Thank you for applying for a credit account with Southern Plumbing Plus.
This online application service has been provided so we can process your application as quickly as possible.
To complete your application, we will ask for the following information to be provided:
If you require any assistance with your application, please contact our accounts department on 02 6129 7612 or e-mail accounts.receivable@spplus.com.au
CreditorWatch Pty Limited ACN (144 644 244) (“CreditorWatch” or “we”, “our” or “us”) is bound by the Privacy Act 1988 (as amended) (“Privacy Act”), including the Australian Privacy Principles. This Privacy Policy sets out how we treat the personal information that we collect, use and disclose and our procedures regarding the handling of personal and sensitive information, including the collection, use, disclosure and storage of information, as well as the right of individuals to access and correct that information.
From time to time, we may revise or update this Privacy Policy or our information handling practices. If we do so, the revised Privacy Policy will be published on our website www.creditorwatch.com.au
CreditorWatch may collect personal information in order to conduct our business, to provide and market our services and to meet our legal obligations. By using our website or our services, or by providing any personal information to us, you consent to the collection, use and disclosure of your personal information as set out in this Privacy Policy.
The types of personal information we may collect and hold includes (but is not limited to) personal information about:
Personal information that we collect and may hold include:
You are not obliged to provide personal information to CreditorWatch. However in many cases, if you do not provide your personal information to us, we may not be able to supply the relevant product or service that you have requested from us.
In some circumstances, you may provide to us, and we may collect from you, personal information of a third party. Where you provide the personal information of a third party, you must ensure that the third party is aware of this Privacy Policy, understands it and agrees to accept it.
If it is necessary to provide specific services to you, we may collect sensitive information about you. Under the Privacy Act, “sensitive information” includes but is not limited to information or an opinion about an individual’s racial or ethnic origin, religious belief, or criminal record and also includes health information about an individual. However, we will only collect sensitive information from you if you agree to provide it to us, you authorise us to obtain it from a third party or where the collection of the information is required or authorised by or under an Australian law or a Court/Tribunal order or otherwise where the collection is not prohibited under the Privacy Act. We will only use sensitive information in accordance with the Privacy Act and for the purpose for which it is provided.
We collect personal information in the following ways:
We may also collect information about you from third party suppliers and government database services.
We store personal information in computer storage facilities and paper-based files. We take steps to protect your personal information against loss, unauthorised access, use modification or disclosure. Some examples of the steps we take to protect your personal information include:
Information that may identify you as a user may be gathered during your access with our website.
Our website includes pages that use ‘cookies’. A cookie is a unique identification number that allows the server to identify and interact more effectively with your computer. The cookie assists us in identifying what our users find interesting on our website.
A cookie will be allocated each time you use our website. The cookie does not identify you as an individual in our data collection process, however it does identify your Internet Service Provider.
You can configure your web browser to refuse cookies. If you do so, you may not be able to use all or part of our website.
CreditorWatch, or its related body corporates in the ATI Group, may collect some personal information that is a government related identifier.
Personal information from identity documents may be provided to the document issuer or official record holder via third party systems for the purpose of confirming your identity, for example, the Australian Government’s Document Verification Service (DVS). Where CreditorWatch does collect government related identifiers, they are maintained on a separate database for audit and compliance purposes.
CreditorWatch may use or disclose a government related identifier where:
We collect, hold, use and disclose personal information for a variety of business purposes including:
We also collect, hold, use and disclose your personal information to:
If you do not wish to disclose your personal information for the purpose of direct marketing or you would like to opt-out of receiving direct marketing communications, you can do so by contacting the CreditorWatch Privacy Officer using the contact details set out below, or by following the instructions to unsubscribe which are contained in a communication that you receive from us.
The ATI Group and Related Companies
The ATI Group includes our parent company Australian Technology Innovators Pty Ltd, LEAP Legal Software Pty Ltd, InfoTrack Group Pty Ltd and their subsidiaries, CNCNA Pty Ltd (trading as eCompanies), InfoTrack Limited (NZ), InfoTrack Group Limited (UK) and its subsidiaries, and LotSearch Pty Ltd. Different companies within the ATI Group provide different services.
The ATI Group may share information with our integration partners to ensure the smooth running of the services which we, and they, provide. These partners include Sympli Pty Ltd, Practice Evolve Group Pty Ltd and its subsidiaries, Legal Software Developments Pty Ltd and its subsidiaries, and other partners as mentioned on our website and updated from time to time. At times, we may need to provide personal information to them to help them run their businesses or for reporting purposes. We may also share your personal information within the wider Australian Technology Innovators Pty Ltd group companies (ATI Group) and with our service providers for the purposes outlined above.
