure that you are aware of the circumstances surrounding the collection and purposes for which we collected your personal information.
Personal information that we may collect
The type of personal information we may collect about you depends on the transactions you undertake with us but we need to collect basic identifying information from customers or prospective customers. Basic identifying information includes name, residential address, email address, telephone number and date of birth. Additionally for corporate customers, we may collect the job title and business address.
To manage our relationships with customers and suppliers we may also collect information such as:
- financial or credit information including credit history or bankruptcy, bank account or credit card information, details about assets or income, employment history or concessional entitlements;
- proof of identity such as driver’s license or passport number;
- telephone service number (including unlisted numbers) and other public number customer details to provide it to the operator of the integrated public number database. Information in this database is used by emergency assistance organisations such as ambulance or fire brigade services; or
- details of property including ownership or leasing arrangements.
To improve our services or products we may collect information about your use, including:
- faults or complaints; or
- usage of the product or service (call or internet usage); or
Personal information collected online
A cookie does not identify you personally. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities. This information does not identify you personally.
We may have commercial relationships with third parties allowing visitors to our website to link directly to websites operated by those parties. These websites may collect personal information from you which would be shared with us. Any personal information we obtain will be handled in accordance with this policy.
We aren’t responsible for the content or practises of websites operated by third parties that may be linked to our website. Such links are for your convenience and don’t constitute sponsorship, endorsement or approval of the content, policies and practises of those sites.
Personal information and metadata
As a telecommunications service provider we are required under the Telecommunications (Interception and Access) Act 1979 (Cth) to collect personal information about the identity of a subscriber (or customer) to a communications service (such as internet services), the source of the communication, the destination of the communication, the date, time and duration of the communication, the type of the communication and the location of the equipment used in the communication.
All personal information collected will be handled in accordance with this policy.
How we use and disclose personal information
We are permitted to use or disclose personal information for the purpose for which it was collected as well as related purposes (but for sensitive information only purposes directly related to the primary purpose and consented to by you). For example, when setting up an account the personal information we collect may be used or disclosed for related purposes like credit checks, installing a service, investigating and resolving complaints or marketing other Data Box products or services.
For direct marketing activities, when using personal information (but not sensitive information), we or third parties acting on our behalf, may promote our or other organisation’s products or services to you using email, telephone, social media sites, post or other means. You are able to opt out of receiving direct marketing.
The Privacy Act and APPs also allows us to use and disclose personal information if required or authorised under an Australian law or a court or tribunal order, if a permitted general or health situation exists as defined in the Privacy Act or we believe the use or disclosure of the personal information is reasonably necessary for activities conducted by a law enforcement agency. In these instances we do not need consent to disclose personal information.
For our contractors, suppliers, affiliates or agents, we use and disclose personal information in order to manage our relationship with them.
Personal information may be disclosed to credit reporting or credit collection agencies in accordance with the requirements in the Privacy Act.
We use third parties to assist us to provide products and services and administer our relationships with our customers. We may disclose personal information about our customers or shareholders to a range of third parties, including:
- legal, accounting, insurance or advisory consultants;
- sales agents and representatives, contractors or suppliers;
- companies within the Data Box Communications group;
- complaint handling bodies, Government or regulatory bodies;
- printers, mail distributors, couriers and dispatch centres; and
- IT service providers and data managers.
Being a telecommunications service provider means that personal information that we collect when providing telecommunications services may be disclosed in connection with directory assistance activities for emergency assistance organisations or other urgent services, security purposes or activities carried out by law enforcement agencies, the operator of the integrated public number database or in accordance with other relevant codes or Australian laws applicable to our industry.
Personal information disclosed outside Australia
If a contractor or supplier to Data Box is based outside Australia, our contractual arrangements oblige them to treat personal information with the same level of protection as would apply to the information in Australia.
Protection of your personal information
Protecting your personal information and ensuring that it is complete, accurate, up-to-date and relevant is important to us.
We will take reasonable steps to ensure that your personal information is protected from misuse, loss and from unauthorised access, modification or disclosure. Our staff are trained to treat customer information confidentiality. Our contractors and suppliers are required to comply with applicable privacy laws and our policies.
We have processes in place to ensure that our information systems and files are kept secure from unauthorised access and interference.
Dealing with us online
Updating your personal information
You may ask us to update, correct or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading for the purpose for which it is held.
Correcting or accessing your personal information and complaints
We will, upon your request, and subject to applicable privacy laws, provide you with access to your personal information that is held by us. However, we request that you identify, as clearly as possible, the type(s) of information requested. We will deal with your request to provide access to your personal information within 30 days and you agree we may charge you our reasonable costs incurred in supplying you with access to this information.
Your rights to access personal information are not absolute and privacy laws dictate that we are not required to grant access in certain circumstances such as where:
- access would pose a serious threat to the life, safety or health of any individual or to public health or public safety;
- access would have an unreasonable impact on the privacy of other individuals;
- the request is frivolous or vexatious;
- denying access is required or authorised by a law or a court or tribunal order;
- access would be unlawful, or
- access may prejudice commercial negotiations, legal proceedings, enforcement activities or appropriate action being taken in respect of a suspected unlawful activity or serious misconduct.
If we refuse to grant you access to your personal information, we will provide you with reasons for that decision (unless it is unreasonable to do so) and the avenues available for you to complain about the refusal.
If you believe that we have acted in a manner that breaches the APPs or the Privacy Act we recommend that you contact us first in writing at:
The Privacy Officer
Data Box Pty Ltd
4/28 Boyland Ave, Coopers Plains QLD 4108
If you are dissatisfied with the outcome of your complaint, or you do not receive a response to your complaint within 30 days, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). Complaints to the OAIC must be made in writing.
If your complaint relates to our handling of personal information in relation to your telephone or Internet service, the Telecommunications Industry Ombudsman whose details can be found at www.tio.com.au.
If this policy does not provide the information you require about how we deal with personal information or you have any questions or comments, please feel free to contact us.
Updated: March 2020