Generic filters
Search in excerpt
Generic filters
Search in excerpt

The Privacy Act 1988 (Cth) (the “Act”) requires entities bound by the Australian Privacy Principles (APPs) to have a privacy policy.

This privacy policy sets out how ARA Group Limited ACN 074 886 561 and its controlled entities (as defined by section 50AA of the Corporations Act 2001 (Cth)) (collectively “ARA”) use, collect, handle, store and otherwise deal with personal information, in accordance with its legal obligations under the Act (Privacy Policy). In this Privacy Policy, references to “we”, “us” or “our refers to ARA.

Personal information

Personal information includes but is not limited to any of the following:

  • your name;
  • your contact details, including email address and telephone number;
  • information you provide through customer surveys or similar mechanisms;
  • details of products and/or services we have provided to you (including those you provide when making enquiries about our products and/or services and our response to your query);
  • your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
  • information about your access and use of our websites, including through the use of Internet cookies, your communications with our websites, the type of browser you are using, the type of operating system you are using, the domain name of your Internet service provider;
  • additional personal information that you provide to us, directly or indirectly, through your use of our website, associated applications, associated social media platforms and/or accounts from which you permit us to collect information;
  • demographic data such as your postcode, web-browsing preferences and interests; and
  • any other personal information requested by us and/or provided by you or a third party.

At all times, ARA endeavours to only collect the personal information reasonably required for a particular purpose, function or activity carried on. Notwithstanding this, ancillary personal information may be collected.

Personal information may be collected directly from you, or from third parties.

Collection and use of personal information

The main way we collect personal information is when you give us such information, such as where you make an enquiry via our websites. Notwithstanding this, personal information can be collected in a number of different ways. Without limitation, the way we collect personal information may include collection by way of forms filled out (online and in physical format), surveys, emails, telephone conversations, social media applications and forums, online user-generated content, face-to-face meetings and interviews, and market research.

ARA may hold, use and disclose (in the circumstances set out below) your personal information for a number of purposes, including but not limited to the following:

  • to contact and communicate with you;
  • internal record keeping and administrative purposes;
  • for analytics, market research and business development, including to operate and improve our websites, associated applications and associated social media platforms;
  • to run competitions and/or offer additional benefits to you;
  • to respond to queries you make about our products and/or services;
  • for advertising and marketing, including to send you promotional information about our products and services and information about ARA or third parties that we consider may be of interest to you;
  • to improve our products and/or services;
  • with our legal obligations and resolve any disputes that we may have;
  • to consider your employment application; and
  • to investigate and respond to queries or complaints made under this Privacy Policy.

Sensitive information

From time to time, we may be required to collect sensitive information from you, for example, to review and consider an employment application, or to handle a complaint made under this Privacy Policy.

As defined by section 6 of the Act, sensitive information includes information about your health, racial or ethnic origin, political opinion(s), association memberships, religious beliefs, criminal history, and genetic or biometric information.

Third party collection

In the course of considering your employment application or investigating and responding to complaints made under this Privacy Policy, and any other applicable circumstance, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties such as:

  • your authorised representative, if you have one;
  • referees provided by you in support of your employment application; and
  • any applicable party to any application, complaint or investigation under this Privacy Policy.

Where we receive information from third parties, we will protect it in accordance with this Privacy Policy.

If you are a third party who has or provides personal information about another, you represent and warrant that you have obtained that person’s consent before providing the personal information to us. Under no circumstances should you provide us with another person’s personal information if you have not obtained their express consent.

Collecting information through our websites

Personal information may also be collected through your use of our website such as through cookies, web beacons and web analytics in accordance with standard practice. Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes. Cookies help analyse web traffic and enhance functionality on the website(s) visited. Cookies allow web applications to respond to you, and based on your cookies, the web application can be tailored to your needs, likes and dislikes by gathering and remembering information about your preferences.

Most Internet browsers allow you to choose whether to accept cookies or not. Some of our websites will allow you to accept cookies through the use of an ‘opt-in’ function. If you do not wish to have cookies placed on your computer, you may choose not to opt-in to cookies where this function exists. In the alternative, where this function is not available, if you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.

The cookies from our website are generally created by HubSpot, Google Analytics and SiteImprove (without limitation) and most commonly start with _ga, _gid, _gat_gtag, ___hssrc, __hssc, __hstc, hubspotuk.

Should you require a full list of the types and names of cookies generated through our website, please contact us by emailing itsupport@aragroup.com.au.

We may use web beacons on our websites from time to time. Web beacons (also known as Pixel Tags or Clear GIFs) are small pieces of codes placed on a web page to monitor the visitor’s behaviour and collect data about the visitor’s viewing of a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

We use tools such as Google Analytics and SiteImprove to collect data about how you interact with our website (Web Analytics). The data collected through Web Analytics will include, without limitation; your device’s IP address, your device type, operating system and browser information, geographic location, search terms and pages visited, and the date and time when pages were accessed on our website(s). Web Analytics allows us to improve functionality on our websites based on the data collected, such as by distributing web traffic across multiple servers to optimise response times.

Anonymity

In some circumstances you may have the option of interacting with us anonymously or not identifying yourself such as by using a pseudonym, such as when you make an enquiry through our websites.

If you choose not to provide information such as your name and contact details, we may be unable to fulfil our functions and activities, including responding to requests for information about or products or services.

Disclosure of personal information

ARA may use and disclose your personal information; for the primary purposes for which personal information was collected, for reasonably expected secondary purposes which are related to the primary purpose, for purposes which you have consented to, and for other reasons permitted by the Act.

