It also explains how to contact us to correct, update or delete any personal information provided to us, or make a complaint if you have concerns. We are compliant with the privacy principles of Australia as to how Australia regulates how we collect, use, disclose, store and protect your personal information.
We will only collect and process personal information about you where we have a lawful basis to do so. Lawful basis includes consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you) and legitimate interests (including security threats or frauds, compliance with applicable laws, and enabling us to administer our business).
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and Resolutions Product users; in other words, where we determine the purposes and means of the processing of that personal data.
We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).
What is personal information?
Personal information is defined as information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
When do we collect personal information?
We collect most personal information directly from you when you consent to use our service or receive communications from us. Your consent may be express (e.g. you agree to the use of your information by ticking a box) or implied by an action you take or do not take (i.e. because you have agreed to terms and conditions that contain information about the use or disclosure of your information).
You provide us your information when you use our service or you use our website generally or you deal with us.
What personal information do we collect?
Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to use the Resolutions Services.
Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase the Resolutions Services. We store only very limited, if any, financial information that we collect.
We will not disclose information relating to your financial affairs that we hold to a third-party because of your use of the Resolutions Services unless you tell us to do so or we have a legal obligation to do so.
Why do we collect your personal information?
We may collect your personal information when required by law but generally we collect personal information from you (or about you) to allow us to:
- supply you with the Resolutions Services;
- supply you with tailored service offerings that may benefit you;
- communicate more effectively with you about our services and your care;
- ensure your experience with us is a positive one; and
- notify you about our new service or product offerings, discounts, promotions or upcoming events.
Personal information collected or received by us will only be used for the stated purpose for which it was provided.
When you access the Resolutions Services, we may collect certain information automatically, including, but not limited to, your operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.
When do we disclose your personal information?
- for the purpose it was collected;
- if we sell all or part of our business and the purchaser also requires your personal information;
- to enforce our legal rights or those of others;
- to prevent actual or potential fraud or illegal activity; or
- if we are required to do so by law.
If personal information is disclosed to a third party, we are required to take reasonable steps to ensure your personal information is treated in accordance with the laws that apply to personal information in that country.
What if you don’t want us to collect your personal information?
You are not obligated to provide us with your personal information. You may choose whether you receive communications from us. Whilst it is your choice not to provide your personal information to us this may impede our ability to provide you with all of the functionality of our Resolutions Services.
What if you don’t want to receive further communications from us?
Should you wish to remove yourself from our contact database you may do so at any time by contacting our Privacy Officer.
How can I access, correct and/or update personal information you have collected?
At any time you may contact our Privacy Officer and request your personal information be modified. We will make all efforts to correct data once we have proved your identity.
We will deal with all requests for access to personal information as quickly as possible, but no later than 30 calendar days from the date of your request (unless any complexities arise). Requests for a large amount of information, or information which is not currently in use, may require further time before a response can be given.
We will provide you your personal information in a structured, commonly used, machine-readable format.
In some cases, we will refuse to give you access to personal information we hold about you. This includes, but is not limited to, circumstances where giving you access would: be unlawful; have an unreasonable impact on other people’s privacy; prejudice an investigation of unlawful activity; reveal our intentions in relation to negotiations with you so as to prejudice those negotiations; prejudice enforcement related activities conducted by, or on behalf of, an enforcement body; reveal evaluative information generated within Resolutions business in connection with a commercially sensitive decision-making process.
We will also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings. Further, we will refuse access where your request is frivolous or vexatious, and where we reasonably believe that: giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; unlawful activity, or misconduct of a serious nature, is being or may be engaged in against Resolutions and giving access would be likely to prejudice the taking of appropriate action in relation to that matter.
If we refuse to give you access we will provide you with reasons for our refusal, unless doing so would be unreasonable in the circumstances. We will also take reasonable steps to give you access in a way that meets your needs without giving rise to the reasons of our refusal. Further, we will provide details of how you may make a complaint about our decision.
How do we store and protect your personal information?