Third Party Service Providers
We may disclose your personal information to third party service providers who assist us in providing the services you request, including public authorities and providers of information services.
We may also disclose your personal information to third parties who work with us in our business to promote, market or improve the services that we provide, including:
We may also combine your personal information with information available from other sources, including the entities mentioned above, to help us provide better services to you.
Where we do share information with third parties, we require that there are contracts in place that only allow use and disclosure of personal information to provide the service and that protect your personal information in accordance with the Privacy Act. Otherwise, we will disclose personal information to others if you’ve given us permission, or if the disclosure relates to the main purpose for which we collected the information and you would reasonably expect us to do so.
As a credit reporting agency, we may share your credit information in accordance with industry consumer credit reporting standards including:
These standards ensure that your personal information in relation to your consumer credit is managed regarding:
We do not presently disclose personal information to any organisations located overseas; however, we do disclose information in Australia, for the purposes described above, to some multinational organisations that are located both in Australia and overseas, including the United Kingdom, the United States and New Zealand.
If you are a resident of the European Union for the purposes of the GDPR, then in addition to what is set out above, the following applies to you.
CreditorWatch is a data controller and processor for the purposes of the GDPR and by your consenting to this Privacy Policy, CreditorWatch is able to process your Personal Information in accordance with this Privacy Policy.
In providing services to you, CreditorWatch may make use of a number of automated processes using your Personal Information and your activity on our site as tracked by us, in order to provide more tailored and relevant services to you.
In addition to your rights set out above, you may update or rectify any of your Personal Information that we hold about you, in the manner described in the “How you can access your personal information” paragraph above.
You have a right to request access to your personal information which we hold about you and to request its correction. You can make such a request by contacting the CreditorWatch Privacy Officer using the contact details set out in this policy.
We will respond to any such request for access as soon as reasonably practicable. Where access is to be given, we will provide you with a copy or details of your personal information in the manner requested by you where it is reasonable and practicable to do so.
We will not charge you a fee for making a request to access your personal information. However, we may charge you a reasonable fee for giving you access to your personal information.
In some cases, we may refuse to give you access to the information you have requested or only give you access to certain information. If we do this, we will provide you with a written statement setting out our reasons for refusal, except where it would be unreasonable to do so.
We will take such steps (if any) as are reasonable in the circumstances to make sure that the personal information we collect, use or disclose is accurate, complete, up to date and relevant.
If you believe the personal information we hold about you is inaccurate, irrelevant, out of date or incomplete, you can ask us to update or correct it. To do so, please contact us using the contact details listed below.
If we refuse your request to correct your personal information, we will let you know why. You also have the right to request that a statement be associated with your personal information that says you believe it is inaccurate, incomplete, irrelevant, misleading or out of date.
If you have any questions about this Privacy Policy, if you wish to correct or update information we hold about you or if you wish to request access or correction of your personal information or make a complaint about a breach by CreditorWatch of the Australian Privacy Principles (including the way we have collected, disclosed or used your personal information), please contact:
CreditorWatch Privacy Officer GPO Box 4029 Sydney NSW 2001 privacy@creditorwatch.com.au 1800 738 524
We will acknowledge and investigate any complaint about the way we manage personal information as soon as practicable. We will take reasonable steps to remedy any failure to comply with our privacy obligations. If you are unhappy with our handling of the complaint, you may contact the Australian Information Commissioner.
Last update: 29 May 2019
Privacy Policy
1 Introduction
1.1 From time to time SOUTHERN PLUMBING SUPPLIES PTY LTD, ACN 120 287 452, (“the Company”) is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to its customers, contractors, suppliers and employees) in the performance of its business activities.
1.2 The information collected by the Company will, from time to time, be accessible to certain individuals employed or engaged by the Company who may be required to use the information in the course of their duties.
1.3 This document sets out the Company’s policy in relation to the protection of personal information, as defined, under the Privacy Act 1988 (Cth) the (“Act”), which includes the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and the Australian Privacy Principles (“APP”). The APPs regulate the handling of personal information.
1.4 The obligations imposed on the Company under this policy are also imposed on any individual employed or engaged by the Company (“employees”).
1.5 This policy outlines the Company’s requirements and expectations in relation to the handling of personal information.
2 Scope
2.1 This policy applies to all employees, independent contractors, consultants and other workers engaged by the Company and who have access to personal information in the course of performing their duties.
3 What is personal information?
3.1 Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
4 What is not personal information?
4.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record as they are exempt from the APPs.
