Privacy Policy
Privacy policy
About this Policy
In this Privacy Policy ‘we‘ refers to Rain Harvesting Pty Ltd (ABN 11 113 300 093), Rain Harvesting by Blue Mountain Co, Blue Mountain Co Gutter Mesh, Blue Mountain Co Plumbing.
We understand the importance of, and are committed to, protecting your personal information. We comply with the Privacy Act 1988 (Cth) (Privacy Act). We are bound by the Australian Privacy Principles (APPs) which regulate how we may collect, use, disclose and store personal information, and how our customers and suppliers and stakeholders (‘you‘) may access and correct personal information we hold about you.
Purpose
The purpose of this policy is to:- Clearly communicate how we deal with personal information;
- Enhance the transparency of our operations; and
- Give a better and more complete understand of the sort of personal information that we hold, and the way we handle that information.
Changes to this privacy policy
We may change this privacy policy from time-to-time. The updated privacy will be posted on our website, with the date of the update shown.
Who to contact
If you have any questions, concerns or complaints about this privacy policy, or our use of your personal information, please contact us at info@bmco.com.au or Telephone +61 7 3248 9600.
You may also contact the Privacy Officer using the contact details provided below. You can also contact the privacy officer if you believe that the privacy of your personal information has been compromised or is not adequately protected.
Once a complaint has been lodged, the Privacy Officer will respond to you as soon as possible.
You may also lodge a complaint with the Office of the Australian Information Commissioner by telephone: 1300 363 992 or email: enquiries@oaic.gov.au.
Information we collect about you
We collect information about you that we reasonably need for our business functions and activities. Our business functions and activities include:
- Providing you with our information, products and services – these are described generally on our website, our corporate brochures, advertising, and our letter and emails and communications to customers, suppliers and business partners;
- Activities in support of those functions including administration, management, marketing, contracting, online and mobile marketing, IT, legal, security, customer support, finance (including credit control) and human resources; and
- Activities we plan for the future including new ways of communicating, new products and services, new business models and new businesses.
Generally, we collect the following personal information about you:
- Your name;
- Your contact details including residential or business address, telephone number and email address;
- Company details (if applicable); and
- Date of birth.
We may combine your personal information above with other information about you, including sensitive information, for example:
- If you login to our website we may collect details about your user name, site usage and products and services you may be interested in;
- If your business or your employer supplies us with products or services, or if your business or employer distributes, sells or services our products, we collect information about your trading with us (for example the products and services you buy or sell or the products and services you provide), your trading history and account history (including credit card details);
- If you apply for a position with us, we collect information to help us decide your application, including your contact details, date of birth, work history, academic history, referees, tax file number, medical and relationship status and similar details;
- If you request information from us (for example about a product or service) or register a complaint, we collect information about your request or complaint; and
- If you enter a promotion or competition, visit us at an event or enquire about our company, we may collect your contact details so that we can follow up on your enquiry or interest by sending you marketing material.
If you submit a credit application to us we collect certain other types of personal information (including information contained in a consumer or commercial credit report about you) including:
- Information about your credit history, including information about your past experiences with us and other credit providers;
- The kinds of credit products that you have sought and obtained in the past;
- Information about your consumer credit payments overdue for at least 60 days and for which collection action has started;
- Advice that payments that were previously notified to a CRB as overdue are no longer overdue;
- Publicly available information about your credit worthiness;
- An opinion of a credit provider that you have committed a serious credit infringement in relation to credit provided by that credit provider; and
- We may also derive information about you from consumer or commercial credit reports about you, including:
- Information which assists us to assess your suitability for credit; and
- The likelihood of you being able to meet your commitments to us.
We record this information (personal information) in our database whilst we deal with you. We will remove this information from out database when we have no further need to keep a record of it, except if we are required to keep it by law (for example, for tax or for superannuation purposes).
How we collect information about you
We collect personal information directly from you. We may record your contact details when you call us, when you register and login to our website, when you purchase a product or service, if you are a subcontractor or supplier, when you fill out an application form (including a credit application form) when you participate in a transaction, when you provide your contact details via web, mobile or email or when you ask us for information or request something from us.
Sometimes we collect personal information about you from another person or business, or from a publicly available source. For example:
- Your employer may give us your details in relation to a subcontract or provision of a product or service;
- We may get you details from a publicly released tender;
- An employment service may send us your resume;
- If you make a credit application and also where you carry on business with us on credit terms, we may obtain information about you from credit reporting bodies and other credit providers;
- If you enter a networking event, promotion or competition organised by us, we may be given your name and contact details by the promoter of the event; and
- Our service providers may provide us with your personal information from websites, social media sites, mobile, and other technology-based sources.
