Last updated: 14 November 2019

Kindly read the following privacy policy carefully before using the website of GMA Garnet Pty Ltd trading as GMA Garnet Group (“we”, “our”, or “us”).

This website is owned and operated by us and our Related Bodies Corporate (as defined in the Corporations Act 2001(Cth)). This privacy policy applies to personal information that we collect. We are bound by the Australian Privacy Principles and the Privacy Act 1988 (Cth) (Privacy Act) which govern the way private sector organisations collect, use, keep secure and disclose personal information.

Your privacy, when using our website is of utmost importance to us. Therefore, it is important that you know and fully understand how we deal with any information we obtain from you when you use our internet resources.

If you have any concerns or complaints about the manner in which your personal information has been collected, used or disclosed by us, we have put in place an effective mechanism and procedure for you to contact us so that we can attempt to resolve the issue or complaint. Please see section 13 for further details.

1. What is personal information?

The Privacy Act defines “personal information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.

2. Kinds of personal information we collect, use and disclose

We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to by you. At or around the time we collect personal information from you, we will endeavour to provide you with a notice which details how we will use and disclose that specific information. We set out some common collection, use and disclosure instances in the table below.

Type of information collected
SALES AND ENQUIRIES

Contact information: Such as your name, Company name, address, billing address (if different to address), email address, phone numbers, username and password.

Transaction Sales: Such as delivery information, billing and account details, and payment card details.

Customer Service: Information collected by our customer services department.

The types of uses we will make of personal information collected for this type of purpose include:

Services: The provision of our services to you including:

  • Using your personal information in order for you to use the products and services offered.
  • Payment processing, including charging, credit card authorisation, verification and debt collection.
  • Checks for financial standing and credit-worthiness (as detailed in our Credit Reporting Policy).
  • To provide customer service functions, including handling customer enquiries and complaints.

Marketing: Using your personal information for the purposes set out in the “Marketing Services” section below.

General administrative and security use:

  • To protect our websites from security threats, fraud or other criminal activities.
  • The use for the administration and management of GMA Garnet Group.
  • The maintenance and development of our products and services, business systems and infrastructure.
  • In connection with the sale of any part of GMA Garnet Group’s business or a company owned by a GMA Garnet Group entity.
  • To provide customer services to clients and for quality assurance purposes.

Disclosures: The types of disclosures we will make of personal information collected for the type of purposes listed include, without limitation, to:

  • Third parties connected with the sales process including ecommerce, payment gateway providers and financial institutions.
  • Service providers (including IT service providers and consultants) who assist us in providing our products and services.
  • Related bodies corporate of GMA Garnet Group (including related entities).
  • Third parties in connection with the sale of any part of GMA Garnet Group’s business or a company owned by a GMA Garnet Group entity.
  • Credit reporting agencies, debt collection agencies or similar parties.
  • Agents of GMA from time to time.
  • As required or authorised by law.
MARKETING SERVICES

Contact information: Such as your name, email address, current postal and residential addresses, phone numbers, country of residence (and, if applicable, age).

Website enquiries: Such as your name, email address, phone number and any information you provide to us as part of your message.

General marketing and consumer analytics: Using your personal information:

  • To aggregate with other information and to then use it for marketing and consumer analytics.
  • To offer you updates on products, events or information that may be of interest to you.
  • For Marketing and promotional activities by us (including by direct mail, telemarketing and email) such as our email alerts, email newsletters, and product awareness information.
  • For the Uses detailed above in “Sales and enquiries”.

We may disclose your personal information to:

  • Third parties connected with the marketing process and who assist us in providing our products and services to you.
  • The parties listed in the Disclosure column for “Sales and enquiries”.

3. How we collect and hold personal information

The Privacy Act defines “personal information” to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable:

  • whether the information or opinion is true or not; and
  • whether the information or opinion is recorded in a material form or not.
3.1 Collection generally

As much as possible or unless provided otherwise in this Privacy Policy or a notification, we will collect your personal information directly from you.When you engage in certain activities, such as filling out a survey or sending us feedback, we may ask you to provide certain information. It is completely optional for you to engage in these activities.

Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory information or any other information we require in order for us to provide our products or services to you, we may be unable to provide our products or services to you in an effective manner, or at all.

3.2 Other collection types

We may also collect personal information about you from other sources, such as third parties or from publicly available sources including but not limited to, court judgments, directorship and bankruptcy searches, Australia Post, White Pages directory, and social media platforms (such as Facebook, Twitter, Google, Instagram etc).

3.3 Notification of collection

If we collect details about you from someone else, we will, whenever reasonably possible, make you aware that we have done this and why, unless special circumstances apply, including as described in paragraphs (a) to (c) below. Generally speaking, we will not tell you when we collect personal information about you in the following circumstances:

(a) where information is collected from any personal referee you have listed on any application form (including any employment application) with us;

(b) where information is collected from publicly available sources including but not limited to court judgments, directorship and bankruptcy searches, social media platforms (such as Facebook, Twitter, Google, Instagram etc); or

(c) as otherwise required or authorised by law.

