Privacy Policy
NDIS
Purpose
The purpose of this Policy is to outline Merriwa’s approach to privacy and how we collect, use and protect your personal information and sets out your rights in relation to accessing the personal information we hold about you.
Scope
This policy applies to all people, entities, customers, prospective and current employees and contractors, suppliers, customers and anyone or any organisation who interacts with Merriwa through email, the website or other electronic mediums.
Statement
Merriwa Industries Ltd ABN 81 069 213 878 trading as Merriwa Timber, Merriwa Packaging, Merriwa Community Services and Park Lane Nursery (We, us, our) respects your privacy and is committed to protecting your personal information. Our privacy policy outlines our approach to privacy and how we collect, use and protect your personal information and sets out your rights in relation to accessing the personal information we hold about you.
Personal information is defined in the Privacy Act 1988 (Cth) and means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
We are bound by the Australian Privacy Principles contained in the Privacy Act.
How we collect personal information
We only collect personal information you give us directly, or which is collected automatically as part of your activities with us (including usage data or cookies on our website found at www.merriwa.org.au (Site). For example, when you:
- register your details to become a team member;
- register your interest as a client or customer;
- make a donation, support or volunteer in relation to our activities;
- subscribe to our marketing/mailing list;
- complete electronic and paper forms;
- call or email us;
- use our Site;
- send us information via the ‘Contact Us’ page on our Site;
- send us information when using any part of our Site;
- view electronic communication that you receive from us, including where you open emails, the links you view from the email and what webpages you view from the email and the number of pages viewed; and/or
- attend or register for an event held by us.
When we collect information, we will ensure the individual has given verifiable consent or there is some other lawful basis for collection and processing. We will generally explain to the individual why we are collecting it, who we give it to and how we will use or disclose it.
What personal information we collect
What personal information we collect
The personal information that we collect includes but it not limited to:
- identifying information, including your name, contact details including your email, facsimile number, phone/mobile number, home address and billing address;
- transactional information, including information you provide as part of a transaction with us or that is generated as a result of that transaction;
- financial information, including payment details, credit card numbers or bank details;
- information we are required or authorised to collect and process under law to identify you or verify information you have provided;
- usage information, including data about your interaction with our website through devices you use;
- computer and connection information such as page views, traffic, uniform resource locators (URLs), internet protocol (IP) address and web log information; and
- information you provide to us as a result of market research related, but not limited to; cultural background, demographic & psychographic information, behaviours and attitudinal information, past and future purchase or behavioural intention, information on our own or competitor products or services.
When you visit our Site, we may place cookies on your browser to enhance and manage our website and improve our business and the services we provide to you. We and/or Google may use this information to optimise and place advertisements, including advertisements of third party vendors, on our own and third party websites. Google’s ability to use and share information collected by Google Analytics is restricted by the Google Analytics Terms of Use and Privacy Policy. Cookies can be managed by accessing the individual settings in your browser.
Our Site does not support “Do Not Track” requests.
Our Community Services division provides services to people under the age of eighteen. Any information we gain from clients and/or children under the age of eighteen is protected and not disclosed beyond those who require the information to provide care for the children in our facilities.
We may use social media (including LinkedIn, X, Instagram or Facebook) to communicate with you or the public. We may collect personal information that you provide us via social media for the purposes of engaging and consulting with you. Any personal information we collect via social media will be handled appropriately in accordance with this privacy policy. Social media platforms may also collection your personal information for their own purpose and when you agree to their terms of service and privacy policy, you may be agreeing to your personal information being transferred outside Victoria. To protect your privacy and the privacy of others, you should refrain from post any personal information (including phone numbers and email addresses) in your comments, tweets or replies.
We may collect personal information from people who are not customers or suppliers of our business but whose personal information is given to us by those individuals via our Site or in the course of a transaction or recruitment. If you give us information you must only do so with that individual’s authorisation and you should inform them of this privacy policy.
