1.1.1 Maxsum Consulting is a Managed IT Services Provider providing Managed IT Services support, technical services, project and professional services and consulting services on a range of information technology processes, systems, services and products for small-to-medium sized business, professional and not-for-profit organisations.
1.1.2 This policy sets out Maxsum Consulting’s approach to privacy, and the collection, use, handling and disposal of private and/or personal information, with reference where relevant to controls and treatments to minimise data privacy risk, business risk and efficiently respond to incidents within the context of the Maxsum Information Security Management System (ISMS), collection of personal information via public communication forums such as the Maxsum website/s, and the collection and use of personal information required for contracted service provision.
1.2.1 This Privacy Policy applies to you as a user of our Website/s or any services provided by us, a prospective client or client who we do business with and covers all information which we collect from or about you.
1.2.2 This Privacy Policy also applies to our clients and prospective clients in circumstances where information is collected from or provided by third parties on your behalf.
1.2.3 By visiting or using our Website/s you agree to the collection, storage, usage and disclosure of your information by us in the manner as described in this Privacy Policy.
1.2.4 By visiting or using our Website/s, products or services or contacting us, you acknowledge that you understand and agree to the collection, storage, usage and disclosure of your information by us in manner described in this Privacy Policy.
1.3.1 By entering into a Managed IT Services Agreement with Maxsum, you further acknowledge that you understand and agree to the collection, storage, usage and disclosure of your information by us in the manner set out in the Managed IT Services Agreement Schedule 3 Terms & Conditions, in addition to the general provisions set out in this Privacy Policy.
1.3.2 By entering into a Supplier, Vendor or Contracting Agreement with Maxsum, you further acknowledge that you understand and agree to the collection storage, usage and disclosure of your information by us in the manner set out in the Maxsum Consulting Information Security Policy for Suppliers and/or associated Terms & Conditions, in addition to the general provisions set out in this Privacy Policy.
1.4.1 For the purpose of this and all Maxsum Consulting Information Security Policies, Maxsum Consulting may be denoted variably as “Maxsum”, “the Company”, “the organisation”, “we” or “us”.
1.4.2 You means the person or entity that accesses the Website/s or uses our services and your has a corresponding meaning.
1.4.3 Personal Information has the meaning provided for that term under the Privacy Act, meaning information or an opinion relating to an individual which can be used to identify that individual. This may include your name, address, telephone number, email address and profession or occupation.
1.4.4 Privacy Officer means the individual nominated by Maxsum Consulting from time to time;
1.4.5 Website/s means maxsum.com, including all content, trademarks, and related services, products, related website/s, tools and applications, as well as any services provided by Maxsum Consulting including managed, technical, consulting or procurement services ;
2.1.1 We are bound by the Australian Privacy Principles (“APPs”) contained in the Privacy Act (Cth).
2.1.2 The APPs establish minimum standards for the private sector in relation to the collection, handling, use, disclosure, management, access, correction and disposal of Personal Information about natural persons.
2.2.1 We may collect and hold information about you which we consider is required in order for us to provide our services to you, including without limitation the following types of Personal Information:
2.2.2 In principle, we do not seek to collect, require or hold Personal Information that is Sensitive Information under the Privacy Act, except if specifically required or directed by legal, law enforcement or regulatory authorities to the extent permitted by law or in relation to a directive issued to us.
2.2.3 We understand the importance of protecting children’s privacy. Our Website/s and related sites, including any presence we hold on Facebook, Twitter, Snapchat, LinkedIn or other social media sites, are not intentionally designed for or directed at children.
2.3.1 We generally collect Personal Information:
2.3.2 We take all reasonable steps to ensure that the information we collect is stored in a secure environment and protected from unauthorised access, modification or disclosure.
2.3.3 We may hold information both in hard copy form and electronically at our premises and with various service providers that assist us with information storage.
2.3.4 You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity, authority or security check to ensure that we are able to act on your behalf.
2.3.5 Electronic information may also be backed up on a secure server administered by a provider nominated by us. To the best of our knowledge, these servers are located in Australia however we make no guarantee that they are in Australia and you consent to your information being stored on foreign-based servers.
2.3.6 We may also utilise cloud service providers located overseas for the limited purpose of performing the services of storing and ensuring we may access the Personal Information stored.
