Privacy & Disclaimer Purpose of this policy Insitec Pty Ltd (ACN 097 025 968), Insitec MIS Systems Pty Ltd (ACN 161 023 856) and their respective subsidiaries (collectively ‘Insitec’ and ‘we’) are bound by the Privacy Act 1988 (Cth) (Act). We are committed to complying with the Act and other relevant laws in relation to the management and protection of personal information. This Privacy Policy describes how Insitec collects, holds, uses and discloses your personal information. By providing your personal information to Insitec, you consent to our collection, use and disclosure of your personal information in accordance with this Privacy Policy. This Privacy Policy applies to clients, independent contractors, suppliers and job applicants, users of our software applications, (and other individuals) who may provide Insitec with their personal information or otherwise make that information available. Employment information This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are outside the scope of the privacy laws. When you apply for a role with Insitec, certain information may be collected from you (including your name, contact details, working history and relevant background checks) from your previous employer and others who may be able to provide information to assist Insitec in deciding whether to offer you employment, or to engage you under a contract. What personal information do we collect? Personal information has the meaning given under the Act and it means any information or an opinion about an identified individual, or an individual who is reasonably identifiable. This may include the following types of personal information: nameage or date of birthmailing or street addresstelephone, fax numbers and other contact detailsemail addressservice or educational institution detailshealth information such as medical historybank account detailsgeographic locationany additional information relating to you that you provide Insitec directly or indirectly through your use of Insitec’s websiteinformation you provide Insitec when you communicate with Insitec by email, telephone or other meansany other personal information that may be required to facilitate your interactions with Insitec including its software and platforms. How and when do we collect personal information? Where possible, we collect your personal information directly from you rather than from another person or source, unless it is unreasonable or unpracticable to do so. We collect personal information in circumstances including the following: when you, as an individual in your own capacity or on behalf of your employer become a customer of our businesswhen you telephone us, or visit our website and provide feedback, or you make an enquiry to which a later response is requested and to do so requires your contact detailsthrough written correspondence from you, including letters and emailswhen you ask to be included on marketing distribution lists, sign up to our website or interact with us on social mediawhen you take advantage of a promotional offer we may runwhen you otherwise register for or subscribe to one of our online serviceswhen as a supplier, your contact and other details are providedwhen we enter into an agreement with you for the provision or acquisition of goods or serviceswhen we receive applications for employment and when evaluating job applicants and personnel, which may include collection of details such as employment history and educational qualifications We may use ‘cookies’ to collect data (typically not personal information) relating to your general internet usage. This data may include IP addresses, browser versions, number of visits and similar such data relating to your navigation of the internet and our site. A cookie is a small text file that is placed on your computer or device’s hard drive. Cookies help us to improve our site and to deliver a better and more tailored service, for instance by storing information about your preferences and allowing us to recognise you when you return to our site. You may refuse to accept cookies by activating settings on your internet browser. However, please note that if you select such settings you may be unable to access certain parts of our website. How do we use and disclose the personal information you provide? Insitec may collect, hold, use and disclose your personal information for the following purposes: for any of the purposes of collection described aboveto deliver the products and services you requestedto provide you with further information about the products and services you requestedto personalise and customise your experiences with Insitecto help Insitec manage and enhance its servicesto communicate with you, including answering your questions and providing you with information or servicesto provide your information to third parties that assist Insitec in providing the services you have requestedto carry out administration (such as invoicing, debt collection, receiving and making payments), marketing, fraud and loss prevention activitiesto consider and respond to complaints made by youto comply with laws or regulations, or to comply with any directions given by governmental regulators or authoritiesto operate, protect, improve and optimise Insitec’s website, and users’ experience, such as perform analytics, conduct research and for marketingto send you service, support and administrative messages, reminders, technical notices, updates, security alerts and information requested by youto send you news, announcements and other information that may be of interest to youto consider your employment applicationin other circumstances, with your prior express consent, or where it can be reasonably inferred from the circumstances that you consent What happens if you choose not to provide your personal information? You are not obliged to give us your personal information, however Insitec may be unable to deliver the