We use lawful and fair means to collect your information. We will collect personal information about you from another person or from a publicly available source only if it is unreasonable or impracticable to collect it directly from you, and we will take reasonable steps to inform you that we have collected your personal information. Those reasonable steps may include informing you through this privacy policy.
Unsolicited information
If we receive personal information about you that we have not requested, and if we determine that we could not have lawfully collected that information under privacy law if we had requested it, we will destroy or de-identify the information, if it is lawful and reasonable to do so. If we collect your personal information in an unsolicited manner, we take reasonable steps to inform you of such collection and also how we use, disclose and secure your personal information. Such reasonable steps may include referring you to this privacy policy.
Do I have to provide you with my personal information?
You can deal with us anonymously (without giving us your name and contact details) or by using a pseudonym (a name that does not include your real name, for example an email address or a user name that you use in an online forum (nickname)).
If you choose to deal with us anonymously or using a nickname, we can give you general information about our products and services, and you may be able to purchase products and services from us for cash or participate in any online forum we provide, but there are some things we cannot do. For example, if you do not give us your personal information, there are certain things we cannot do, including give you information about your dealings with us as a customer, subcontractor or supplier, deal with a complaint you may have, provide you with a service or deliver a product or service to you at an address. You cannot attend one of our networking events, or enter into one of our promotions anonymously or using a nickname
You can deal with us using a nickname together with your real name and contact details. If you choose to deal with us in this way, we may collect your personal information together with your nickname. When you identify yourself to us using your nickname only, we can deal with you only as described above. We may ask you to provide proof of your identity if you use a nickname.
Why we collect personal information about you (purpose of collection)?
We collect and record personal information about you so that we can carry out our functions and activities described above. The primary purposes for which we collect your personal information include:
- So that we can provide our products and services to you;
- So that we can administer our dealings with you (and your employer if applicable), to provide you with information and to respond to any requests that you may have (for example, so that we can administer and provide you with project information);
- So that we can assess and process a credit application made by you or your business, establish, provide and administer your credit account, and collect overdue payments;
- So that we can function as a business, for example, we may collect your personal information for research, marketing or so that we can offer new products, reconcile transactions, or if you are a supplier so that we can record your dealings with us;
- So that we can decide whether to employ or contract with you; and
- So that we can comply with agreements we have entered into with our suppliers and customers.
We also collect your personal information for certain secondary purposes that are related to the primary purposes outlined above. Secondary purposes may include so that we can run our business efficiently, for example, so that our advisors can provide us with customer research, or so that we can use technology to automate our business and to understand how our business is performing, to allow us to operate efficiently and to lower costs by outsourcing services (such as collecting or paying money). Other secondary purposes may include so that we can sell or transfer our business or merge with another business.
Disclosure
Who do we disclose your personal information to?
We do not use or disclose your personal information for a purpose other than:
- A purpose set out in this privacy policy (primary or secondary purpose above);
- A purpose you would reasonably expect;
- A purpose required or permitted by law; and
- A purpose otherwise disclosed to you to which you have consented.
Depending on the circumstances, we may disclose your personal information to other people including one or more of the following:
- Service providers including travel providers, agents, contractors, IT, security, legal, accounting, research, credit, credit reporting bodies, marketing, insurers, financial institutions, debt collection agencies and others;
- Other credit providers, to assist them with assessing a credit application they have with you, or to ensure that the information about you that we handle is correct;
- Credit reporting bodies in order to obtain credit reports and also for the purpose of dealing with defaults on your credit account and serious credit infringements;
- Our affiliate companies and related companies;
- Government, regulatory and law enforcement authorities, where we are required to or permitted to by law;
- Your employer, if you are an employee of a subcontractor or contractor; and
- To prevent or investigate any fraud or crime (or a suspected fraud or crime).
We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations with respect to the protection of your personal information.
Disclosure overseas
We may disclose your personal information to an overseas service provider, for example a travel provider, a cloud data centre or a customer information call centre. Our overseas service providers may be located in, but not limited to, Europe and/or North America.
If it is not practicable or reasonable for us to gain your consent to disclose your personal information to an overseas service provider, we will take reasonable steps to notify you of the specific countries where we disclose your personal information. We will take reasonable steps to ensure that the overseas services provider is bound by privacy and confidentiality obligations.
Access to your personal information
You may request access to the personal information that we hold about you by using the contact details provided above.