3.4 Unsolicited personal information

In the event we collect personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and we determine (in our absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified. In the event that the unsolicited personal information collected is in relation to potential future employment with GMA Garnet Group, such as your CV, resume or candidacy related information, and we determine (in our absolute discretion) that we may consider you for potential future employment, we may keep the personal information on our human resource records.

3.5 How we hold your personal information

Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider who has taken reasonable steps to ensure they comply with the Privacy Act. We provide some more general information on our security measures in section 12(Data security and quality).

4. Uses and disclosures of personal information

4.1 Use and disclose details

We provide a detailed list at section 2of some common uses and disclosures we make regarding the personal information we collect.

4.2 Other uses and disclosures

We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:

(a) when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose;

(b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;

(c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or

(d) if it is required or authorised by law.

4.3 Use and disclosure procedures

In the event we propose to use or disclose such personal information other than for reasons set out in the above table at section 2 or as otherwise outlined in this Privacy Policy, we will first notify you or seek your consent prior to such disclosure or use.

Your personal information is disclosed to these organisations or parties only in relation to the products or services we provide to you or for a purpose permitted by this Privacy Policy.

We take such steps as are reasonable to ensure that these organisations or parties are aware of the provisions of this Privacy Policy in relation to your personal information.

3.4 Unsolicited personal information

In the event we collect personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and we determine (in our absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified. In the event that the unsolicited personal information collected is in relation to potential future employment with GMA Garnet Group, such as your CV, resume or candidacy related information, and we determine (in our absolute discretion) that we may consider you for potential future employment, we may keep the personal information on our human resource records.

3.5 How we hold your personal information

Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third-party service provider who has taken reasonable steps to ensure they comply with the Privacy Act. We provide some more general information on our security measures in section 12(Data security and quality).

5. Optional voluntary information

Electronic newsletters

We offer a free electronic newsletter to users. GMA Garnet Group gathers the email addresses of users who voluntarily subscribe. Users may remove themselves from this mailing list by either clicking the Unsubscribe link or writing to a dedicated email address stated in every newsletter.

“E-mail this to a friend” Service

Our website users can choose to electronically forward a link, page, or documents to someone else by clicking “e-mail this to a friend”. The user must provide their email address and name, as well as that of the recipient. This information is used only in the case of transmission errors and, of course, to let the recipient know who sent the email. The information is not retained or used for any other purpose.

6. Usage tracking and cookies

6.1 Usage tracking

We track traffic patterns throughout the website. However, we do not correlate this information with data about individual users. We use aggregated tracking information to determine which areas of our website users like and don’t like based on how many unique users access our website; the domain names from which they arrive; aggregate traffic to each area of our website; and how long users spend at each page to understand which pages are most popular. We do not track what individual users read, but rather how well each area and page performs overall. This helps us continue to build better information and content in future for you.

6.2 Cookies

If you use our website, we may place a text file called a “cookie” in the browser files of your computer. We use cookies to monitor traffic patterns, trends and to serve you more efficiently if you revisit our website.

Cookies are small data packages that are sent to a browser by a website. In most cases, a cookie does not contain Personal Information, but it may identify your internet service provider or computer/mobile device. We may also gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.

In some cases, cookies may enable us to aggregate certain information with other personal information we collect and hold about you. We extend the same privacy protection to your personal information, whether gathered via cookies or from other sources, as detailed in this Privacy Policy.

If you do not want to receive cookies, you can change the preference or option settings of your Internet browser to stop all or some cookies from being accepted by your computer. However, if you disable cookies, you may not be able to access certain areas of our websites or take advantage of the improved web site experience that cookies offer. You can also set your browser so that it alerts you every time a cookie is sent to you.

7. Sharing of information

GMA Garnet Group will not share information about individual users with any third party, except to comply with applicable law or valid legal process or to protect the personal safety of our users or the public.

As part of the online service we provide, our website may contain links to other websites such as those of our business and joint-venture partners. We make every effort to only link to websites that share our own high standards of service and our conscientious approach to the issue of privacy; however, we cannot take any responsibility for the actual way in which these websites implement their own privacy procedures or the content or services that they provide.

8. Sensitive information

Sensitive information is a subset of personal information. It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.

We do not ask you to provide, and we do not deliberately collect, sensitive information from you through this website. We may collect other types of sensitive information where you have consented and agree to the collection of such information. Generally speaking, we will obtain this type of consent from you at (or around) the point in time in which we collect the information.

We only use sensitive information we collect, for the purposes for which it was collected. We do not use sensitive information to send you Direct Marketing Communications (as set out below) without your express consent.

9. Direct marketing

9.1 Express informed consent

You give your express and informed consent to us using your personal information set out in the table in section 2above to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you, whether by post, email, SMS, messaging applications and telephone (Direct Marketing Communications).

9.2 Inferred consent and reasonable expectations of direct marketing

Without limiting the paragraph above, if you have provided inferred or implied consent (e.g. not opting out where an opt-out opportunity has been provided to you) or if it is within your reasonable expectation that we send you Direct Marketing Communications given the transaction or communication you have had with us, then we may also use your personal information for the purpose of sending you Direct Marketing Communications which we consider may be of interest to you.

