We are committed to ensuring that the privacy and security of your personal and sensitive information remains protected.
All Pure Cleaning (“APC”, “us” or “we”) complies with the Australian Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information that we collect, hold, use and disclose. You are invited to contact us if you have any further queries about our management of your personal information.
Note: If you notify us that you are located in the European Union, then we promise to also comply with the GDPR in relation to your personal information, under paragraph 17 below.
What is Personal Information?
Personal information is information or an opinion about an individual who is reasonably identifiable through the information, whether the information or opinion is true or not, or is recorded in a material form or not. It includes your name, age, gender and contact details.
What does APC do?
APC provides cleaning products and services to homeowners and businesses in Perth, Western Australia. Our services and products are booked and sold via our website, or over the phone, and our customers send us messages via the website, email, SMS, and Facebook, and over the phone. We also send out newsletters via email.
What kind of Personal Information do we collect and hold?
In all of the activities described in paragraph 3 above, we will usually collect some personal information, such as names, physical addresses, phone numbers and email addresses. In most cases, this information is given to us voluntarily by our customers, in connection with their orders for products and services. We will only collect personal information by lawful and fair means and not in an unreasonably intrusive manner. The types of personal information we may collect and hold include contact information. APC may collect your personal information in a number of ways including face-to-face conversations, over the telephone, through an online contact form or portal, or by email.
A customer can pay for a service or product via credit card in two different ways:
- The customer can give us their credit card details over the phone, or via a paper form. We then transmit those details securely to our bank, via an EFTPOS terminal or a secure smartphone app. We collect the customer’s name (as shown on their card), credit card number, card expiry date, and CVV2 or verification code, either by writing these details down ourselves or by the customer submitting a paper form to us, in which case we will usually also receive the customer’s signature. These details are stored securely by us, and are not used for any purpose except to authorise payment for services or products that we deliver. The details are permanently deleted when the person stops being a customer of APC and stops requesting services, or six months after the customer’s last order. If the customer advises us that the service or product they are purchasing is a unique one-off transaction, we will delete the details as soon as practicable, otherwise, for the customer’s convenience, we will retain the details for subsequent use for the time periods mentioned.
Similar to other businesses, we have a computerised database of customers with their names, addresses and phone numbers, and often save customer’s names and phone numbers in our contact lists on our smartphones. Access to all such databases and lists is password-protected. We review these databases and lists regularly, and not less than once every 12 months, and delete all information that we no longer need for our business purposes. We are required by taxation regulations and/or proper bookkeeping standards and practices to retain details of payment receipts for at least 7 years. These details usually identify the person or entity making each payment.
For what Purpose do we Collect, Use and Hold your Personal Information?
We collect, use and hold your personal information to provide you with products and services, and to respond to your queries. Delivering our products and services generally involves us sending you messages, emails, notifications, reminders and recommendations.
If we use a third-party contractor, such as the post office or a courier service, to deliver products to you, we will share your personal information with that contractor. We will only share your personal information in this way with a person we believe will maintain the confidentiality of that information, and who has agreed to do so.
If we engage a subcontractor to help us deliver our services to you, we will only disclose your personal information to them after they have signed a confidentiality undertaking.
We also hold and use your personal information to manage our ongoing business relationship with you and to perform functions and activities relating to our business such as marketing, offering discounts or gifts, and informing customers of new products and other developments.
Our range of products and services and our business functions and activities may change from time to time.
Notification of the Collection of Personal Information
If you give us your personal information for our business purposes, we will usually keep a record of that information. If we need to collect personal information from you or a third party, we will normally notify you beforehand, at the time of collection, or, if that is not practical, as soon as possible afterwards.
Dealing with Unsolicited Personal Information
If we receive personal information about you from a third party and we did not request the information, we will only retain and use the information if it is necessary for us to provide you with our products and services. Example: one of our cleaners may visit your premises but find that access is blocked. Your neighbour may inform us that you are away because your premises are undergoing emergency repairs. We may rely on that information to contact you to reschedule our cleaning visit.
To whom will we disclose your personal information?
In order to deliver our products and services to you and perform our business functions mentioned above, we may need to disclose your personal information to other persons or organisations. Example: If you provide us your credit card details by the second payment method described in paragraph 4 above, we will transmit those details to our bank for processing, and our bank will in turn communicate with your financier. Example: if you make a payment to us, we will disclose those details to our bookkeeper and/or accountant and/or tax agent, each of whom are obliged to maintain confidentiality.
