Vantage Strata understands the importance of your privacy and recognises that the protection of your personal information is to be taken seriously. Vantage Strata is committed to protecting your personal information in a responsible way and in accordance with the Privacy Act 1988 (Cth) (the Act) and the related Australian Privacy Principles.
This policy was updated in April 2020.
‘Personal information’ is defined in the Act as any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
We collect personal information only when it has been knowingly and voluntarily submitted. You are not required to provide us with your personal information; however, we may be unable to conduct business with you or provide you with certain services if you do not.
We are required to collect and hold personal information in accordance with the following legislation:
- Australian Privacy Principals (APPs).
- Agents Act 2003;
- Agents Regulation 2003;
- Notifiable Data Breaches Act 2017
- Property, Stock and Business Agents Act 2002;
- Privacy Act 1988 (Cth) and where relevant associated legislation;
- Privacy Regulation 2013;
- Strata Schemes Management Act 2015;
- Strata Schemes Management Regulation 2016;
- Unit Titles (Management) Act 2011; and
- Unit Titles (Management) Regulation 2011;
Vantage Strata will only collect and store an individual’s personal information as required by legislation and as necessary to carry out our business as a strata managing agent.
In the course of carrying out our business, we may collect personal information in a variety of ways. For example, we collect information when a client, member of the public or other individual:
- Provides that information directly to us for a specific purpose;
- Enquires about our services;
- Requests to access relevant Body Corporate Minutes and associated documentation;
- Requests information about a Unit Plan;
- Visits our website; or
- Applies for a job with us.
KINDS OF PERSONAL INFORMATION
We will typically collect and hold the following kinds of personal information about our clients:
- Name, job title and contact information;
- Communications between you and us;
- Financial information;
- Other personal information that you provide to us or that we collect in the course of our relationship with you.
USE AND DISCLOSURE
We will generally only use the personal information that we collect for the primary purpose for which it was collected. Vantage Strata will only use personal information for a secondary purpose – that is, in a way different from the original reason for collection, in any of the following circumstances:
- Where the relevant party has consented to the secondary purpose;
- Where the secondary purpose is directly related to the primary purpose, and the individual whose personal information was obtained would reasonably expect us to use or disclose the information for another purpose; and
- Where we are permitted and required to do so by law, or it is in the interests of public safety to do so.
We will not release any personal information to a third party, unless it is in the following circumstances:
- Where we have been given direct instructions by the individual to do so;
- Where we are required to do so to fulfil our statutory obligations as strata managing agents;
- Where we are required to do so to fulfil our legal obligation to make repairs to the common property; or
- Where we are given legal instructions or orders to do so.
Our employees and other authorised representatives may use email addresses provided for contacting new and existing clients in the future. We will not sell or pass on email addresses or other contact information to third parties except in circumstances outlined above.
HOLDING PERSONAL INFORMATION
We store personal information in a number of ways, including hardcopy files and in electronic form, and we use our best efforts to protect personal information from misuse, loss, unauthorised access and modification.
Hardcopy files are stored in our offices within an access-controlled premises. We may apply additional security measures to certain kinds of personal information as necessary.
Electronic records are kept in a secure network and held by third party storage providers, who are required to protect personal information in accordance with applicable laws and take appropriate technical measures against unlawful access. Personal information within our network and portals are password protected and access is appropriately limited.
We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and to protect your personal information from misuse, interference, loss and unauthorised access, disclosure or modification, irrespective of the format in which it is held. We strive to protect the security and privacy of all personal information submitted to or collected by us.
The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against this. We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and to protect your personal information from misuse, interference, loss and unauthorised access, disclosure or modification.
The steps that we take to ensure that your personal information is protected include:
- Ensuring that we retain your personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer;
- Providing computer and network security measures, including firewalls, anti-virus, password access and secure servers; and
- Storing hardcopy information in an access-controlled premises.
If we retain your information for two or more purposes, we will retain it until the purpose with the latest period expires, but we will stop using if for the purpose with a shorter period once that period expires.
We use data hosting service provider Microsoft 265 and Keepitsafe, in Australia to host the information we collect, and we use technical measures to secure the information we collect. While we implement reasonable safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the internet and ‘the cloud’, we cannot guarantee that data, during transmission through the internet or while stored on our systems, is absolutely safe.
The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measure to safeguard against unauthorised disclosures of information, we cannot assure you that personal information we collect will not be disclosed in a manner that is inconsistent with this policy.
While we use our best efforts and take all reasonable steps to ensure that personal information transmitted electronically is protected, we will not be held responsible for events arising from unauthorised access to personal information.
Where we no longer require your personal information, and when we are not required to retain it by law, we will ensure that it is de-identified or destroyed as appropriate.
ACCESS AND CORRECTION
You have a right to request access to the personal information that we hold about you by contacting us. You may also request to correct that information if you believe that it is out-of-date, inaccurate, incomplete, irrelevant or misleading. We will respond to such requests for personal information within 30 days.
In some cases, in accordance with the Act and or the Unit Titles (Management) Act 2011, we may charge you a fee to access personal information that we hold about you if your request requires a substantial effort on our part. We may also deny you access to that information, and in the event that we choose to do that, we will provide you with a written notification of the basis for that denial.
If you have requested that we correct personal information that we are holding, and we do not agree with your request (for example, because we consider that information to be accurate), we are not required to make corrections. However, where we refuse to do so, we will provide you with a written notice setting out our reasons.
We may also refuse access to your personal information in various circumstances, including where:
- providing access would have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
- providing access would be unlawful;
- denying access is required by or under any applicable law;
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that related to our functions has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice enforcement related activities conducted by or on behalf of an enforcement body;
- giving access would reveal evaluative information generated within our organisation with a commercially sensitive decision-making process.
Australian laws provide that an eligible data breach arises when the following criteria are satisfied;
- there is unauthorised access to or unauthorised disclosure of personal information or loss of personal information that we hold;
- this is likely to result in serious harm to one or more individuals; and
- we have not been able to prevent the likely risk of serious harm with remedial action.
We are required to take all reasonable steps to ensure an assessment of an eligible data breach is completed within 30 days. If an eligible data breach is confirmed, as soon as practicable we must provide a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take.
A copy of the statement must also be provided to the Office of the Australian Information Commissioner.
CONCERNS AND COMPLAINTS
If you have concerns about how your personal information is being dealt with, or you would like to make a complaint, please contact our office by visiting https://vantagestrata.com.au, calling 1800 878 729 or emailing firstname.lastname@example.org. You will need to provide us with details of your complaint and any supporting information or evidence.
We review all complaints received and we will respond within 30 days. If you are unhappy with our response, you may direct your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or emailing email@example.com.