2.3.7 We do not intentionally “disclose” information to them, and rather allow them to “use” it (as defined under the Privacy Act) for the purposes stated above.
2.3.8 You consent to this use, and if it inadvertently becomes a disclosure then you consent to that disclosure.
2.3.9 Despite the above, the transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or that you receive from us.
2.3.10 Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
2.4.1 Our principal purpose in collecting, using and storing your Personal Information is to provide our services in a personalised, safe and efficient manner. The information we collect is necessary for us to provide you with our services (and you authorise us to use your information in this way), which includes:
2.4.2 If we are unable to collect, use and disclose your Personal Information in accordance with this Privacy Policy, we may not be able to effectively deliver our services to you and we may prohibit your access of the Website/s.
2.5.1 If you do not provide us with the Personal Information described above, some or all of the following may happen:
2.5.2 You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity or authority check and confirm we are able to act on your behalf.
2.6.1 We may disclose information about you to:
2.6.2 We will not share, sell, rent or disclose your Personal Information in ways different from what is disclosed in this Privacy Policy.
2.7.1 Subject to the Privacy Act, you may request to access the Personal Information we hold about you by contacting us. All requests for access will be processed within a reasonable time.
2.7.2 In certain instances we may not be required or able to provide you with access to your Personal Information. If this occurs we will give you reasons for our decision not to provide you with such access to your Personal Information in accordance with the Privacy Act.
2.7.3 There is no application fee for making a request to access your Personal Information. However, we may charge an administrative fee for the provision of information in certain circumstances, such as if you make repeated requests for information or where the information is held by a third-party provider.
2.8.1 All information is retained at a minimum for the period of time required to fulfil our business needs and legal obligations (usually at least seven (7) years).
2.8.2 Where that information is no longer required, it will be archived, destroyed, deleted or disposed of in a secure manner.
3.1.1 Our Website/s may contain links to other sites over which we have no control. Those links are provided for your convenience only, and we are not responsible for how they may handle your Personal Information.
3.1.2 If you request information from another organisation through the use of the Website/s, it is your obligation to check the Privacy Policy of that organisation to confirm how they will handle your information. We are not responsible for the way in which other third parties collect, store, disclose or otherwise handle information provided to them through the Website/s.
4.1.1 We use cookies on our online services to monitor your use of the Website/s, to measure usage sessions accurately and to provide you a more effective service. Cookies are also used to improve the functionality of the Website/s.
4.1.2 If you prefer not to enable us to use cookies most browsers have a facility that will allow you to disable cookies altogether, please refer to your browser’s help menu to find out how to do this. Doing so may affect your browsing experience and certain functions of the Website/s may not work.
5.1.1 If you do not wish to receive marketing information from us, you may withdraw your consent at any time using the unsubscribe option included in the email or other material. Alternatively, you may contact us and we will process your request.
6.1.1 In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out under this clause.
6.1.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then, if (and only if) we are required to do so under the Privacy Act:
7.1.1 If you have any questions or concerns about this Privacy Policy, or believe that a breach of privacy has occurred, please contact our Privacy Officer so that we may investigate such incident.
7.1.2 We use a formal procedure for the investigation and management of privacy breaches. Once a complaint has been received, the Privacy Officer will undertake an investigation in order to determine the nature of the breach and the reason it occurred. If a breach is found to have occurred, the matter will be escalated to our management. The information storage and handling process will then be rectified to prevent any further breaches.
7.1.3 We will contact you in order to inform you of the outcome of any investigation concerning your Personal Information and to discuss any concerns you may have and possible resolutions to those concerns. We will acknowledge and respond to all genuine enquiries, concerns and complaints in writing within thirty (30) days of the date of receipt.
Position Privacy Officer
Telephone (03) 4433 9200
Email info@maxsum.com
Postal Address 130 Mollison Street, Bendigo VIC 3550
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian information Commission at:
Telephone 1300 363 992
Email enquiries@oaic.gov.au
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001
Website www.oaic.gov.au
9.1.1 We may update this Privacy Policy from time to time and any amendments will apply to information we hold at the time of the update.
9.1.2 If amended, the updated Privacy Policy will be available from our Website/s. Please ensure that you check our Website/s to view the current Privacy Policy or contact us for a copy, as your continued use of the Website/s indicates your acceptance of our then current Privacy Policy.