4.2 An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms, and conditions of employment of the employee.
4.3 Employees (such as those engaged in a supervisory, operations or human resource capacity) will have access to employee records. Employees who have access to employee records must that the information is handled confidentially and for a proper purpose only. Employee records are only permitted to be collected, used and disclosed where the act of doing so is directly related to a current or former employment relationship.
4.4 Employees who have access to employee records and who may have a question about the use or disclosure of employee records, should contact the Head of People and Culture.
5 Kinds of information that the Company collects and holds
5.1 The Company collects personal information that is reasonably necessary for one or more of its functions or activities or if the Company has received consent to collect the information. If the Company collects sensitive information (as defined below), the Company must also have obtained consent in addition to the collection being reasonably necessary.
5.2 The type of information that the Company collects and holds may depend on an individual’s relationship with the Company, for example:
(i) Candidate: if a person is a candidate seeking employment with the Company, the Company may collect and hold information about that candidate including the candidates name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
(ii) Customer: if a person is a customer of the Company, the Company may collect and hold information including the customer’s name, address, email address, contact telephone number, gender and age and other sensitive information.
(iii) Supplier: if a person or business is a supplier of the Company, the Company may collect and hold information about the supplier including the supplier’s name, address, email address, contact telephone number, business records, billing information and information about goods and services supplied by the supplier.
(iv) Referee: if a person is a referee of a candidate being considered for employment by the Company, the Company may collect and hold information including the referee’s name, contact details, current employment information and professional opinion of candidate.
(v) Sensitive information: the Company will only collect sensitive information where an individual consents to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
6 How the Company collects and holds personal information
6.1 The Company (and the employees acting on the Company’s behalf) must collect personal information only by lawful and fair means.
6.2 The Company may collect personal information in a number of ways, including without limitation:
(i) through application forms (e.g., job applications, VIP and loyalty program applications);
(ii) by email or other written mechanisms;
(iii) over a telephone call;
(iv) in person;
(v) through transactions.
(vi) through the Company website;
(vii) through lawful surveillance means such as a surveillance camera;
(viii) by technology that is used to support communications between individuals and the Company;
(ix) through publicly available information sources (which may include telephone directories, the internet and social media sites); and
(x) direct marketing database providers.
6.3 When the Company collects personal information about an individual through publicly available information sources, it will manage such information in accordance with the APPs.
6.4 At or before the time or, if it is not reasonably practicable, as soon as practicable after, the Company collects personal information, the Company must take such steps as are reasonable in the circumstances to either notify the individual or otherwise ensure that the individual is made aware of the following:
(i) the identity and contact details of the Company;
(ii) that the Company has collected personal information from someone other than
the individual or if the individual is unaware that such information has been collected;
(iii) that collection of personal information is required by Australian law, if it is;
(iv) the purpose for which the Company collects the personal information;
(v) the consequences if the Company does not collect some or all of the personal information;
(vi) any other third party to which the Company may disclose the personal information collected by the Company;
(vii) the Company’s privacy policy contains information about how an individual may access and seek correction of personal information held by the Company and how an individual may complain about a breach of the APPs; and
(viii) whether the Company is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.
6.5 Unsolicited personal information is personal information that the Company receives which it did not solicit. Unless the Company determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified unless the Company determines that it is acceptable for the Company to have collected the personal information.
7 Use and Disclosure of Personal Information
7.1 The main purposes for which the Company may use and/or disclose personal information may include but are not limited to:
(i) recruitment functions;
(ii) customer service management;
(iii) training and events;
(iv) surveys and general research; and
(v) business relationship management.
7.2 The Company may also collect, hold, use and/or disclose personal information if an individual consents or if required or authorised under law.
7.3 Direct marketing:
(i) the Company may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing (for example, advising a customer about new goods and/or services being offered by the Company);
(ii) the Company may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose; and
(iii) an individual can opt out of receiving direct marketing communications from the Company by contacting the Privacy Officer in writing or if permissible accessing the Company’s website and unsubscribing appropriately.
8 Disclosure of Personal Information
8.1 The Company may disclose personal information for any of the purposes for which it is was collected, as indicated under clause 6 of this policy, or where it is under a legal duty to do so.
8.2 Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.
8.3 If an employee discloses personal information to a third party in accordance with this policy, the employee must take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
9 Access to personal information
9.1 If the Company holds personal information about an individual, the individual may request access to that information by putting the request in writing and sending it to the Head of People and Culture. The Company will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information where the Company incurs any unreasonable costs in providing the personal information.
