1. Definitions
1.1 “CCA” shall mean Collection Consultancy Australia Pty Ltd, ABN 71 623 144 856, ACN 623 144 856, its successors and assigns or any person acting on behalf of and with the authority of Collection Consultancy Australia Pty Ltd.
1.2 “Client” means the person/s or any person acting on behalf of and with the authority of the Client requesting CCA to provide the Services as specified in any proposal, quotation, order, invoice or other documentation, and:
(a)if there is more than one Client, is a reference to each Client jointly and severally; and
(b)if the Client is a part of a Trust, shall be bound in their capacity as a trustee; and
(c)includes the Clients executors, administrators, successors and permitted assigns.
1.3 “Confidential Information” means information of a confidential nature whether oral, written or in electronic form including, but not limited to, this Contract, either party’s intellectual property, operational information, know-how, trade secrets, financial and commercial affairs, contracts, client information (including but not limited to, “Personal Information” such as: name, address, D.O.B, occupation, driver’s license details, electronic contact (email, Facebook or Twitter details), medical insurance details or next of kin and other contact information (where applicable), previous credit applications, credit history) and pricing details.
1.4 “Goods” means all Goods or Services supplied by CCA to the Client at the Clients request from time to time (where the context so permits the terms ‘Goods’ or ‘Services’ shall be interchangeable for the other).
1.5 “Price” means the Price payable (plus any GST where applicable) for the Goods and or Services as agreed between CCA and the Client in accordance with clause 3 below.
1.6 “GST” means Goods and Services Tax (GST) as defined within the “A New Tax System (Goods and Services Tax) Act 1999”.
1.7 “Credit Management” shall mean any advice or recommendations given to the Client on the assessment, management, and enforcement of credit given by a Client to a Debtor.
1.8 “Debt Load” shall mean the debts loaded via CCA’s Debt Load Webpage supplied by CCA to the Client for the purposes of lodging Debts to be collected on the Clients behalf by CCA.
1.9 “PPSA Registrations shall mean PPSA Registrations loaded via CCA’s PPSA Registration Webpage by CCA to the Client for the purposes of loading a security interest on the Personal Property Securities Register (PPSR).
1.10 “Debtor” shall mean the person, company, partnership, trust, organisation or any other entity that owes a Debt to the Client.
1.11 “Debt” shall mean any money that is owed to the Client by the Debtor.
1.12 “Contra Deal” shall mean a barter or set-off arrangement as agreed in writing between two or more parties, for the payment or settlement of any Debt.
1.13 “Commission” shall mean the fee charged by CCA for the Services undertaken in recovering a Debt.
2. Acceptance
2.1 The Client is taken to have exclusively accepted and is immediately bound, jointly and severally, by these terms and conditions if the Client places an order for or accepts delivery of the Goods and or Services.
2.2 These terms and conditions may only be amended with the consent of both parties in writing and shall prevail to the extent of any inconsistency with any other document or contract between the Client and CCA.
2.3 These terms and conditions are meant to be read in conjunction with CCA’s Website Terms of Use Terms and Conditions of Trade (where applicable). If there are any inconsistencies between the two documents, then the terms and conditions contained in this document shall prevail.
2.3 Any advice, recommendation, information, assistance or service provided by CCA in relation to Goods and Services supplied is given in good faith, is based on CCA’s own knowledge and experience and shall be accepted without liability on the part of CCA and it shall be the responsibility of the Client to confirm the accuracy and reliability of the same in light of the use to which the Client makes or intends to make of the Goods or Services
2.4 CCA is appointed as a commercial agent and the Client’s agent when instructed to collect outstanding debts on behalf of the Client by undertaking CCA’s usual collection process as outlined in CCA’s “Client Manual” from time to time. Such appointment shall be ongoing until cancelled by the Client giving CCA not less than ninety (90) days’ notice in writing.
2.5 The Client shall issue debt recovery instructions to CCA completing the online Webpage on CCAs website, or any other method as agreed to between CCA and the Client. The Client acknowledges and agrees that upon completing these Debt recovery instructions, the Client is also instructing CCA to commence legal action (at CCA’s sole discretion) if CCA sees fit to do so. In the event any charges are involved in commencing legal action, all charges will be required to be prior approved by the Client.
2.6 None of CCA’s agents or representatives are authorised to make any representations, statements, conditions or agreements not expressed by Management of CCA in writing nor is CCA bound by any such unauthorised statements.
2.7 The Client warrants that it has the power to enter into this agreement and has obtained all necessary authorisations to allow them to do so. The Client is not insolvent and that this agreement creates a binding and valid legal obligation on them, to meet all of their debts as and when they fall due.
2.8 The Client acknowledges that overpayments made by the Debtor to CCA for the repayment of a Debt owed to the Client, shall be returned to the Client by CCA and it shall be the Client’s responsibility to deal with such monies as is appropriate and/or required by law.
2.9 Where CCA has been provided with an email address from the Client for e-communications, both parties agree to fully comply with all current requirements by law pertaining to electronic messaging.
2.10 Electronic signatures shall be deemed to be accepted by either party providing that the parties have complied with Section 9 of the Electronic Transactions Act 2000 (NSW & SA), the Electronic Transactions Act 2001 (ACT), the Electronic Transactions (Victoria) Act 2000, the Electronic Transactions Act 2003 (WA), the Electronic Transactions (Northern Territory) Act 2000, Section 14 of the Electronic Transactions (Queensland) Act 2001, Section 7 of the Electronic Transactions Act 2000 (TAS), (whichever is applicable), or any other applicable provisions of that Act or any Regulations referred to in that Act.
3. Pricing
3.1 Prices quoted for the supply of goods and services exclude GST and any other taxes or duties imposed on or in relation to the goods and or services. Any such GST and other taxes or duties are additionally at the Clients account.
3.2 At CCA’s sole discretion, the Price shall be either:
(a)as indicated on any invoice provided by CCA to the Client; or
(b)CCA’s quoted price (subject to clause 3.3) which will be valid for the period stated in the quotation or otherwise for a period of fourteen (14) days.
3.3 If the Client requests any variation to the Agreement, CCA may increase the price to account for the variation.
3.4 Where there is any change in the costs incurred by CCA in relation to goods or services, CCA may vary its price to take into account of any such change, by notifying the Client.
3.5 At CCA’s sole discretion, a non-refundable deposit may be required.
4. Payment
4.1 The time for payment for the Goods or Services is of the essence.
4.2 The Price will be payable by the Client on the date/s determined by CCA, which may be:
(a)on delivery of the Goods or Services;
(b)by way of installments/progress payments in accordance with CCA’s payment schedule;
(c)within fourteen (7) days in which a statement is posted to the Clients address or address for notices;
(d)the date specified on any invoice or other form as being the date for payment; or
(e)failing any notice to the contrary, the date which is seven (7) days following the date of any invoice given to the Client by CCA.
4.3 Payment may be made by cheque, bank cheque, credit card, cash, electronic/on-line banking, or by any other method as agreed to between the Client and CCA.
4.4 Payment by cheque is not deemed made until the proceeds of the cheque have cleared.
4.5 Payment made by credit card will incur a 2% surcharge.
4.6 The Buyer shall not be entitled to set off against, or deduct from the Price, any sums owed or claimed to be owed to the Client by CCA nor to withhold payment of any invoice because part of that invoice is in dispute.