Dependent on the circumstances, we may disclose personal information to:

  • our employees, contractors and/or related entities;
  • our existing or potential agents or business partners;
  • sponsors or promoters of any competition we run;
  • anyone to whom our business or assets (or any part of them) are, or may (in good faith) be, transferred;
  • credit reporting agencies, courts, tribunals and regulatory authorities, in the event you fail to pay for goods or services we have provided to you;
  • courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights;
  • third party service providers for the purpose of enabling them to provide their services, including (without limitation) information technology service providers, data storage, web-hosting and server providers, debt collectors, advertising providers, maintenance or problem-solving providers, professional advisors and payment systems operators; and
  • third parties to collect and process data, such as Google Analytics or other relevant businesses (this may include parties that store data outside of Australia).

We may disclose your personal information (other than sensitive information) for the purpose of direct marketing where it is reasonably expected that we would use or disclose your personal information for that purpose and where there are simple mechanisms through which you can request to ‘opt out’ or otherwise elect not receive direct marketing communications.

We only disclose your sensitive information for the purposes for which you gave it to us, or for directly related purposes you would reasonably expect or consent to, such as when handling complaints under this Privacy Policy.

In certain circumstances, subject to the APPs, your personal information may be disclosed to overseas recipients where we are of the reasonable belief that the overseas recipient is subject to laws or a binding scheme that provides privacy protections substantially similar to that of the APPs, or where we take reasonable steps to ensure that the overseas recipient will not breach the APPs in relation to that information, such as by contractually obliging the overseas recipient not to do so.

Links to other websites

Our websites may contain links to other websites of interest, including links to the websites of other companies and organisations we work with. We do not have control over websites that do not belong to ARA. Therefore, we are not responsible for the protection and privacy of any information which you provide whilst visiting linked websites which are not governed by this Privacy Policy.

Storage

We are committed to ensuring that the personal information we collect is secure. In order to prevent unauthorised access or disclosure, our data, including personal information collected from you is stored in our private cloud server and in secure digital storage locations across ARA’s office locations. Data may be backed up and/or archived subject to AES 265bit encryption.

We cannot guarantee the security of any information that is transmitted to or by us over the Internet. The transmission and exchange of information is carried out at your own risk. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that the personal information we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Unsubscribe

If you are receiving communications from us (including marketing communications) which you no longer wish to receive ‘opt-out’ using the opt-out facilities provided in the communications, or if this is unavailable, please contact us by emailing legal@aragroup.com.au.

Accessing data

In accordance with your rights under the APPs, you may request the details of the personal information that we hold about you.

To obtain access of the personal information held, please contact us by emailing legal@aragroup.com.au outlining your request and include; your name, contact details and the personal information you wish to access. We will endeavour to respond to your request within thirty (30) days (or more, if reasonable in the circumstances) and will supply access to personal information in digital form. An administrative fee may be payable where personal information is requested to be sent by post or similar means.

We may request identification from you prior to providing personal information to ensure that you are requesting your personal information only and not that of another.

ARA may refuse to grant access to personal information requested where:

  • giving access would pose a serious threat to the life, health or safety of a person, or public health or safety generally;
  • giving access would have an unreasonable impact on the privacy of other individuals;
  • the request is frivolous or vexatious;
  • the information requested relates to existing or anticipated legal proceedings and would be accessible through discovery in those proceedings;
  • giving access would reveal the intentions of ARA in relations to negotiations with you in a way that would prejudice those negotiations;
  • giving access would be unlawful;
  • a law or an order of a Court or Tribunal compels ARA to deny access;
  • there is reason for ARA to suspect that unlawful activity or misconduct of a serious nature relating to its functions or activities has been, is being, or may be engaged in, and giving access would likely prejudice the taking of appropriate action relating to the matter;
  • giving access would likely prejudice one or more enforcement related activity of an enforcement body; or
  • giving access would reveal evaluative information generated by ARA in connection with a commercially sensitive decision-making process.

Where we refuse to grant access to personal information for any of the above reasons (or cannot give access in the manner requested), we will provide written notice stipulating the reasons we refused to grant access and the mechanisms available to you to lodge a complaint about our refusal.

Corrections

If you believe that any personal information we hold about you is incorrect, out of date, incomplete, irrelevant or misleading, please contact us by emailing legal@aragroup.com.au outlining your request and include; your name, contact details and details of the personal information you wish to correct.

We will take all reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading, or out of date.

We may request identification from you when dealing with a correction to ensure that only your personal information is dealt with and not that of another.

Complaints

If you wish to complain to us about how we have handled your personal information, please contact us by emailing legal@aragroup.com.au outlining the full details of the complaint you wish to make along with your name and contact details.

Once your complaint has been received, we will investigate the complaint. Further information may be required from you to allow us to investigate the complaint thoroughly.

We will endeavour to provide written notice informing you of the findings of our investigation within thirty (30) days (or more, if reasonable in the circumstances) of receipt of your complaint.

Notwithstanding the above, if you remain dissatisfied, you can contact the Office of the Australian Information Commissioner to make a written complaint through any of the following methods:

  • by emailing enquiries@oaic.gov.au;
  • by mail sent to GPO Box 5218, Sydney NSW 2001; or
  • by fax, sent to 02 9284 9666

Amendments

From time to time, ARA may update this Privacy Policy. For the avoidance of doubt, the most recent Privacy Policy shall apply.

This Privacy Policy is dated 31 July 2020.