range or quality of services you require, should you choose not to do so. Where possible, you have the option of interacting with us anonymously (for example, as a visitor of the website), or using a pseudonym if you feel more comfortable dealing with us that way. For example, if you contact us directly by telephone with a general question, we will not ask for your full name unless we need it to answer your question. When do we disclose your personal information? We limit the information we provide to third parties to the information they need to help us provide or facilitate the provision of goods and services to you. We deal with third parties who are required to meet the privacy standards required by law in handling your personal information and use your personal information only for the purposes that we give it to them Insitec will not your sell personal information to third parties. Personal information will only be disclosed to third parties in accordance with this Privacy Policy. Information may be provided to third parties where services relating to the purpose for which the personal information is collected are outsourced or you would reasonably expect us to disclose it to a third party for a particular purpose, or we have obtained your prior consent. For example, we may disclose your personal information to: our related bodies corporatethird party suppliers and service providers (where necessary and subject to the qualification mentioned above)our professional advisersour payment system operatorsdebt collection companiesanyone to whom our assets or businesses (or any part of them) are transferredspecific third parties authorised by you to receive information held by Insitecother persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law Insitec may also disclose your personal information if: you have consented to the disclosurewhere disclosure is necessary to prevent injury to life or healthit is required or authorised by or under an Australian law or a court/tribunal order Accessing your personal information You have a right to access your personal information, subject to certain exceptions provided for in the Privacy Act. If you require access to your personal information, please contact Insitec’s Privacy Officer and you should receive a response within 30 days. For security reasons, you will be required to put your request in writing and provide proof of your identity. If Insitec refuses to give you access to your personal information, Insitec will notify you in writing setting out the reasons. Correcting your personal information Insitec will take all reasonable steps to ensure that the personal information that we hold is accurate. If you feel that information about you is not accurate, you can ask for correction by contacting Insitec’s Privacy Officer and you should receive a response within 30 days. If Insitec refuses to give correct or update your personal information, Insitec will notify you in writing setting out the reasons. Security of your personal information Insitec will take all reasonable steps to keep your personal information safe and stored in a secure environment which can only be accessed by authorised personnel who have a need to do so. Electronic information is protected by various security measures and access to information and databases is restricted, by password protection and physical security measures. However, no data transmission over the internet or information stored in servers accessible through the internet can be guaranteed to be fully secure. In addition, Insitec will take reasonable steps to destroy or de-identify personal information once it is no longer needed for our record retention purposes. Disclosure and transfer of information overseas Insitec does not disclose or transfer personal information outside Australia. Notifiable data breaches In the event of any unauthorised access or unauthorised disclosure or loss of your personal information that is likely to result in serious harm to you, Insitec will investigate and notify you and the Office of the Australian Information Commissioner in accordance with privacy laws. Questions and Complaints If you believe your privacy has been breached by Insitec, or if you wish to make a complaint about the way Insitec has handled your privacy information, you can contact Insitec’s Privacy Officer using the contact details below. Please include your name, email address and/or telephone number and clearly describe your complaint. Insitec will acknowledge your complaint and respond to your complaint with a reasonable period of time (usually within 30 days). If you are not satisfied with Insitec’s response to your complaint, you may lodge a formal compliant with the Office of the Australian Information Commissioner. Changes to this policy Insitec may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our website www.insitec.com.au and will be effective from the date of posting. This Privacy Policy was last reviewed and updated on 6 December 2021. Retention of data Insitec will generally retain personal information for 7 years from the date of its collection. If you request us to delete or destroy personal information we hold about you before this date, you can contact us with your request. Please include your name, email address and/or telephone number and clearly describe your request. Insitec will acknowledge your request and respond to within a reasonable period of time (usually within 30 days). If you are not satisfied with Insitec’s response to your request, you may lodge a formal compliant with the Office of the Australian Information Commissioner. How to contact us If you would like more information or have any questions in relation to this Privacy Policy, or to access or correct your personal information, or make a complaint, please contact: Privacy OfficerInsitec Pty LtdPO Box 1686Fyshwick ACT 2609 Telephone: (02) 6232 4541Email: privacy@insitec.com.au