4.7 Prices quoted for supply of goods & services exclude GST and any other taxes or duties imposed on or in relation to the goods & services. In addition to the Price the Client must pay to CCA an amount equal to any GST CCA must pay for any Goods or Services supplied by CCA under this or any other contract for the sale of Goods or Services. The Client must pay GST, without deduction or set off of any other amounts, at the same time and on the same basis as the Client pays the Price. In addition, the Client must pay any other taxes and duties that may be applicable in addition to the Price except where they are expressly included in the Price.
4.8 Payment terms may be revoked or amended at CCA’s sole discretion, immediately upon giving the Client written notice.
5. Collateral & Assignment
5.1 The Client hereby charges all its right, title and interest in the property or properties referred to in the Client’s Credit Application Client Information Form and also any property or properties that it owns currently or may acquire in the future solely or jointly or have or become to have a beneficial interest in, in favour of CCA, with the due and punctual observance and performance of all the obligations of the Client. The Client indemnifies CCA against all expenses and legal costs (on a solicitor/own client basis) for preparing, lodging and removing any caveat.
5.2 The Client hereby acknowledges that CCA may at its discretion register and lodge a caveat(s) on such property or properties in respect of the interests conferred on it under clause 5.1. Such registration of a caveat by CCA over the Client’s property or properties must not be challenged by the Client in any way whatsoever, and the Client agrees not to take any steps in filing a “lapsing notice” via the Land Titles Office to have the caveat removed, until such time that the Client has paid all monies owing by it to CCA as claimed from time to time.
6. Personal Property Securities Act 2009 (“PPSA”)
6.1 In this clause financing statement, financing change statement, security agreement, and security interest has the meaning given to it by the PPSA.
6.2 Upon assenting to these terms and conditions in writing the Client acknowledges and agrees that these terms and conditions constitute a security agreement for the purposes of the PPSA and creates a security interest in all Goods and/or collateral (account) – being a monetary obligation of the Client to CCA for Services – that have previously been supplied and that will be supplied in the future by CCA to the Client.
6.3 The Client undertakes to:
(a)promptly sign any further documents and/or provide any further information (such information to be complete, accurate and up-to-date in all respects) which CCA may reasonably require to;
(i)register a financing statement or financing change statement in relation to a security interest on the Personal Property Securities Register;
(ii)register any other document required to be registered by the PPSA; or
(iii)correct a defect in a statement referred to in clause 8.3(a)(i) or 8.3(a)(ii);
(b)indemnify, and upon demand reimburse, CCA for all expenses incurred in registering a financing statement or financing change statement on the Personal Property Securities Register established by the PPSA or releasing any Goods charged thereby;
(c)not register a financing change statement in respect of a security interest without the prior written consent of CCA;
(d)not register, or permit to be registered, a financing statement or a financing change statement in relation to the Goods and/or collateral (account) in favour of a third party without the prior written consent of CCA;
(e)immediately advise CCA of any material change in its business practices of selling the Goods which would result in a change in the nature of proceeds derived from such sales.
6.4 CCA and the Client agree that sections 96, 115 and 125 of the PPSA do not apply to the security agreement created by these terms and conditions.
6.5 The Client waives their rights to receive notices under sections 95, 118, 121(4), 130, 132(3)(d) and 132(4) of the PPSA.
6.6 The Client waives their rights as a grantor and/or a debtor under sections 142 and 143 of the PPSA.
6.7 Unless otherwise agreed to in writing by CCA, the Client waives their right to receive a verification statement in accordance with section 157 of the PPSA.
6.8 The Client must unconditionally ratify any actions taken by CCA under clauses 8.3 to 8.5.
6.9 Subject to any express provisions to the contrary (including those contained in this clause 8) nothing in these terms and conditions is intended to have the effect of contracting out of any of the provisions of the PPSA.
7. Commission.
7.1 Commission is due on every dollar recovered in payment of a Debt and is calculated as follows:
15% plus GST On All Debtor Payments thereafter,
7.2 Irrespective of whether collection costs have been recovered (or even added to the amount submitted for collection), and irrespective of any action taken by the Client after submission of the Debt for recovery of the Debt, Commission is due when:
(a)payment or part payment of a Debt is received by the Client or CCA, or
(b)an arrangement for payment of a Debt is made by the Client, to any representative of the Client, or CCA; or
(c)the Client has agreed to credits, or the return of product/goods, or any other matter acceptable to the Client, or
(d)a recovery, location of unallocated payment, or settlement agreement (including, but not limited to Contra Deals) is made through any other means where (in CCA’s opinion) commission is due, or
(e)payment or part payment of a Debt is received by the Client or CCA, subsequent to the file being closed under written advice, or
(f)payment or part payment of a Debt is received by the Client or CCA as a result of any litigation process undertaken, regardless of whether the applicant is the Client or the Debtor, where associated costs are acknowledged and awarded by the Court as part of the sum owed by the Debtor to the Client and this amount is paid; or
(g)payment or part payment of a Debt is received by the Client or CCA as a result of any litigation process undertaken by the Debtor.
7.3 In the event that the Client has (in CCA’s opinion) recovered a Debt by taking action through the appropriate court (using a third-party external law firm not associated as a contracting partner of CCA) at the cessation of CCA’s collection process, then Commission shall not apply.
7.4 CCA may deduct its respective Commission fees, or any other monies owed by the Client to CCA (plus GST), out of any monies collected on behalf of the Client.
7.5 The Client shall upon receiving payment for a Debt from a Debtor (or any third party) immediately notify CCA of the Debtor’s (or the third parties) payment. This can be done by phone, fax, e-mail, post, or via CCA’s website.
7.6 In the event of a liquidator exercising their legal right to claw back any funds considered preferential payments from the Client, and where CCA has recovered the forgoing funds on the Client’s behalf, the Client acknowledges and accepts that any commission paid in connection to that recovered Debt, will not, in any event, be refundable.
8. Client Warranty
8.1 The Client warrants that the amount claimed for collection does not include any debt collection or default costs. If debt collection or default costs are sought, they must be:
(a)separately identified.
(b)properly recoverable by reason of notification to the Debtor at the time of supply/sale and have been invoiced to the Debtor.
8.2 The Client acknowledges and agrees that by submitting any Debts to CCA, the Client warrants that no bona fide dispute exists in respect of the debt loaded via the Debt Load Webpage, and the Client further indemnifies CCA against any claims arising from any action taken by CCA on the Client’s behalf.
8.3 The Client indemnifies CCA against any penalty or liability incurred by CCA for any breach of the above warranties.
8.4 Nothing in this agreement is intended to have the effect of contracting out of any applicable provisions of the Competition and Consumer Act 2010 or any of the Fair Trading Acts of each of the States and Territories of Australia, except to the extent permitted by those Acts where applicable (including any substitute to those Acts or re-enactment thereof).
9. Intellectual Property
9.1 Any intellectual property rights contained in the design or manufacture of any Goods or Services remain with CCA. Notwithstanding this, CCA grants the Client a non-exclusive and non-transferable licence, allowing the Client to reproduce in full, any Terms of Trade documentation that CCA has supplied the Client (including CCA’s Copyright notice), for the purpose of providing it to the Client’s customers, as part of the credit management of the Client’s business. The Client shall only grant their customer the right to retain a copy as a record of the dealings between the Client and their customer. Except as allowed herein the Client agrees not to supply CCA’s documentation to any person or entity for any purpose whatsoever, without the prior written consent of CCA.