We will deal with your request for such access within a reasonable time. If we refuse access, we will provide you with a written notice which sets out the reasons for the refusal and the relevant provisions of the Privacy Act that we rely on to refuse access.
We may recover reasonable costs in relation to a request for access to personal information.
Accuracy and correction
We take reasonable steps to make sure that the personal information we collect is accurate, up-to-date and complete. Where we believe that the personal information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information. You may also request that we correct information that we hold about you, by using our contact details above.
We will take reasonable steps to correct the information within a reasonable time. However, if we do not agree with the corrections you have requested, we are not obliged to alter your personal information, but we will give you a written notice which sets out the reasons for our refusal, the mechanisms available to complain about the refusal and the relevant provisions of the Act that we rely on to refuse correction.
You can also ask us to associate a statement with the relevant information that puts your view that it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will not charge you for making a correction request, for correcting your information or for associating a statement with your information.
Security
We hold your personal information in paper-based and electronic files. We will take reasonable steps to ensure that your personal information which is kept in our files is protected from:
- Misuse, interference and loss; and
- Unauthorised access, modification or disclosure.
This means that, in respect of our paper-based files, we maintain various security systems on our premises, and in respect of electronic files, we (or our service providers) maintain secure electronic network systems.
When we no longer require your personal information (including when we are no longer required by law to keep records relating to you), we ensure that it is destroyed or de-identified.
Website
This section explains how we handle personal information collected from our websites (including social media site and mobile site if relevant). If you have any questions or concerns about transmitting your personal information via the internet, you may contact us using the contact details provided above, as there are other ways for you to provide us with your personal information.
Visiting our website or downloading our app/s
If you access an unsecured part of our websites, that is, a public page that does not require you to log on, we (or our service providers) will collect information about your visit, such as:
- The time and date of the visit;
- Any information or documentation that you download;
- Your browser type; and
- Your IP address.
Cookies
A “cookie” is a small text file which is placed on your internet browser and which we access each time you visit our website. When you visit the secured pages of our website (i.e. pages that you have to provide login details to access) we use cookies for security and personalisation purposes. When you visit the unsecured pages of our website (i.e. public pages that you can access without providing login details) we use cookies to obtain information about how our website is being used.
You may change the settings on your browser to reject cookies; however doing so will prevent you from access to the secured pages of our website.
When we receive emails, we will retain the content of the email and our response to you where we consider it necessary to do so.
Your email address will only be used or disclosed for the purpose for which is was provided. It will not be added to any mailing lists or used for any other purpose without your consent.
Security
We make reasonable efforts to ensure that the most up-to-date security measures are used on our website to protect your personal information. Any data containing personal information which we transmit via the internet is encrypted. However, we cannot guarantee that any information transmitted via the internet by us, or you, is entirely secure. You use our website at your own risk.
Links on our website
Our website may contain links to third party websites. We advise that the terms of this privacy policy do not apply to external websites. If you wish to find out how any third parties handle your personal information, you will need to obtain a copy of their privacy policy.
Location data
We may use and store information about your location if you give us permission to do so. We use this data to provide features of our Service, to improve and customize our service. You can enable or disable location services at any time through your device settings.
Marketing
We may use your personal information, including your contact details, to provide you with information about products and services, including those of third parties, which we consider may be of interest to you. We may do this, even if you are on the Do Not Call Register.
We may also provide your details to other organisations for specific marketing purposes.
You may opt out at any time if you no longer wish to receive marketing information. In order to do so, you will need to request that we no longer send marketing materials to you or disclose your information to other organisations for marketing purposes. You can make this request by using the contact details provided above, or by “unsubscribing” from email or other marketing messages.
Analytics
We may use third-party Service Providers to monitor and analyze the use of our Service.
Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en.
Behavioural Remarketing
We may use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimize and serve ads based on your past visits to our Service.
Google AdWords
Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on, https://tools.google.com/dlpage/gaoptout for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en.
Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950.
To opt-out from Facebook's interest-based ads follow these instructions from Facebook: https://www.facebook.com/help/568137493302217.
For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: https://www.facebook.com/privacy/explanation.
Payments
We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with include, but are not limited to, Assembly payments and AppGurus.
Notification of data breaches
If we have reasonable grounds to suspect that a data breach has occurred, we will:
- Complete an assessment of the suspected data breach within 30 days; and
- If appropriate, take remedial action to address any potential harm to individuals that may arise due to a relevant data breach before any serious harm is caused to individuals to whom the information relates.
We will otherwise comply with privacy data breach notification requirements, including notifying affected individuals and the Office of the Australian Information Commissioner as applicable.