This policy explains how and why we collect, use, hold and disclose personal information. “We”, “us” and “our” means Sourse Pty Ltd ABN 86 160 558 341 of L27, 100 Barangaroo Ave, Barangaroo, NSW, Australia, 2000.
What is personal information?
Personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true
What personal information do we collect and hold?
The types of personal information we may collect, and how we use or disclose it, will vary based on the nature of our relationship or dealings with you. We may collect and hold personal information that includes:
(a) identity and contact details, for example if you contact us; and
(b) other personal information, typically that is provided by our clients.
Where your personal information is provided by one of our clients, we rely on client to have obtained your permission to share your information with us.
Why do we collect, hold and use your personal information?
We collect, hold and use your personal information so that we can:
(a) manage our relationship with you;
(b) provide our services to our clients.
(c) contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
(d) comply with our legal obligations and assist government and law enforcement agencies or regulators; or
(e) identify and tell you about other products or services that we think may be of interest to you. If you do not provide us with your personal information we may not be able to provide you with services, communicate with you or respond to your enquiries.
How do we collect your personal information?
We will collect your personal information directly from you whenever you interact with us. We may collect information from third parties such as:
(a) our clients that provide us with your information; and
(b) third party data sources that provide additional information about you
How do we store and hold personal information?
Where we hold personal information in connection with one of our clients, we typically store that information in secure cloud infrastructure that is dedicated to the tenancy of our client’s data. This infrastructure is operated by either us or our external service providers. We typically de-identify that personal information so that it is secure from misuse, interference or loss, and from unauthorised access, modification or disclosure.
We implement and maintain processes and security measures to protect any personal information that we hold. We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the Australian Privacy Principles.
We will also take reasonable steps to destroy or de-identify personal information once we no longer require it for the purposes for which it was collected or for any secondary purpose permitted under the Australian Privacy Principles.
Who do we disclose your personal information to, and why?
We may transfer or disclose your personal information to:
(a) our related companies;
(b) our clients, where they originally provided us with your personal information; and
(c) to external service providers so that they may perform services for us or on our behalf.
We may also disclose your personal information to others outside our group of companies where:
(a) we are required or authorised by law to do so;
(b) you may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
(c) we are otherwise permitted to disclose the information under the Privacy Act 1988 (Cth).
If the ownership or control of all or part of our business changes, we may transfer your personal information to the new owner.
Do we disclose personal information to overseas recipients?
We do not disclose your personal information to recipients which are located outside Australia.DO WE USE YOUR PERSONAL INFORMATION FOR MARKETING?
We do not use personal information that we hold in connection with providing a service to a client to market to you. Otherwise, we may use your personal information to offer you products and services we believe may interest you, but we will not do so if you tell us not to.
Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.
Access to and correction of your personal information
You may access or request correction of the personal information that we hold about you by contacting us. Our contact details are set out below. There are some circumstances in which we are not required to give you access to your personal information.
There is no charge for requesting access to your personal information but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).
We will respond to your requests to access or correct personal information in a reasonable time and will take all reasonable steps to ensure that the personal information we hold about you remains accurate, up to date and complete.
Your rights under the EU GDPR
Under the European Union (EU) General Data Protection Regulation (GDPR), as a data subject you have the right to:
(a) access your data;
(b) have your data deleted or corrected where it is inaccurate;
(c) object to your data being processed and to restrict processing;
(d) withdraw consent to having your data processed;
(e) have your data provided in a standard format so that it can be transferred elsewhere; and
(f) not be subject to a decision based solely on automated processing.
Data subject rights
We have processes in place to deal with Data Subject Rights requests. Our actions and responsibilities will depend on whether we are the controller or processer of the personal data at issue. Depending on our role as either a controller or processor, the process for enabling Data Subject Rights may differ, and are always subject to applicable law. Please refer to the Contact Details section of this policy if you would like to make a Data Subject Rights request.
If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.
We will consider your complaint and determine whether it requires further investigation. We will notify you of the outcome of this investigation and any subsequent internal investigation.
If you remain unsatisfied with the way in which we have handled a privacy issue, you may approach an independent advisor or contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance on alternative courses of action which may be available.
If you have any questions, comments, requests or concerns, please contact us at:
Privacy Officer – firstname.lastname@example.org
Changes to this policy
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold. Any changes to our policy will be published on our website.
You may obtain a copy of our current policy from our website or by contacting us at the contact details above.