9.2 The Client warrants that the Client holds all necessary intellectual property rights in any document or material, (including, but not limited to, terms and conditions of trade), that are supplied to CCA for its provision of Goods and Services and that there is or will be no infringement of any rights or entitlements held by any third party.
9.3 The Client indemnifies and holds harmless CCA for any claims made against it arising from CCA’s use of any document, material or information supplied by the Client.
9.4 The Client agrees that CCA may (at no cost) use for the purposes of marketing or entry into any competition, any documents, designs, drawings or Goods which CCA has created for the Client.
10. Disclaimer
10.1 The Client hereby disclaims any right to rescind or cancel the contract or to sue for damages or to claim restitution arising out of any inadvertent misrepresentation made to the Client.
10.2 Any Credit Management advice, recommendation, information, assistance, or Service provided by CCA in relation to Goods and/or Services sold by CCA (or for their use or application) is given in good faith and is believed by CCA to be appropriate and reliable. However, any advice, recommendation, information, assistance or Service provided by CCA in relation to any Goods and/or Services supplied by CCA is provided without liability or responsibility on the part of CCA.
10.3 CCA also makes no express or implied warranty or statement and expressly negates any implied or expressed warranty (other than as may be imposed by statute) that the Goods and/or Services will be suitable for a particular purpose or end use for which the Client may use them.
10.4 The Client accepts all risk and responsibility for consequences arising from the use of Goods and/or Services, whether singularly or in combination with other products. CCA shall be under no liability whatsoever to the Client for any indirect and/or consequential loss and/or expense (including loss of profit) suffered by the Client arising out of a breach by CCA of these terms and conditions (alternatively CCA’s liability shall be limited to damages which under no circumstances shall exceed the Price of the Goods and/or Services).
10.5 Whilst every care is taken by CCA in drafting Terms of Trade for the Client, CCA’s liability shall be limited to the Price of the Terms of Trade.
11. Default and Consequences of Default
11.1 If the Client defaults in payment by the due date of any amount payable to CCA, then all money which would become payable by the Client to CCA at a later date on any account, becomes immediately due and payable without the requirement of any notice to the Client, and CCA may, without prejudice to any of its other accrued or contingent rights:
(a)Interest on overdue invoices shall accrue daily from the date when payment becomes due, until the date of payment, at a rate of two and a half percent (2.5%) per calendar month (and at CCA’s sole discretion such interest shall compound monthly at such a rate) after as well as before any judgment;
(b)charge the Client a late payment administration fee equal to 10% of the invoice to a maximum of $400 plus GST;
(c)charge the Client for, and the Client must indemnify CCA from, all costs and expenses (including without limitation all legal costs and expenses) incurred by it resulting from the default or in taking action to enforce compliance with the Agreement or to recover any goods;
(d)cease or suspend supply of any further goods or services to the Client;
(e)by written notice to the Client, terminate any uncompleted contract with the Client.
11.2 Clauses 12.1(d) and 12.1(e) may also be relied upon, at CCAs option:
(a)where the Client is a natural person and becomes bankrupt or enters into any scheme of arrangement or any assignment or composition with or for the benefit of his or her creditors or any class of his or her creditors generally; or
(b)where the Client is a corporation and, it enters into any scheme of arrangement or any assignment or composition with or for the benefit of its creditors or any class of its creditors generally, or has a liquidator, administrator, receiver or manager or similar functionary appointed in respect of its assets, or any action is taken for, or with the view to, the liquidation (including provisional liquidation), winding up or dissolution without winding up of the Client.
12. Cancellation
12.1 Without prejudice to any other remedies CCA may have, if at any time the Client is in breach of any obligation (including those relating to payment) under these terms and conditions CCA may suspend or terminate the supply of Goods to the Client. CCA will not be liable to the Client for any loss or damage the Client suffers because CCA has exercised its rights under this clause.
12.2 CCA may cancel any contract to which these terms and conditions apply or cancel delivery of Goods or Services at any time before the Goods or Services are delivered by giving written notice to the Client. On giving such notice CCA shall repay to the Client any money paid by the Client for the Goods. CCA shall not be liable for any loss or damage whatsoever arising from such cancellation.
12.3 In the event that the Client cancels delivery of Goods or Services the Client shall be liable for any and all loss incurred (whether direct or indirect) by CCA as a direct result of the cancellation (including, but not limited to, any loss of profits) uo to the time of, or as a result of the cancellation, notwithstanding that at CCA’s sole decretion:
(a) Terms of Trade cancellation will be subject to a fee:
(i) no fee will apply where notification to CCA is received via email to termsoftrade@collectionconsultancy.com.au provided said cancellation is received within the cooling-off period of two (2) business days; or
(ii) after the cooling-off period, fifty percent (50%) of the Contract Price shall be due and payable, where work has commenced; and
(iii) where draft documentation is completed and sent to the Client, the full Contract Price is due and payable.
(b)Debt Collection cancellation requests, after the provision of the Services have commenced, will be subject to Commission, where:
(i)the Debts have been loaded and acknowledged by CCA and no prior written notice has been received; or
(ii)the Debts have been loaded and then it is established that the Client or a representative of the Client (including but not limited to, any other collection agency) has subsequently contracted, without prior written notice directly with the Debtor and a payment is received and/or a payment arrangement is entered into then the Commission that CCA would have otherwise been entitled to under the original contract will be due in accordance with clause 7.
13. Privacy
13.1 All emails, documents, images or other recorded information held or used by the Contractor is Personal Information, as defined and referred to in clause 13.2, and therefore considered Confidential Information. The Contractor acknowledges its obligation in relation to the handling, use, disclosure and processing of Personal Information pursuant to the Privacy Act 1988 (“the Act”) including the Part IIIC of the Act being Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB) and any statutory requirements, where relevant in a European Economic Area (“EEA”), under the EU Data Privacy Laws (including the General Data Protection Regulation “GDPR”) (collectively, “EU Data Privacy Laws”). The Contractor acknowledges that in the event it becomes aware of any data breaches and/or disclosure of the Clients Personal Information, held by the Contractor that may result in serious harm to the Client, the Contractor will notify the Client in accordance with the Act and/or the GDPR. Any release of such Personal Information must be in accordance with the Act and the GDPR (where relevant) and must be approved by the Client by written consent, unless subject to an operation of law.
13.2 The Client agrees for CCA to obtain from a credit reporting body (CRB) a credit report containing personal credit information (e.g. name, address, D.O.B, occupation, previous credit applications, credit history) about the Client in relation to credit provided by CCA.
13.3 The Client agrees that CCA may exchange information about the Client with those credit providers and with related body corporates for the following purposes:
(a)to assess an application by the Client; and/or
(b)to notify other credit providers of a default by the Client; and/or
(c)to exchange information with other credit providers as to the status of this credit account, where the Client is in default with other credit providers; and/or
(d)to assess the creditworthiness of the Client including the Client’s repayment history in the preceding two (2) years.
13.4 The Client consents to CCA being given a consumer credit report to collect overdue payment on commercial credit.
13.5 The Client agrees that personal credit information provided may be used and retained by CCA for the following purposes (and for other agreed purposes or required by):
(a)the provision of Goods; and/or
(b)analysing, verifying and/or checking the Client’s credit, payment and/or status in relation to the provision of Goods; and/or
(c)processing of any payment instructions, direct debit facilities and/or credit facilities requested by the Client; and/or
(d)enabling the collection of amounts outstanding in relation to the Goods.
