1.1.1 Maxsum Consulting is a Managed IT Services Provider providing Managed IT Services support, technical services, project and professional services and consulting services on a range of information technology processes, systems, services and products for small-to-medium sized business, professional and not-for-profit organisations.
1.1.2 This policy sets out Maxsum Consulting’s approach to privacy, and the collection, use, handling and disposal of private and/or personal information, with reference where relevant to controls and treatments to minimise data privacy risk, business risk and efficiently respond to incidents within the context of the Maxsum Information Security Management System (ISMS), collection of personal information via public communication forums such as the Maxsum website/s, and the collection and use of personal information required for contracted service provision.
1.4.1 For the purpose of this and all Maxsum Consulting Information Security Policies, Maxsum Consulting may be denoted variably as “Maxsum”, “the Company”, “the organisation”, “we” or “us”.
1.4.2 You means the person or entity that accesses the Website/s or uses our services and your has a corresponding meaning.
1.4.3 Personal Information has the meaning provided for that term under the Privacy At, meaning information or an opinion relating to an individual which can be used to identify that individual. This may include your name, address, telephone number, email address and profession or occupation.
1.4.4 Privacy Officer means the individual nominated by Maxsum Consulting from time to time;
1.4.5 Website/s means maxsum.com, including all content, trademarks, and related services, products, related website/s, tools and applications, as well as any services provided by Maxsum Consulting including managed, technical, consulting or procurement services ;
2.1.1 We are bound by the Australian Privacy Principles (“APPs”) contained in the Privacy Act (Cth).
2.1.2 The APPs establish minimum standards for the private sector in relation to the collection, handling, use, disclosure, management, access, correction and disposal of Personal Information about natural persons.
2.2.1 We may collect and hold information about you which we consider is required in order for us to provide our services to you, including without limitation the following types of Personal Information:
2.2.2 We may also collect and hold Personal Information within the sources set above that is sensitive information under the Privacy Act. For example we may collect health information, information about your religious beliefs or affiliations or member or political information.
2.2.3 We understand the importance of protecting children’s privacy. Our Website/s including related sites such as our Facebook, Twitter, Snapchat, LinkedIn or other social media pages are not intentionally designed for or directed at children.
2.3.1 We generally collect Personal Information:
2.3.2 We take all reasonable steps to ensure that the information we collect is stored in a secure environment and protected from unauthorised access, modification or disclosure.
2.3.3 We may hold information both in hard copy form and electronically at our premises and with various service providers that assist us with information storage.
2.3.4 You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity, authority or security check to ensure that we are able to act on your behalf.
2.3.5 Electronic information may also be backed up on a secure server administered by a provider nominated by us. To the best of our knowledge, these servers are located in Australia however we make no guarantee that they are in Australia and you consent to your information being stored on foreign-based servers.
2.3.6 We may also utilise cloud service providers located overseas for the limited purpose of performing the services of storing and ensuring we may access the Personal Information stored.
2.3.7 We do not intentionally “disclose” information to them, and rather allow them to “use” it (as defined under the Privacy Act) for the purposes stated above.
2.3.8 You consent to this use, and if it inadvertently becomes a disclosure then you consent to that disclosure.
2.3.9 Despite the above, the transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or that you receive from us.
2.4.1 Our principal purpose in collecting, using and storing your Personal Information is to provide our services in a personalised, safe and efficient manner. The information we collect is necessary for us to provide you with our services (and you authorise us to use your information in this way), which includes:
2.5.1 If you do not provide us with the Personal Information described above, some or all of the following may happen:
2.5.2 You are not permitted to not identify yourself or use a pseudonym when dealing with us, as it is impracticable for us to deal with individuals who have not identified themselves or used a pseudonym. For example, we need your Personal Information so that we can undertake a identity or authority check and confirm we are able to act on your behalf.
2.6.1 We may disclose information about you to:
2.7.1 Subject to the Privacy Act, you may request to access the Personal Information we hold about you by contacting us. All requests for access will be processed within a reasonable time.
2.7.2 In certain instances we may not be required or able to provide you with access to your Personal Information. If this occurs we will give you reasons for our decision not to provide you with such access to your Personal Information in accordance with the Privacy Act.
2.7.3 There is no application fee for making a request to access your Personal Information. However, we may charge an administrative fee for the provision of information in certain circumstances, such as if you make repeated requests for information or where the information is held by a third-party provider.
2.8.1 All information is retained on file for the period of time required to fulfil our business needs and legal obligations (usually at least seven (7) years).
2.8.2 Where that information is no longer required, it will be destroyed, deleted or disposed of in a secure manner.
3.1.1 Our Website/s may contain links to other sites over which we have no control. Those links are provided for your convenience only, and we are not responsible for how they may handle your Personal Information.
5.1.1 If you do not wish to receive marketing information from us, you may withdraw your consent at any time using the unsubscribe option included in the email or other material. Alternatively, you may contact us and we will process your request.
6.1.1 In the event that there is a data breach and we are required to comply with the notification of eligible data breaches provisions in Part IIIC of the Privacy Act 1988 (Cth) or any other subsequent sections or legislation which supersede this Part IIIC, we will take all reasonable steps to contain the suspected or known breach where possible and follow the following process set out under this clause.
6.1.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then, if (and only if) we are required to do so under the Privacy Act:
7.1.2 We use a formal procedure for the investigation and management of privacy breaches. Once a complaint has been received, the Privacy Officer will undertake an investigation in order to determine the nature of the breach and the reason it occurred. If a breach is found to have occurred, the matter will be escalated to our management. The information storage and handling process will then be rectified to prevent any further breaches.
7.1.3 We will contact you in order to inform you of the outcome of any investigation concerning your Personal Information and to discuss any concerns you may have and possible resolutions to those concerns. We will acknowledge and respond to all genuine enquiries, concerns and complaints in writing within thirty (30) days of the date of receipt.
Position Privacy Officer
Telephone (03) 4433 9200
Postal Address 130 Mollison Street, Bendigo VIC 3550
If we do not resolve your enquiry, concern or complaint to your satisfaction or you require further information in relation to any privacy matters, please contact the Office of the Australian information Commission at:
Telephone 1300 363 992
Office Address Level 3, 175 Pitt Street, Sydney NSW 2000
Postal Address GPO Box 5218, Sydney NSW 2001