Last updated 15 MAY 2018
ESA is bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how organisations such as ESA may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.
1 What personal data do we collect?
“Personal data” is anything that discloses your identity, that is unique to you. For example: a name, an identification number, location data or an online identifier. It also includes “personal information” as defined in subsection 6(1) of the Privacy Act:
“information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.”
The personal data we collect may include:
- Contact information, such as your name, job title, postal address, including your home address, where you have provided this to us, business address, telephone number, mobile phone number, fax number and email address;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Your username and password for the SCIS website or other password protected platforms or services, where you have one;
- Your school contact details; and/or
- Details of your visits to our premises.
From time to time, it may include personal data about your membership of a professional or trade association or union, health personal data, details of dietary preferences when relevant to events to which we invite you.
When you register/subscribe to use SCIS services, complete and submit an electronic form on the SCIS website, contact ESA or send feedback via the feedback or cataloguing request form, ESA may collect the following personal data.
- your name;
- your contact number(s);
- your email address; and
- your school contact details.
When you use the SCIS website, ESA collects the following information relating to use of the SCIS services:
- your server address;
- your top level domain name (for example: .com.au, .edu.au, .net, etc.);
- the time and date of your visit to the website;
- the pages and documents you have accessed or viewed; and
- the type of browser you are using (for example Chrome, Firefox, Internet Explorer).
Usage statistics or patterns obtained from tracking the level and range of interest in the SCIS website are collected in order to improve the SCIS services or develop new services. This information will be connected to a SCIS user’s profile but will be de-identified prior to any use in reports.
2 Handling of Personal data
2.1 Remaining anonymous or using a pseudonym: are you required to provide personal data?
Where it is not impractical or unlawful, you may interact with ESA without identifying yourself or using a pseudonym. As a general principle, you provide us with your personal data entirely voluntarily and there are generally no detrimental effects for you if you choose not to consent or to provide personal data. However, there are circumstances in which ESA cannot take action without certain of your personal data. For example: because this personal data is required to process your order, provide you with access to a web offering or newsletter. In these cases, it will unfortunately not be possible for us to provide you with what you request without the relevant personal data and we will notify you accordingly.
2.2 Use of your personal data
We may use your personal data for the following purposes only ("Permitted Purposes"):
- Providing services or things you may have requested;
- Managing and administering your or your organisation's business relationship with ESA, including processing payments, accounting, auditing, billing and collection, support services;
- Compliance with our legal obligations (such as record keeping obligations);
- To analyse and improve our services and communications to you;
- Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- For monitoring and assessing compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
- Communicating with you through the channels you have approved to keep you up to date on the latest information about SCIS content, services, products and technologies (including client briefings, newsletters and other information) as well as SCIS events and projects;
- Customer surveys, marketing campaigns, market analysis, contests or other promotional activities or events; or
- Collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
With regard to marketing-related communication, we will - where legally required - only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
2.3 With whom will we share your personal data?
Personal data will:
- only be used for the stated purpose for which it was provided; and
- not be disclosed to a third party without your consent unless otherwise authorised or required by law.
We may share your personal data in the following circumstances:
- We may instruct service providers within or outside of ESA, domestically or abroad, e.g. shared service centres, to process personal data for the Permitted Purposes on our behalf and in accordance with our instructions only. ESA will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers; and
- We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations to do so.
Usage statistics or patterns obtained from tracking the level and range of interest in the website are collected in order to improve and develop SCIS. This information will be connected to a user’s profile but will be de-identified prior to any use in reports.
Google Inc. uses this information for the purpose of evaluating your use of the website, compiling reports on website activity for ESA and providing other services relating to website activity and internet usage. Google Inc. may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google Inc's behalf. Google Inc. will not associate your IP address with any other data held by Google Inc.
2.5 Personal data about other people which you provide to us
2.6 Publication of your personal data
ESA will only publish personal data on the SCIS website if it has been collected for this purpose, with your knowledge, or if you have otherwise consented to the disclosure. When giving consent you should be aware that personal data published on the SCIS website is accessible to web users from all over the world.
2.7 Security of your personal data
ESA takes reasonable steps to:
- protect personal data that it holds against misuse, interference, loss, unauthorised access, modification or disclosure by utilising up-to-date electronic and physical security controls that comply with relevant industry standards and guidelines; and
- destroy or permanently de-identify personal data if it is no longer required.
Personal data may be kept on our personal data technology systems, those of our contractors or in paper files.
2.8 Location of personal data
Generally personal data collected by ESA is stored in Australia; and not disclosed, accessed or transferred to overseas recipients. However, we may transfer your personal data abroad if required for the Permitted Purposes as described above. This may include countries which do not provide the same level of protection as the laws of your home country (for example, the laws within the European Economic Area or Australia). We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the General Data Protection Regulation (EU) 2016/679 or other relevant laws. You may contact us anytime using the contact details below if you would like further information on such safeguards.
We will also require our agents, consultants and sub-contractors and others who are outside the European Economic Area or Australia and to whom we transfer your personal data to ensure a similar level of data protection.
When doing so we will comply with applicable data protection requirements and take appropriate safeguards to ensure the security and integrity of your personal data.
3 Accessing and correcting personal data
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know by logging into SCIS Data and going to the ‘My profile’ section or contacting ESA using the contact information below. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
4 For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the Permitted Purposes or you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data.
5 Your rights
Subject to certain legal conditions, you have the right to request a copy of the personal data about you which we hold, to have any inaccurate personal data corrected and to object to or restrict our using your personal data. You may also make a complaint if you have a concern about our handling of your personal data.
If you wish to do any of the above, please contact ESA using the contact information below. We may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
We will consider any requests or complaints which we receive and provide you with a response in a timely manner. If you are not satisfied with our response, you may take your complaint to the relevant privacy regulator. We will provide you with details of your relevant regulator upon request.
6 Contact information for ESA and questions, comments, concern or complaints
If you have any questions, comments, concerns or complaints about ESA’s privacy practices for SCIS services, you can contact ESA by:
- Telephone: +61 3 92079600
- Post: Post Office Box 177, Carlton South, Victoria, Australia 3053; or
- Email: [email protected].
ESA will do its best to address and resolve any issues you raise. If you are not satisfied with ESA’s response you may take your complaint to the Office of the Australian Information Commissioner.