13.6 CCA may give information about the Client to a CRB for the following purposes:
(a)to obtain a consumer credit report; allow the CRB to create or maintain a credit information file about the Client including credit history.
13.7 The information given to the CRB may include:
(a)personal information as outlined in 14.1 above;
(b)name of the credit provider and that CCA is a current credit provider to the Client;
(c)whether the credit provider is a licensee;
(d)type of consumer credit;
(e)details concerning the Client’s application for credit or commercial credit (e.g. date of commencement/termination of the credit account and the amount requested);
(f)advice of consumer credit defaults, overdue accounts, loan repayments or outstanding monies which are overdue by more than sixty (60) days and for which written notice for request of payment has been made and debt recovery action commenced or alternatively that the Client no longer has any overdue accounts and CCA has been paid or otherwise discharged and all details surrounding that discharge (e.g. dates of payments);
(g)information that, in the opinion of CCA, the Client has committed a serious credit infringement;
(h)advice that the amount of the Client’s overdue payment is equal to or more than one hundred and fifty dollars ($150).
13.8 The Client shall have the right to request (by e-mail) from CCA:
(a)a copy of the information about the Client retained by CCA and the right to request that CCA correct any incorrect information; and
(b)that CCA does not disclose any personal information about the Client for the purpose of direct marketing.
13.9 CCA will destroy personal information upon the Client’s request (by e-mail) or if it is no longer required unless it is required in order to fulfill the obligations of this contract or is required to be maintained and/or stored in accordance with the law.
13.10 The Client can make a privacy complaint by contacting CCA via e-mail. CCA will respond to that complaint within seven (7) days of receipt and will take all reasonable steps to make a decision as to the complaint within thirty (30) days of receipt of the complaint. In the event that the Client is not satisfied with the resolution provided, the Client can make a complaint to the Information Commissioner at www.oaic.gov.au.
14. General
14.1 The failure by either party to enforce any provision of these terms and conditions shall not be treated as a waiver of that provision, nor shall it affect that party’s right to subsequently enforce that provision. If any provision of these terms and conditions shall be invalid, void, illegal or unenforceable the validity, existence, legality and enforceability of the remaining provisions shall not be affected, prejudiced or impaired.
14.2 These terms and conditions and any contract to which they apply shall be governed by the laws of New South Wales, the state in which CCA has its principal place of business and are subject to the jurisdiction of the courts in Sydney.
14.3 Subject to clause 12, CCA shall be under no liability whatsoever to the Client for any indirect and/or consequential loss and/or expense (including loss of profit) suffered by the Client arising out of a breach by CCA of these terms and conditions (alternatively CCA’s liability shall be limited to damages which under no circumstances shall exceed the Price of the Goods).
14.4 The Client indemnifies CCA and agrees that CCA shall not be a party to, and/or liable for, any action brought against the Client or CCA by a Debtor in relation to any Debt that the Client has given to CCA for collection.
14.5 These terms and conditions are to be read in conjunction with CCA’s “Client Manual”, PPSA Conditions of Registration, and Conditions of Debt Load. If there are any inconsistencies between these documents, then the terms and conditions of trade contained in this document shall prevail.
14.6 Any monies held in CCA’s trust account shall be done so on a noninterest bearing basis. The Client shall have no claim on any interest earned on any monies deposited by CCA.
14.7 The Client agrees that CCA may amend these terms and conditions by notifying the Client in writing. These changes shall be deemed to take effect from the date on which the Client accepts such changes, or otherwise at such time as the Client makes a further request for CCA to provide Goods to the Client.
14.8 Both parties warrant that they have the power to enter into this contract and have obtained all necessary authorisations to allow them to do so, they are not insolvent and that this contract creates binding and valid legal obligations on them.
Introduction.
From 12 March 2014, the Australian Privacy Principles (APP’s) replaced the National Privacy Principles and Information Privacy Principles and were inserted into the Privacy Act 1988 (“the Act”) at schedule 1. These principles apply to private sector organisations who deal with information relating to individuals. This legislation is designed to protect personal information about individuals and sets in place a framework and guidelines about how to deal with this information. APP 1.3 requires an APP entity to have a clearly expressed and up-to-date APP privacy policy describing how it manages personal information. Further in February 2018, the Notifiable Data Breaches (“NDB”) Scheme was introduced under Part IIIC of the Act. The NDB establishes requirements and compliance mechanisms for entities in responding to data breaches.
As at 25 May 2018, the EU General Data Protection Regulation (“GDPR”) was introduced providing increased transparency for data protection for all businesses transferring data to the Europe Union. While the GDPR and the APP share some similarities, Collection Consultancy Australia Pty Ltd is providing robust privacy policies and procedures for its staff and clients. This includes ensuring that it conforms to all required APP’s including the provision of a clearly expressed and readily available Privacy Policy. This is completed by the provision of this Privacy Policy Manual.
An APP privacy policy is a key tool for meeting APP 1’s requirements.
To assist with this compliance, Collection Consultancy Australia Pty Ltd ensures that all of its staff members adhere to these policies and procedures. Any breaches of these policies and procedures must be reported to the relevant staff member’s manager or supervisor immediately so that any appropriate measures can be taken to mitigate any issues surrounding an identified breach.
Every staff member of Collection Consultancy Australia Pty Ltd who handles personal information is required to have an understanding of the Australian Privacy Principles (APP’s), the Act and the GDPR, where necessary. Where a more detailed knowledge of Collection Consultancy Australia Pty Ltd’s rights and responsibilities is required, the Privacy Officer will be able to provide assistance.
All staff are encouraged to discuss privacy issues with the nominated Privacy Officer.
Review
Formal review of this privacy policy shall be undertaken on a 6-monthly basis with the details of this review recorded by the Privacy Officer.
1.Australian Privacy Principles (APP’s)
The Privacy Act 1988 and the Credit Reporting Privacy Code 2014 places obligations and responsibilities on employers and employees to ensure that information collected from individuals is collected, retained and used in line with the APP’s. Collection Consultancy Australia Pty Ltd shall abide by the following APP’s at all times:
APP No.
Part 1 – Consideration of personal information privacy
APP 1 Open and transparent management of personal information
APP 2 Anonymity and pseudonymity
Part 2 – Collection of personal information
APP 3 Collection of solicited personal information
APP 4 Dealing with unsolicited personal information
APP 5 Notification of the collection of personal information
Part 3 – Dealing with personal information
APP 6 Use or disclosure of personal information
APP 7 Direct marketing
APP 8 Cross-border disclosure of personal information
APP 9 Adoption, use or disclosure of government related identifiers
Part 4 – Integrity of personal information
APP 10 Quality of personal information
APP 11 Security of personal information
Part 5 – Access to, and correction of, personal information
APP 12 Access to personal information
APP 13 Correction of personal information
Further information regarding the APP’s can be obtained from the office of the Australian Information Commissioner at www.oaic.gov.au.
A copy of the APP’s as produced by the Office of the Australian Information Commissioner is attached as Appendix A. The NDB forms part of the Act as a new implemented scheme for companies to advise by its clients, in the event of a potential data breach that is likely to result in serious harm to any individuals whose personal information is involved in the breach. Collection Consultancy Australia Pty Ltd’s Privacy Policy Manual provides a data breach preparation and response to any potential breaches to ensure compliance under the NDB and the Act.