For us to provide excellent service we are required to store some personal information and take the greatest of care to ensure this information is treated as private and confidential. Transmitting personal data via the internet does have inherent risks associated with it. We will however take all reasonable steps to ensure the security of this data. Note that no information transmitted over the Internet can be guaranteed to be completely secure. While we will endeavour to protect your personal information as best as possible, we cannot guarantee the security of any information that you transmit to us, or receive from us. The transmission and exchange of information is carried out at your own risk.
We have taken the necessary measures to ensure the personal information (including the financial information about yourself) we hold is not compromised. In accordance with and as permitted by applicable law and regulations we will retain your information as long necessary to serve you, to maintain your Resolutions account or as otherwise required to operate our business.
Your personal information is protected by security certificates and are built considering all modern security standards where possible. We will take reasonable steps to maintain the integrity and security of any personal information we have stored, including taking reasonable steps to prevent interference and loss, misuse, unauthorised access, modification or disclosure of such personal information.
We have obligations to notify you if you are affected by a data breach. We will take all reasonable precautions to take remedial action to prevent such an event. However, as we cannot guarantee that remedial action will be sufficient to prevent all instances of a breach, we will take steps to notify you of an eligible data breach as soon as practicable, or no later than 72 hours (where feasible) for EU citizens, and provide recommendations as to what steps you should take to mitigate any serious loss or damage.
Our website and service does not address anyone under the age of 16 (Children). Our website and service is intended for and directed to adults and we do not knowingly collect personal information from Children without the express consent of a parent or legal guardian.
If you are a parent or guardian and you are aware that your Children have provided us with personal information, please contact us. If we become aware that we have collected personal information from Children without verification of parental consent, we will take steps to remove that information from our servers.
Third party sites
Our site may have links to other websites and services provided on those websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
- Keeping you signed in
- Understanding how you use our website
What types of cookies do we use?
There are a number of different types of cookies, however, our website may use:
- Functionality – we use these cookies so that we recognise you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
- Advertising – we use these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Sometimes we share some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
How to manage cookies
You can set your browser not to accept cookies. However, in a few cases, some of our website features may not function as a result.
Our obligations under the GDPR
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used.
Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
EU citizens are entitled to the right to erasure of personal information in certain circumstances, including but not limited to where the information is no longer necessary for the purpose for which it was collected, or where the EU citizen withdraws their consent and there is no other legal ground for processing their personal information. Please contact our Privacy Officer to discuss your request to remove your personal information.
EU citizens acknowledge and agree that Resolutions may exercise any of the exceptions to the right of erasure, specifically in cases where data processing is necessary to exercise the right of freedom of expression and information.
We retain information for as long as required, allowed or we believe it useful. You must keep your own, separate back-up records. However, the length of time we keep your personal information depends on what it is and whether we have an ongoing business need to retain it (for example, to provide you with a service you’ve requested or to comply with applicable legal, tax or accounting requirements).
We’ll retain your personal information for as long as we have a relationship with you and for a period of time afterwards where we have an ongoing business need to retain it, in accordance with our data retention policies and practices. Following that period, we’ll make sure it’s deleted or anonymised.
We may transfer all personal information to our hosting service providers and data centres located overseas. You hereby expressly and voluntarily grant your informed consent to such transfers.
Should you wish to enquire regarding our security policies and practices
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
ENQUIRIES, REQUESTS & COMPLAINTS
If you think your personal information, held by us, may have been compromised in any way or you have any other Privacy related complaints or issues, you should also raise the matter with the Privacy Officer.
We will ensure your claims are investigated and a formal response will be provided to you, within a reasonable time, considering the circumstances of your claims. If any corrective action is determined to be required, as a result of that investigation, we will take all reasonable steps to rectify the situation and advise you of such, again within a reasonable time considering the circumstances.
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian Information Commission, whose contact details are below.
Office of the Australian information Commission
|1300 363 992
|Level 3, 175 Pitt Street, Sydney NSW 2000
|GPO Box 5218, Sydney NSW 2001
Resolutions (Int) Pty Ltd as Trustee for The Resolutions Trading Trust
ABN 29 449 318 376
|The Privacy Officer
|+61(0)7 3520 2292
|4/6 Vanessa Boulevard, Springwood, Queensland 4127 Australia
|PO Box 2060, Mansfield DC, Queensland 4122 Australia