9.3 Opt-Out Policy

If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us via the details in section 13 and we will ensure the relevant communication stops. You may also use the “unsubscribe” facility included in the Direct Marketing Communication. Any other use or disclosure we make of your personal information will only be as required or authorised by law or as permitted by this Privacy Policy or otherwise with your consent.

10. Anonymity and pseudo-anonymity

It is not practicable for us to deal with individuals who have not identified themselves or who have used a pseudonym. We require particular personal information from you in order to provide you with our goods and services or to resolve any issue you may have.

11. Cross-border disclosures

11.1 Cross-border disclosure

Any personal information we collect and hold may be disclosed to, and held at, a destination outside Australia, including but not limited to United States of America, European Union and the United Arab Emirates where we utilise third party service providers to assist us in providing our goods and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.

As we use service providers and platforms which can be accessed from various countries via an Internet connection, it is not always practicable to know where your information may be held. If your information is stored in this way, disclosures may occur in countries other than those listed above.

In addition we may utilise overseas IT services (including software, platforms and infrastructure), such as data storage facilities or other IT infrastructure. In such cases, we may own or control such overseas infrastructure or we may have entered into contractual arrangements with third party service providers to assist us in providing our products and services to you.

11.2 Your informed consent

By submitting your personal information to us, you expressly agree and consent to the disclosure, transfer, storing or processing of your personal information outside of Australia. In providing this consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to personal information. However, we will take steps to ensure that your information is used by third parties securely and in accordance with the terms of this Privacy Policy.

The Privacy Actrequires us to take such steps as are reasonable in the circumstances to ensure that any recipients of your personal information outside of Australia do not breach the privacy principles contained within the Privacy Act. By providing your consent, under the Privacy Act we are not required to take such steps as may be reasonable in the circumstances. However, despite this, we acknowledge the importance of protecting personal information and have taken reasonable steps to ensure that your information is used by third parties securely and in accordance with the terms of this Privacy Policy.

11.3 If you do not consent

If you do not agree to our disclosure of your personal information outside Australia, you should (after being informed of the cross border disclosure) tell us that you do not consent. To do this, either elect not to submit the personal information to us after being reasonably informed in a collection notification, or please contact us via the details set out at the top of this document.

12. Data security and quality

12.1 Our security generally

We have taken steps to help secure and protect your personal information from unauthorised access, use, disclosure, alteration, or destruction. You will appreciate, however, that we cannot guarantee the security of all Internet transmissions or personal information, especially where human error is involved or malicious activity by a third party.

Notwithstanding the above, we will take reasonable steps to:

(a) make sure that the personal information we collect, use or disclose is accurate, complete and up to date;

(b) protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and

(c) destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.

12.2 Accuracy

The accuracy of personal information depends largely on the information you provide to us, so we recommend that you:

(a) let us know if there are any errors in your personal information; and

(b) keep us up-to-date with changes to your personal information (such as your name or address).

Below we provide information about how you can access and correct your information.

12.3 Access to and correction of your personal information

You are entitled to have access to any personal information relating to you which we hold, except in some exceptional circumstances provided by law (including the Privacy Act). You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.

If you would like access to or correct any records of personal information we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at section 13 of this document.

13. Resolving privacy complaints

13.1 Complaints generally

We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.

13.2 Contacting us about complaints

If you have any concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, please contact us by:

Telephone : +61 8 9287 3200

Email : privacy@gmagarnet.com

Post : Level 4, 108 St Georges Terrace Perth Western Australia 6000

Please mark your correspondence to the attention of the Privacy Officer.

13.3 Steps we take to resolve a complaint

To resolve a complaint, we:

(a) will liaise with you to identify and define the nature and cause of the complaint;

(b) may request that you provide the details of the complaint in writing;

(c) will keep you informed of the likely time within which we will respond to your complaint; and

(d) will inform you of the legislative basis (if any) of our decision in resolving such complaint.

13.4 Register of complaints

We will keep a record of the complaint and any action taken in a Register of Complaints.

14. Consent, modifications and updates

14.1 Interaction of this Policy with contracts

This Privacy Policy is a compliance document prescribed by law rather than a legal contract between two or more persons. However, certain contracts may incorporate all, or part, of this Privacy Policy into the terms of that contract. In such instances, we may incorporate the terms of this policy such that:

(a) certain sections or paragraphs in this policy are incorporated into that contract, but in such a way that they do not give rise to contractual obligations onto us, but do create contractual obligations on the other party to the contract; and

(b) the consents provided in this policy become contractual terms provided by the other party to the contract.

14.2 Acknowledgement

By using this website, purchasing a product or service from us, where you have been provided with a copy of our Privacy Policy or had a copy of our Privacy Policy reasonably available to you, you are acknowledging and agreeing:

(a) to provide the consents given by you in this Privacy Policy; and

(b) that you have been informed of all of the matters in this Privacy Policy.

14.3 Modifications and updates

By using this website, you consent to the collection and use of this information by GMA Garnet Group. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.If you do not agree to our continued use of your personal information due to the changes in our Privacy Policy, please cease providing us with your personal information and contact us via the details set out at the top of this document.