2.General Data Protection Regulation (“GDPR”)
Upon the implementation of the GDPR on 25 May 2018, Collection Consultancy Australia Pty Ltd has updated the way they use and collect personal data from residents in the EU. This involves, identifying Collection Consultancy Australia Pty Ltd’s data protection officer (“Privacy Officer”), how clients can contact the Privacy Officer and identifying the process of transferring client’s personal information. Further, the implementation of cookies notices on Collection Consultancy Australia Pty Ltd’s website has been activated to ensure Collection Consultancy Australia Pty Ltd’s clients have adequate protection in providing consent to Collection Consultancy Australia Pty Ltd withholding their personal data.
3.Types of Personal Information That Is Collected, Used, Processed & Held
Collection Consultancy Australia Pty Ltd collects personal information for a variety of reasons. This personal information will be collected in the normal course of business and will relate to Goods and/or Services that are provided by Collection Consultancy Australia Pty Ltd to clients. This information collected will be done so in the course of business where the client is a customer of Collection Consultancy Australia Pty Ltd or when the client acts as a guarantor for another person or company that is a client of Collection Consultancy Australia Pty Ltd. Collection Consultancy Australia Pty Ltd will not collect information that is not relevant or sensitive in nature unless it is required in the normal course of business.
The personal information that is collected may include, but will not be limited to the following;
1/Full name
2/Address
3/Date of birth
4/Credit references if applicable
5/Publicly available information which relate to the client’s activities in Australia
6/Any information recorded in the National Personal Insolvency Index
7/The client acknowledges that provided the correct Privacy Act disclosures have been made that Collection Consultancy Australia Pty Ltd may conduct a credit report on the client for the purposes of evaluating the credit worthiness of the client.
8/Driver’s license details
9/Medical insurance details (if applicable)
10/Electronic contact details including email, Facebook and Twitter details
11/Next of kin and other contact information where applicable
Collection Consultancy Australia Pty Ltd ensures that all personal information is held in a secure manner. Where applicable and to the best of Collection Consultancy Australia Pty Ltd’s knowledge all computers or servers have the required security protections in place to safeguard and protect any personal information that is held by Collection Consultancy Australia Pty Ltd.
We use cookies on our website. Cookies are small files which are stored on your computer. They are designed to hold a modest amount of data (including personal information) specific to a particular client and website and can be accessed either by the web server or the client’s computer. In so far as those cookies are not strictly necessary for the provision of Collection Consultancy Australia Pty Ltd’s services, we will ask you to consent to our use of cookies when you first visit our website.
In the event that you utilise our website for the purpose of purchases/orders, Collection Consultancy Australia Pty Ltd agrees to display reference to cookies and /or similar tracking technologies, such as pixels and web beacons (if applicable), and requests consent for Collection Consultancy Australia Pty Ltd collecting your personal information which may include:
(a)IP address, browser, email client type and other similar details;
(b)Tracking website usage and traffic; and
(c)Reports are available to Collection Consultancy Australia Pty Ltd when Collection Consultancy Australia Pty Ltd sends an email to the client, so Collection Consultancy Australia Pty Ltd may collect and review that information
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy control, you can advise us if you would like to receive direct marketing communications. You can access the privacy controls via
info@collectionconsultancy.com.au OR:
If you consent to Collection Consultancy Australia Pty Ltd’s use of cookies on our website and later wish to withdraw your consent, you may manage and control Collection Consultancy Australia Pty Ltd’s privacy controls through your browser, including removing cookies by deleting them from your browser history when you leave the site.
Collection Consultancy Australia Pty Ltd also regularly conducts internal risk management reviews to ensure that its infrastructure (to the best of its knowledge) is secure and any identifiable risks have been mitigated as much as they can be in the normal course of business.
4.Procedures and Responding to Potential Breaches of Privacy
In accordance with the NDB, Collection Consultancy Australia Pty Ltd is aware of its responsibilities to notify its clients in the event of a potential data breach that may cause serious harm to clients. Further, in the event the client is located in the Europe Union (“EU”), Collection Consultancy Australia Pty Ltd acknowledges that any potential data breaches will be safeguarded by the provisions of the GDPR.
Collection Consultancy Australia Pty Ltd will collect and process personal information in the normal course of business. This personal information may be collected and processed (but is not limited to) by any of the following methods;
1/Credit applications forms
2/Work Authorisation forms, quote forms or any other business documentation
3/Publicly available databases that hold information
4/Websites that detail information such as Sensis, Facebook, Google etc.
5/By verbally asking you for information as part of normal business practices
Where relevant to data processing as per the GDPR, and in particular where Collection Consultancy Australia Pty Ltd uses new technologies, and takes into account the nature, scope, context and purposes of processing and considers that the data processing is likely to result in a high risk to the rights and freedoms of natural persons, the Privacy Officer shall, prior to the processing of personal information, carry out an assessment of impact of the envisaged processing operations on the protection impact assessment. The data protection assessment will be required in instances whereby:
(a)a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
(b)processing on a large scale of special categories of data referred to in Article 9 (1) of the GDPR, or of personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR; or
(c)A systematic monitoring of a publicly accessible area on a large scale.
The assessment shall be carried out in accordance with Article 35 (7) of the GDPR and carry out reviews of such data protection impact assessments when there is any change of the risk associated with the processing of personal information.
As a client of Collection Consultancy Australia Pty Ltd and agreeing to Collection Consultancy Australia Pty Ltd’s Terms and Conditions of Trade, which comprises of Collection Consultancy Australia Pty Ltd’s privacy statement you hereby agree and consent to the provisions of this Privacy Policy Manual, including but not limited to the collection, processing, use and disclosure of your personal information. In the event that you do not wish to agree or consent to any of the above use, processing collection and disclosure, then Collection Consultancy Australia Pty Ltd warrants that any request by you to withdraw your consent or agreement shall be deemed as confirmation by you to cease any and/or all collection use, processing and disclosure of your personal information. You may make a Request to withdraw your consent at any time by telephone and/or by e-mail to the following contact details;
The Privacy Officer
Greg Trappett
Collection Consultancy Australia Pty Ltd
309/88 Crown Street Woolloomooloo NSW 2011
Info@collectionconsultancy.com.au
1300 565 988
Collection Consultancy Australia Pty Ltd will ensure that any Information that is to be obtained from you is done so using Collection Consultancy Australia Pty Ltd’s prescribed forms which;
Authorise Collection Consultancy Australia Pty Ltd:
1/To collect personal information; and
2/Inform the individual what personal information is being collected; and
3/Inform the individual why (the purpose) the personal information is being collected; and
4/Inform the individual why & when personal information will be disclosed to 3rd parties.
It is the responsibility of Collection Consultancy Australia Pty Ltd to ensure that any personal information obtained is as accurate and up to date as possible and information is only collected by lawful means in accordance with the Act and relevantly, in accordance with the GDPR.
5.Purposes for Which Information is Collected, Held, Used and Disclosed
Disclosure to Third Parties
Collection Consultancy Australia Pty Ltd will not pass on your personal information to third parties without first obtaining your consent. In accordance with the Act, and relevantly the GDPR, Personal Information can only be used by Collection Consultancy Australia Pty Ltd for the following purposes:
1/Access a credit reporter’s database for the following purposes:
a)To assess your application for a credit account; or
b)To assess your ongoing credit facility; or
c)To notify a credit reporter of a default by you; or
d)To update your details listed on a credit reporter’s database; or
2/Check trade references noted on the prescribed form for the following purposes:
a)To assess your application for a credit account; or
b)To assess your ongoing credit facility; or
c)To notify a default.