We will take reasonable steps to determine if individuals for whom we collect personal information have the capacity to consent to the collection of their personal information (for example, children under the age of 18 years). In circumstances where an individual does not have the capacity to consent, where practical, we will obtain consent from the parent or guardian of that individual.
Why we collect personal information
The purpose for which we collect personal information is to enable the effective provision of our services to you and our other customers, including to:
- send you information and updates about our business;
- execute your requests for our services;
- improve and optimise our services, business and our users’ experience;
- to send you service, support and administrative messages, reminders, and information requested by you;
- to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting. You may opt out of receiving these direct marketing communications at any time by contacting us at [email protected]. Our electronic marketing activities will comply with the requirements of the Spam Act 2003 (Cth);
- to conduct market research to improve our customer service efforts, including research about customer demographics, geographic segmentation, business types, new solutions and services;
- to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
- to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties;
- to consider your employment application; and
- to consider your supplier application and/or credit application.
When we will use, process or disclose personal Information
We will only use, process or disclose your personal information for the primary purpose for which it was collected or otherwise as relevant national laws allow. We may otherwise use and disclose your personal information to detect, prevent and investigate fraudulent behaviour, if you have given us consent for the use or disclosure or it is required or authorised by law.
If those purposes for which we have collected the information involve providing personal information about an individual to any third party, we will take appropriate and reasonable steps to ensure any personal information is protected.
We may disclose personal information for the purposes described above to:
- our employees and related bodies corporate;
- data processors, including third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
- professional advisers, dealers and agents;
- payment systems operators (e.g. merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- our sponsors or promoters of any competition that we conduct via our services;
- anyone to whom our assets or businesses (or any part of them) are transferred;
- specific third parties authorised by you to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
Where your personal information be held and processed
We will process your personal information in our servers in Australia.
We will provide your information to third parties that provide services to us solely for the purpose of providing those services, including third parties that provide our payment gateway, marketing and technology support services. This may include providing your information to third parties that are located outside of Australia including in the United States of America.
Where your personal information is transferred outside Australia (including the United States of America), we will take steps to ensure that overseas recipients will deal with that information in a way that is consistent with the Australian Privacy Law or applicable national laws.
Security and retention of personal information
We take reasonable and industry standard technical and organisational steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. For example, altering security levels are applied to people throughout the organisation for systems and document storage. We also have an external audit completed on our cybersecurity readiness. However, we cannot guarantee the security of your personal information.
We will only use, process or store personal information for as long as required by the purpose it has been collected, including where such purpose relates to our legitimate interest, and for a longer period where you have given consent to such processing, as long as such consent is not withdrawn. We may be obliged to retain personal information for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Third parties and information you receive through us
Our Site may contain links to third party websites. We are not responsible for the privacy policies of any third party websites. We recommend that you review the privacy policy of each website you visit.
Where you transact with another person or entity through us, we may enable you to obtain the personal information of that person or entity. You acknowledge that in these circumstances you are the data controller of that data and you should, where required, inform that other person about your privacy practices and otherwise comply with relevant national laws.
Using the personal information of any person you receive through us for any other purpose other than to perform the transaction we enable, is prohibited by this policy.
Your rights and our complaints procedure
Your rights and our complaints procedure:
- by post:
Privacy Officer
144 Greta Road
Wangaratta Victoria 3676 - by email: [email protected]
- know what personal information we maintain about you and request a copy of your personal information which we will provide;
- request us to correct information we hold about you;
- This privacy policy will be reviewed as follows:
- annually at a minimum;
- following an information security incident;
- following significant changes to our systems; and/or
- following relevant changes to the relevant privacy legislation including the Privacy Act.
- Merriwa Code of Conduct
- Disciplinary Action Policy
- Privacy & Confidentiality Policy
- Investigation Template
- Record of Interview Template
- Ensure documentation of this Policy and variations of same are recorded;
- Ensure only the most current version of this Policy is in circulation; and
- This document will be reviewed annually (or sooner if required).