We will not sell your information to another person or use it for any purpose unrelated to our business. If we are required by law to disclose your information to the police, a court, or another government authority, we will do so as required by law, and will also inform you of that disclosure unless we are prevented from doing that.
Anonymity and Pseudonymity
Where it is reasonably possible for us to provide services and products to you without knowing your actual name, we will give you the option of using our service or purchasing our products without identifying yourself, or of using a pseudonym. In most situations, however, we are required by Australian law to deal only with individuals who have identified themselves. For example, we cannot enter premises unless we know that the person we are dealing with has authority to admit us, and therefore we will need to know that person’s identity.
With your consent, we may use your personal information (such as your email address) to contact you and inform you about our products or services or of developments in our business that we think may interest you. We will provide you with a simple means of opting out of direct marketing communications from us. If we engage a contractor to assist us with marketing, we will require the contractor to promise not to use your personal information for any other purpose, and to agree to keep that information confidential.
How do we hold and manage your personal information?
We will endeavour to:
- make sure that the personal information that we collect, hold, use and disclose is accurate, complete and up-to-date;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure;
- use good quality security technology to prevent unauthorised access to the personal information; and
- where permitted by law, destroy or permanently de-identify personal information that is no longer needed for our business purposes identified above.
Do we transfer personal information outside Australia?
We may transfer your personal information outside Australia in the following situations:
- If you consent to us transferring your personal information to a foreign third-party service provider, such as a payment services provider or delivery contractor with a head office located in another country.
- If you request or authorise a foreign entity to collect your personal information from us, for example where you authorise a foreign entity to track your website visits.
- If we or our data solutions contractor have backed up our data to servers located overseas operated by an international data-storage service provider.
If we provide links to third-party websites or services on our website, you should be careful to check whether those linked sites or services are based in Australia. Before disclosing your personal information on any other website, we advise you to examine the privacy policies for those sites.
How can you access or correct your information?
Please contact us if you would like to seek access to or correct the personal information we hold about you by emailing us at: firstname.lastname@example.org
We will provide you with access to your personal information in our possession and will take reasonable steps to amend any personal information about you which is inaccurate or out-of-date. If we have disclosed your personal information to another entity, and you request us to notify the other entity of the correction, we will reasonable efforts to pass on that notification unless it is impracticable or unlawful to do so.
In some circumstances under the Privacy Act, we may be entitled to refuse you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for that decision.
Also, in some circumstances we may be allowed under the Privacy Act to pass on to you the cost of retrieving your personal information. If we do charge you for this cost, the charge will not be excessive and will not apply to you making your request.
How we handle Complaints
If you have any concerns or complaints about the way in which your personal information has been collected or handled by us, please contact us by email: email@example.com
We promise to respond to your inquiry within 7 days. We will endeavour to resolve any complaint to your satisfaction. If you are unhappy with our response, you may contact the Office of the Australian Information Commissioner which has authority to investigate your complaint further.
The Australian Privacy Act and Privacy Principles
Special provisions for EU persons (GDPR compliance)
As mentioned above, if we know you are located in the European Union, we will also comply with the GDPR in relation to your personal information, meaning that:
You, as a relevant “data subject”, may have the following rights:
- A right to access, update or delete information in our possession.
- A right to rectification, i.e. to request us to correct any information that is inaccurate or incomplete.
- A right to object, i.e. a right to object to our processing of the information.
- A right of restriction, i.e. a right to request that we restrict the processing of the information in certain ways.
- A right to data portability, i.e. a right to be provided with a copy of the information in a structured, machine-readable and commonly used format.
- A right to withdraw consent, i.e. a right to withdraw consent to us processing the information.
If you claim that your privacy rights have been affected by us, we may ask you to verify your identity and location before we respond to that claim. We will use our best endeavours to respond to all inquiries about your personal information quickly and courteously. You may have the right to complain to your regional Data Protection Authority about our collection and use of your personal information, and you are encouraged to check with your local Data Protection Authority to learn what your rights are. Please direct all inquiries to our Data Protection Officer via this email address: firstname.lastname@example.org
VERSION NUMBER 001 (June 2020)