3/Market Collection Consultancy Australia Pty Ltd’s products and services.
4/Any other day to day business purposes such as complying with ATO
requirements, managing accounting returns or legal matters.
Relationship with Credit Reporter – In the event that notification of a default has been reported to a Credit Reporter and your credit file has been updated (including any changes to the balance outstanding or contact details), then the Credit Reporter shall be notified as soon as practical of any such changes.
Collection Consultancy Australia Pty Ltd will only gather information for its particular purpose (primary purpose). In accordance with the Act, and relevantly the GDPR Collection Consultancy Australia Pty Ltd will not disclose this information for any other purpose unless this has been agreed to by both parties.
6.How an Individual May Access Personal Information Held and How They May Seek Correction of Such Information
You shall have the right to request from Collection Consultancy Australia Pty Ltd a copy of all the information about you that is retained by Collection Consultancy Australia Pty Ltd. You also have the right to request (by telephone and/or by e-mail) that Collection Consultancy Australia Pty Ltd correct any information that is incorrect, outdated or inaccurate.
Any requests to receive your personal information or to correct personal information should be directed to the following contact details;
The Privacy Officer
Greg Trappett
Collection Consultancy Australia Pty Ltd
309/88 Crown Street Woolloomooloo NSW 2011
Info@collectionconsultancy.com.au
1300 565 988
Collection Consultancy Australia Pty Ltd will destroy personal information upon your request (by telephone and/or by e-mail) or when the personal information is no longer required. The exception to this is if the personal information is required in order to fulfil the purpose of Collection Consultancy Australia Pty Ltd or is required to be maintained and/or stored in accordance with the law.
7.How an Individual May Complain About A Breach Of The APP, And How The Complaint Will Be Dealt With
You can make a complaint to Collection Consultancy Australia Pty Ltd’s internal dispute resolution team (‘IDR’) regarding an interference with and/or misuse of your personal information by contacting Collection Consultancy Australia Pty Ltd via telephone or e-mail.
Any complaints should be directed to the following contact details in the first instance;
The Privacy Officer
Greg Trappett,
Collection Consultancy Australia Pty Ltd
309/88 Crown Street Woolloomooloo NSW 2011
Info@collectionconsultancy.com.au
1300 565 988
In your communication you should detail to Collection Consultancy Australia Pty Ltd the nature of your complaint and how you would like Collection Consultancy Australia Pty Ltd to rectify your complaint.
We will respond to that complaint within 7 days of receipt and will take all reasonable steps to make a decision as to the complaint within 30 days of receipt of the complaint.
We will disclose information in relation to the complaint to any relevant credit provider and or CRB that holds the personal information the subject of the complaint.
In the event that you are not satisfied with the resolution provided, then you can make a complaint to the Information Commissioner on the OAIC website at www.oaic.gov.au
8.Will Personal Information Be Disclosed to Overseas Recipients?
Collection Consultancy Australia Pty Ltd does not disclose information about the client to third party overseas recipients unless the client has provided its consent. Collection Consultancy Australia Pty Ltd will notify you if circumstances change regarding overseas disclosure and will comply with the Act and the GDPR in all respects.
Unless otherwise agreed, Collection Consultancy Australia Pty Ltd agrees not to disclose any personal information about the client for the purpose of direct marketing. You have the right to request (by telephone and/or by e-mail) that Collection Consultancy Australia Pty Ltd does not disclose any personal information about you for the purpose of direct marketing.
9.Availability of This Privacy Policy Manual
This Privacy Policy manual is available to all clients of Collection Consultancy Australia Pty Ltd. It will be made available (where applicable) on Collection Consultancy Australia Pty Ltd’s website.
This manual will also be available upon request at Collection Consultancy Australia Pty Ltd’s business premises and is available to be sent to you if required.
If you require a copy of this Privacy Policy please make a request utilising the following contact information in the first instance:
The Privacy Officer
Greg Trappett
Collection Consultancy Australia Pty Ltd
309/88 Crown Street Woolloomooloo NSW 2011
Info@collectionconsultancy.com.au
1300 565 988
10.Privacy Officer (Responsibilities)
Collection Consultancy Australia Pty Ltd has appointed an internal Privacy Officer to manage its privacy matters. The name of this officer is available by making contact with Collection Consultancy Australia Pty Ltd. The privacy officers’ duties include (but are not limited to) the following:
The Privacy Officer needs to be familiar with the APP’s. Educational material is available from the office of the Privacy Commissioner which explains what Collection Consultancy Australia Pty Ltd needs to know in order to comply with the Privacy Act.
If a person complains to the Privacy Commissioner that Collection Consultancy Australia Pty Ltd has breached their privacy, the Information Commissioner may contact the Privacy Officer to discuss the complaint, and to see whether there is any means of settling the matter. The Privacy Officer shall provide whatever assistance is necessary. The Privacy Officer may be asked to provide background information or identify the staff members who can do so.
Complaints
In the event that a complaint about privacy issues is received the Privacy Officer will:
1/Take ownership of the complaint and ensure that it is dealt with in a timely manner.
2/Acknowledge receipt of the complaint within 24 hours and advise the complainant of their rights.
3/Fully investigate the complaint.
4/Respond, with findings, to the complainant within 30 days of receipt.
5/Keep a record of all complaints received for ongoing review of policies and procedures.
In the event that a complaint about privacy issues is received via a credit reporter the Privacy Officer will:
1/Take ownership of the complaint and ensure that it is dealt with in a timely manner.
2/Acknowledge receipt of the complaint to the credit reporter within 24 hours.
3/Fully investigate the complaint.
4/Respond, with findings, to the credit reporter within 7 days of receipt.
5/Keep a record of all complaints received for ongoing review of policies and procedures.
APPENDIX A – INFORMATION PRIVACY PRINCIPLES
Part 1 – Consideration of Personal Information Privacy
1.Australian Privacy Principle 1 – open and transparent management of personal information
1.1 The object of this principle is to ensure that APP entities manage personal information in an open and transparent way.
Compliance with the Australian Privacy Principles etc
1.2 An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
(a)will ensure that the entity complies with the Australian Privacy Principles and a registered APP code (if any) that binds the entity; and
(b)will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.
APP Privacy policy
1.3 An APP entity must have a clearly expressed and up to date policy (the APP privacy policy) about the management of personal information by the entity.
1.4 Without limiting sub-clause 1.3, the APP privacy policy of the APP entity must contain the following information:
(a)the kinds of personal information that the entity collects and holds;
(b)how the entity collects and holds personal information;
(c)the purposes for which the entity collects, holds, uses and discloses personal information;
(d)how an individual may access personal information about the individual that is held by the entity and seek the correction of such information;
(e)how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
(f)whether the entity is likely to disclose personal information to overseas recipients;
(g)if the entity is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.
Availability of APP privacy policy etc.
1.5 An APP entity must take such steps as are reasonable in the circumstances to make its APP privacy policy available:
(a)free of charge; and
(b)in such form as is appropriate.
Note: An APP entity will usually make its APP privacy policy available on the
entity’s website.
1.6 If a person or body requests a copy of the APP privacy policy of an APP entity in a particular form, the entity must take such steps as are reasonable in the circumstances to give the person or body a copy in that form.
2. Australian Privacy Principle 2 – Anonymity and Pseudonymity
2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.