9.2 There are certain circumstances in which the Company may refuse to grant an individual access to personal information. In such situations the Company will provide the individual with written notice that sets out:
(i) the reasons for the refusal; and
(ii) the mechanisms available to you to make a complaint.
9.3 If you receive such a request, please contact the Head of People and Culture.
10 Correction of personal information
10.1 If the Company holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it must take steps as are reasonable to correct the information.
10.2 If the Company holds personal information and an individual makes a request in writing addressed to the Head of People and Culture to correct the information, the Company must take steps as are reasonable to correct the information and the Company will respond to any request within a reasonable period.
10.3 There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will give the individual written notice that sets out:
(ii) the mechanisms available to the individual to make a complaint.
10.4 If the Company corrects personal information that it has previously supplied to a third party and an individual requests the Company to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
10.5 If you receive such a request, please contact the Head of People and Culture.
11 Integrity and security of personal information
11.1 The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date and complete.
11.2 Employees must take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
11.3 If the Company holds personal information and it no longer needs the information for any purpose for which the information may be used or disclosed and the information is not contained in any Commonwealth record and the Company is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
11.4 If you are unsure whether to retain personal information, please contact the Head of People and Culture to discuss.
12 Data Breaches and Notifiable Data Breaches
12.1 A “Data Breach” occurs where personal information held by the Company is accessed by, or is disclosed to, an unauthorised person, or is lost. An example of a Data Breach may include:
(i) Lost or stolen laptops or tablets;
(ii) Lost or stolen mobile phone devices;
(iii) Lost or stolen USB data storage devices;
(iv) Lost or stolen paper records or documents containing personal information relating to the Employer’s customers or employees;
(v) Employees mistakenly providing personal information to the wrong recipient (i.e., payroll details to wrong address);
(vi) Unauthorised access to personal information by an employee;
(vii) Employees providing confidential information to the Employer’s competitors;
(viii) Credit card information lost from insecure files or stolen from garbage bins;
(ix) Where a database has been ‘hacked’ to illegally obtain personal information; and
(x) Any incident or suspected incident where there is a risk that personal information may be misused or obtained without authority.
12.2 If you are aware of or reasonably suspect a Data Breach, you must report the actual or suspected Data Breach to the Head of People and Culture as soon as reasonably practicable and not later than 24 hours after becoming aware of the actual or suspected Data Breach.
12.3 A “Notifiable Data Breach” occurs where there is an actual Data Breach, and:
(i) a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual (including harm to their physical or mental well-being, financial loss, or damage to their reputation); or
(ii) in the case of loss (for example, leaving an unsecure laptop containing personal information on a bus), unauthorised access or disclosure of personal information is likely to occur as a result of the Data Breach, and a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual (including harm to their physical or mental wellbeing, financial loss, or damage to their reputation).
12.4 A Notifiable Data Breach does not include a Data Breach where the Company has been successful in preventing the likely risk of serious harm by taking remedial action.
Assessment
12.5 If the Company is aware of any actual or suspected Data Breach, it will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that the Data Breach is a Notifiable Data Breach or not.
Notification
12.6 Subject to any restriction under the Act, in the event that the Company is aware of a Notifiable Data Breach, the Company will, as soon as practicable, prepare a statement outlining details of the breach and notify:
(i) the individual whose personal information was part of the Data Breach; and
(ii) the Office of the Australian Information Commissioner.
13 Anonymity and Pseudonymity
13.1 Individuals have the option of not identifying themselves, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply:
(i) where the Company is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(ii) where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
13.2 However, in some cases if an individual does not provide the Company with the personal information when requested, the Company may not be able to respond to the request or provide the goods or services that are being sought.
14 Complaints
14.1 Individuals have a right to complain about the Company’s handling of personal information if the individual believes the Company has breached the APPs.
14.2 If an employee becomes aware of an individual wanting to make such a complaint to the Company, the employee should direct the individual to first contact the Head of People and Culture in writing. Complaints will be dealt with in accordance with the Company’s complaints procedure and the Company will provide a response within a reasonable period.
14.3 Individuals who are dissatisfied with the Company’s response to a complaint, may refer the complaint to the Office of the Australian Information Commissioner.
15 Breach of this policy
15.1 An employee directed by the Company to do an act under this policy and which relates to personal information, must ensure that in doing the act they comply with the obligations imposed on the Company. An employee directed by the Company who fails to do an act in accordance with this policy will be deemed to have breached this policy and will be subject to formal counselling and disciplinary action, up to and including possible termination of the employee’s employment.