2.2 Sub-clause 2.1 does not apply if, in relation to that matter:
(a)the APP entity is required or authorised by or under an Australian law, or a court/ tribunal order, to deal with individuals who have identified themselves; or
(b)it is impracticable for the APP entity to deal with individuals who have not identified themselves or who have used a pseudonym.
Part 2 – Collection of Personal Information
3.Australian Privacy Principle 3 – Collection of Solicited Personal Information
Personal information other than sensitive information
3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities.
3.2 If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.
Sensitive information
3.3 An APP entity must not collect sensitive information about an individual unless:
(a)the individual consents to the collection of the information and:
(i)if the entity is an agency—the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or
(ii)if the entity is an organisation—the information is reasonably necessary for one or more of the entity’s functions or activities; or
(b)sub-clause 3.4 applies in relation to the information.
3.4 This sub-clause applies in relation to sensitive information about an individual if:
(a)the collection of the information is required or authorised by or under an Australian
law or a court/tribunal order; or
(b)a permitted general situation exists in relation to the collection of the information by
the APP entity; or
(c)the APP entity is an organisation and a permitted health situation exists in relation
to the collection of the information by the entity; or
(d)the APP entity is an enforcement body and the entity reasonably believes that:
(i)if the entity is the Immigration Department—the collection of the information is reasonably necessary for, or directly related to, one or more enforcement related activities conducted by, or on behalf of, the entity; or
(ii)otherwise—the collection of the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities; or
(e)the APP entity is a non-profit organisation and both of the following apply:
(i)the information relates to the activities of the organisation;
(ii)the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities. Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.
Means of collection
3.5 An APP entity must collect personal information only by lawful and fair means.
3.6 An APP entity must collect personal information about an individual only from the individual unless:
(a)if the entity is an agency:
(i)the individual consents to the collection of the information from someone other than the individual; or
(ii)the entity is required or authorised by or under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual; or
(b)it is unreasonable or impracticable to do so.
Solicited personal information
3.7 This principle applies to the collection of personal information that is solicited by an APP entity.
4.Australian Privacy Principle 4 – Dealing with Unsolicited Personal Information
4.1 If:
(a)an APP entity receives personal information; and
(b)the entity did not solicit the information;
the entity must, within a reasonable period after receiving the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.
4.2 The APP entity may use or disclose the personal information for the purposes of making the determination under sub-clause 4.1.
4.3 If:
(a)the APP entity determines that the entity could not have collected the personal information; and the information is not contained in a Commonwealth record; the entity must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.
4.4 If sub-clause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.
5. Australian Privacy Principle 5 – Notification of the Collection of Personal Information
5.1 At or before the time or, if that is not practicable, as soon as practicable after, an APP entity collects personal information about an individual, the entity must take such steps (if any) as are reasonable in the circumstances:
(a)to notify the individual of such matters referred to in sub-clause 5.2 as are reasonable in the circumstances; or
(b)to otherwise ensure that the individual is aware of any such matters.
5.2 The matters for the purposes of sub-clause 5.1 are as follows:
(a)the identity and contact details of the APP entity;
(b)if:
(i)the APP entity collects the personal information from someone other than the individual; or
(ii)the individual may not be aware that the APP entity has collected the personal information;
the fact that the entity so collects, or has collected, the information and the circumstances of that collection;
(c)if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order— the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/ tribunal order, that requires or authorises the collection);
(d)the purposes for which the APP entity collects the personal information;
(e)the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity;
(f)any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity;
(g)that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information;
(h)that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
(i)whether the APP entity is likely to disclose the personal information to overseas recipients;
(j)if the APP entity is likely to disclose the personal information to overseas recipients— the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.
Part 3 – Dealing with Personal Information
6. Australian Privacy Principle 6 – Use or Disclosure of Personal Information
Use or disclosure
6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless:
(a)the individual has consented to the use or disclosure of the information; or
(b)sub-clause 6.2 or 6.3 applies in relation to the use or disclosure of the information.
Note: Australian Privacy Principle 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.
6.2 This sub-clause applies in relation to the use or disclosure of personal information about an individual if:
(a)the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:
(i)if the information is sensitive information directly related to the primary purpose; or
(ii)if the information is not sensitive information related to the primary purpose; or
(b)the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(c)a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or
(d)he APP entity is an organisation and a permitted health situation exists in relation to
the use or disclosure of the information by the entity; or
(e)the APP entity reasonably believes that the use or disclosure of the information is
reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.
6.3 This sub-clause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:
(a)the agency is not an enforcement body; and
(b)the information is biometric information or biometric templates; and the recipient of the information is an enforcement body; and
(c)the disclosure is conducted in accordance with the guidelines made by the Commissioner for the purposes of this paragraph.
6.4 If:
(a)the APP entity is an organisation; and
(b)subsection 16B (2) applied in relation to the collection of the personal information by the entity; the entity must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the entity discloses it in accordance with sub-clause 6.1 or 6.2.
Written note of use or disclosure
6.5 If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.
Related bodies corporate
6.6 If:
(a)an APP entity is a body corporate; and
(b)the entity collects personal information from a related body corporate; this principle applies as if the entity’s primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.
Exceptions
6.7 This principle does not apply to the use or disclosure by an organisation of:
(a)personal information for the purpose of direct marketing; or
(b)government related identifiers.
7. Australian Privacy Principle 7 – Direct Marketing
Direct Marketing
7.1 If an organization holds personal information about an individual, the organization must not use or disclose the information for the purpose of direct marketing.
Note: An act or practice of an agency may be treated as an act or practice of an organization, see section 7A.
Exceptions – personal information other than sensitive information
7.2 Despite sub-clause 7.1, an organization may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
(a)the organization collected the information from the individual; and
(b)the individual would reasonably expect the organization to use or disclose the information for that purpose; and
(c)the organization provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
(d)the individual has not made such a request to the organisation.
7.3 Despite sub-clause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
(a)the organisation collected the information from:
(i)the individual and the individual would not reasonably expect the organisation to use or disclose the information for that purpose; or
(ii)someone other than the individual; and
(b)either:
(i)the individual has consented to the use or disclosure of the information for that purpose; or
(ii)it is impracticable to obtain that consent; and
(c)the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
(d)in each direct marketing communication with the individual:
(i)the organisation includes a prominent statement that the individual may make such a request; or
(ii)the organisation otherwise draws the individual’s attention to the fact that the individual may make such a request; and
(e)the individual has not made such a request to the organisation.
Exception – sensitive information
7.4 Despite sub-clause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Exception – contracted service providers
7.5 Despite sub-clause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:
(a)the organisation is a contracted service provider for a Commonwealth contract; and the organisation collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and
(b)the use or disclosure is necessary to meet (directly or indirectly) such an obligation. Individual may request not to receive direct marketing communications etc.
7.6 If an organisation (the first organisation) uses or discloses personal information about an individual:
(a)for the purpose of direct marketing by the first organisation; or
(b)for the purpose of facilitating direct marketing by other organisations; the individual may:
(c)if paragraph (a) applies—request not to receive direct marketing communications from the first organisation; and
(d)if paragraph (b) applies—request the organisation not to use or disclose the information for the purpose referred to in that paragraph; and
(e)request the first organisation to provide its source of the information.
7.7 If an individual makes a request under sub-clause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:
(a)if the request is of a kind referred to in paragraph 7.6(c) or (d)—the first organisation must give effect to the request within a reasonable period after the request is made; and
(b)if the request is of a kind referred to in paragraph 7.6(e)—the organisation must, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so.
Interaction with other legislation
7.8 This principle does not apply to the extent that any of the following apply:
(a)the Do Not Call Register Act 2006;
(b)the Spam Act 2003;
(c)any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.
8. Australian Privacy Principle 8 – Cross-Border Disclosure of Personal Information
8.1 Before an APP entity discloses personal information about an individual to a person (the overseas recipient):
(a)who is not in Australia or an external Territory; and
(b)who is not the entity or the individual;
the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
Note: In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16 C, to have been done, or engaged in, by the APP entity and to be a breach of the Australian Privacy Principles.
8.2 Sub-clause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:
(a)The entity reasonably believes that:
(i)the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and
(ii)there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or
(b)Both of the following apply:
(i)The entity expressly informs the individual that if he or she consents to the disclosure of the information, sub-clause 8.1 will not apply to the disclosure;
(ii)After being so informed, the individual consents to the disclosure; or
(c)the disclosure of the information is required or authorized by or under an Australian law or a court/tribunal order; or
(d)a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A (1) exists in relation to the disclosure of the information by the APP entity; or
(e)the entity is an agency and the disclosure of the information is required or authorized by or under an international agreement relating to information sharing to which Australia is a party; or
(f)the entity is an agency and both of the following apply:
(i)the entity reasonably believes that the disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body;
(ii)the recipient is a body that performs functions, or exercises powers, that are similar to those performed or exercised by an enforcement body.
Note: For permitted general situation, see section 16A.
9. Australian Privacy Principle 9 – Adoption, Use or Disclosure of Government Related Identifiers
Adoption of government related identifiers
9.1 An organization must not adopt a government related identifier of an individual as its own identifier of the individual unless:
(a)the adoption of the government related identifier is required or authorized by or under an Australian law or a court/tribunal order; or
(b)Sub-clause 9.3 applies in relation to the adoption.
Note: An act or practice of an agency may be treated as an act or practice of an organization, see section 7A.
Use or disclosure of government related identifiers
9.2 An organization must not use or disclose a government related identifier of an individual unless:
(a)the use or disclosure of the identifier is reasonably necessary for the organization to verify the identity of the individual for the purposes of the organization’s activities or functions; or
(b)the use or disclosure of the identifier is reasonably necessary for the organization to fulfil its obligations to an agency or a State or Territory authority; or
(c)the use or disclosure of the identifier is required or authorized by or under an Australian law or a court/tribunal order; or
(d)a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A (1) exists in relation to the use or disclosure of the identifier; or
(e)the organization reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(f)Sub-clause 9.3 applies in relation to the use or disclosure.
Note 1: An act or practice of an agency may be treated as an act or practice of an organization, see section 7A.
Note 2: For permitted general situation, see section 16A.
Regulations about adoption, use or disclosure
9.3 This sub-clause applies in relation to the adoption, use or disclosure by an organization of a government related identifier of an individual if:
(a)the identifier is prescribed by the regulations; and
(b)the organization is prescribed by the regulations, or is included in a class of organizations prescribed by the regulations; and
(c)the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.
Note: There are prerequisites that must be satisfied before the matters mentioned in this sub-clause are prescribed, see subsections 100(2) and (3).
Part 4 – Integrity of Personal Information
10. Australian Privacy Principle 10 – Quality of Personal Information
10.1 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity collects is accurate, up to date and complete.
10.2 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.
11. Australian Privacy Principle 11 – Security of Personal Information
11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:
(a)From misuse, interference and loss; and
(b)From unauthorized access, modification or disclosure.
11.2 If:
(a)an APP entity holds personal information about an individual; and
(b)the entity no longer needs the information for any purpose for which the information may be used or disclosed by the entity under this Schedule; and
(c)the information is not contained in a Commonwealth record; and
(d)the entity is not required by or under an Australian law, or a court/tribunal order, to retain the information;
The entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Part 5 – Access To, And Correction Of, Personal Information
12. Australian Privacy Principle 12 – Access to Personal Information
Access
12.1 If an APP entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information.
Exception to access – agency
12.2 If:
(a)the APP entity is an agency; and
(b)the entity is required or authorized to refuse to give the individual access to the personal information by or under:
(i)the Freedom of Information Act; or
(ii)any other Act of the Commonwealth, or a Norfolk Island enactment, that provides for access by persons to documents;
then, despite sub-clause 12.1, the entity is not required to give access to the extent that the entity is required or authorized to refuse to give access.
Exception to access – organization
12.3 If the APP entity is an organization then, despite sub-clause 12.1, the entity is not required to give the individual access to the personal information to the extent that:
(a)the entity reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
(b)giving access would have an unreasonable impact on the privacy of other individuals; or
(c)the request for access is frivolous or vexatious; or
(d)the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or
(e)giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(f)giving access would be unlawful; or
(g)denying access is required or authorized by or under an Australian law or a court/ tribunal order; or
(h)both of the following apply:
(i.)the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity’s functions or activities has been, is being or may be engaged in;
(ii.)giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(iii)giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(iv)giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
Dealing with requests for access
12.4 The APP entity must:
(a)Respond to the request for access to the personal information:
(i)if the entity is an agency—within 30 days after the request is made; or
(ii)if the entity is an organization—within a reasonable period after the request is made; and
(b)Give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Other means of access
12.5 If the APP entity refuses:
(a)to give access to the personal information because of sub-clause 12.2 or 12.3; or
(b)to give access in the manner requested by the individual;
The entity must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
12.6 Without limiting sub-clause 12.5, access may be given through the use of a mutually agreed intermediary.
Access charges
12.7 If the APP entity is an agency, the entity must not charge the individual for the making of the request or for giving access to the personal information.
12.8 If:
(a)the APP entity is an organization; and
(b)the entity charges the individual for giving access to the personal information;
The charge must not be excessive and must not apply to the making of the request.
Refusal to give access
12.9 If the APP entity refuses to give access to the personal information because of sub-clause 12.2 or 12.3, or to give access in the manner requested by the individual, the entity must give the individual a written notice that sets out:
(a)the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
(b)the mechanisms available to complain about the refusal; and
(c)Any other matter prescribed by the regulations.
12.10 If the APP entity refuses to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.
13. Australian Privacy Principle 13 – Correction of Personal Information
Correction
13.1 If:
(a)an APP entity holds personal information about an individual; and
(b)either:
(i)the entity is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
(ii)the individual requests the entity to correct the information;
the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
Notification of correction to third parties
13.2 If:
(a)the APP entity corrects personal information about an individual that the entity previously disclosed to another APP entity; and
(b)the individual requests the entity to notify the other APP entity of the correction;
The entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Refusal to correct information
13.3 If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:
(a)the reasons for the refusal except to the extent that it would be unreasonable to do so; and
(b)the mechanisms available to complain about the refusal; and
(c)Any other matter prescribed by the regulations.
Request to associate a statement
13.4 If:
(a)the APP entity refuses to correct the personal information as requested by the individual; and
(b)the individual requests the entity to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading; the entity must take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
Dealing with requests
13.5 If a request is made under sub-clause 13.1 or 13.4, the APP entity:
(a)Must respond to the request:
(i) if the entity is an agency—within 30 days after the request is made; or
(ii)If the entity is an organization—within a reasonable period after the request is made; and
(b)Must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).