Privacy Policy – Perform Well PTY LTD 97 650 514 873
Introduction
Perform Well is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act) and, to the extent applicable, the EU General Data Protection Regulation (GDPR). This Privacy Policy sets out how Perform Well handles personal information.
This Privacy Policy does not apply to personal information collected by Perform Well that is exempted under the Privacy Act, for example, employee records. Perform Well may modify this Privacy Policy from time to time to reflect its current privacy practices. In this Privacy Policy, ‘Perform Well’, ‘we’, ‘us’ and ‘our’ is a reference to Perform Well and includes any entity carrying on business in Australia that is part of Perform Well.
Personal Information We Collect
The types of personal information we collect include:
- names, job titles, contact and address details;
- information in identification documents (for example, passport, driver’s licence);
- tax file numbers and other government-issued identification numbers;
- date of birth and gender;
- bank account details, shareholdings and details of investments;
- details of superannuation and insurance arrangements;
- educational qualifications, employment history, salary and referee reports;
- visa or work permit status;
- your Internet Protocol (IP) address;
- payment details; and
- personal information about your spouse and dependants.
It may be necessary in some circumstances for Perform Well to collect sensitive information about you in order to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, ethnic origin, criminal record and health information. It is generally not practical to remain anonymous or to use a pseudonym when dealing with Perform Well, as usually, we need to use your personal information to provide specific services to you or which relate to or involve you.
How We Collect and Manage Personal Information
How We Collect Personal Information
Generally we collect your personal information from you directly (for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey, when you subscribe to our publications or when you use our website or our social media). Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from your employer where they are our client, from your personal representative, or a publicly available record. We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites.
Where You Provide Us with Personal Information About Someone Else If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy or any Privacy Collection Statement we give you.
Holding Personal Information
Perform Well holds personal information in hard copy and electronic formats. We take security measures to protect the personal information we hold including physical (for example storage of files in lockable cabinets) and technology (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates) security measures. Purpose for Collecting, Holding, Using and Disclosing Personal Information Perform Well collects, holds and uses personal information for a number of purposes including:
- to provide professional services;
- to provide technology services and solutions;
- to respond to requests or queries;
- to maintain contact with our clients and other contacts;
- to keep our clients and other contacts informed of our services and industry developments;
- to notify of seminars and other events;
- to verify your identity;
- for administrative purposes, including processing payment transactions;
- for recruitment purposes;
- for purposes relating to the employment of our personnel, providing internal services or benefits to our partners and staff and for matters relating to the partnership;
- when engaging service providers, contractors or suppliers relating to the operation of our business;
- to manage any conflict of interest or independence (including auditor independence) obligations or situations;
- to conduct surveys;
- for seeking your feedback;
- to meet any regulatory obligations;
- as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business or entering into an alliance, joint venture or referral arrangement;
- to perform internal statistical analysis, including of our databases and website;
- for any other business-related purposes.
If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing you or our clients with the services we were engaged to perform.
The types of third parties to whom we may disclose your personal information include:
- experts or other third parties contracted as part of an engagement;
- our service providers;
- our professional advisers;
- as part of an engagement, if you are a customer, an employee, a contractor or supplier of services to one of our clients, then we may disclose your personal information as part of providing services to that client;
- as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business or to enter into an alliance, joint venture or referral arrangement; or
- government or regulatory bodies or agencies, as part of an engagement or otherwise, (for example, the Australian Taxation Office).
We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information to them for research or promotional purposes.
General Data Protection Regulation (GDPR) for the European Union (EU)
Perform Well will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information.
The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose, and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law. We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin, unless we have obtained your explicit consent or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Perform Well complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU. Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as "the right to be forgotten");
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
Hosting and International Data Transfers
Information that we collect may, from time to time, be stored, processed in or transferred between parties or sites located in countries outside of Australia.
We and our other group companies have offices and/or facilities in Australia
Transfers to any other country will be protected by appropriate safeguards. These include but are not limited to the use of standard data protection clauses adopted or approved by the European Commission, which you can obtain from the European Commission Website The hosting facilities for our website are situated in Australia. Transfers to any other country will be protected by appropriate safeguards. These include, but aren’t limited to, the use of standard data protection clauses adopted or approved by the European Commission, which you can obtain from the European Commission Website.
Our suppliers and contractors are situated in Australia. Transfers to any other countries will be protected by appropriate safeguards. These include, but are not limited to, the use of standard data protection clauses adopted or approved by the European Commission, which you can obtain from the European Commission Website.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Data Loss Prevention
Perform Well utilises Data Loss Prevention policies. A data loss prevention policy defines how organisations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it.
Data loss prevention is broadly defined as technology or processes that: Identifies confidential data.
- Identifies confidential data.
- Tracks data usage.
- Prevents unauthorised access to data.
Data loss prevention tools include software products that can classify and protect data. The data loss prevention policy guides how those tools work.
Why We Use A Data Loss Prevention Policy
Much of data security involves preventing malicious attacks on an organisation’s networks. Employees have more ways to access and share organisational data than in the past due to the distributed nature of modern computing, making accidental data loss a serious problem. Data storage is available in the cloud and in remote locations. As the number of employees working from remote locations continues to increase, so too does the frequency of access to sensitive data from laptops and mobile devices that may be vulnerable.
Data collection and use are coming under increased regulatory scrutiny. There are three main reasons for establishing a data loss prevention policy:
- Compliance: Governments have various levels of regulation of how organisations collect and secure personally identifiable information. A data loss prevention policy is an important part of complying with data regulation and reporting information in compliance audits.
- Intellectual property: Proprietary information and trade secrets are the types of information that need to be protected from unauthorised access.
- Data visibility: Organizations can gain valuable insights by monitoring how stakeholders access and interact with data.
Our Practices for Establishing A Data Loss Prevention Policy
Data loss prevention policies help us prevent unauthorised data access and protect us from potential damage. While no protection will be bulletproof, we use the following practices that can help us implement successful data protection policies:
- Identify the data that the policy is primarily meant to protect. Most often, data is classified according to its vulnerability and risk factors. Taking the time to understand data and classify it can lead to greater insights for us.
- Establish criteria for evaluating data loss prevention vendors. Creating an evaluation framework with the right questions can help lead to an educated purchasing decision.
- Clearly define the roles of people who will be involved with data loss prevention. This is not just about who will monitor data usage and make the rules. Segregating responsibilities helps prevent misuse.
- Keeping it simple at the beginning. The goal is to secure the most critical data and get a measurable win early, then build upon that.
- Each area of Perform Well has a role in shaping a data loss prevention policy that aligns with corporate culture. This is a strategy that affects all departments and functions.
- Educating everyone in Perform Well about how and why the data loss prevention policy is in place.
- Document the data loss prevention processes carefully. A written policy should focus on the data being protected.
- Setting and sharing metrics for success.
- Anticipate workarounds to limits (e.g. If email rules prevent large files from being attached, employees find other ways to transfer files). We examine workflows to make sure data loss prevention policies do not get in the way of us doing our jobs.
- Assess how much data is needed (what kind of data is needed and why). Do not save unnecessary data.
- Monitor data usage before blocking it. Set up data loss prevention tools to report sensitive data loss first.
Using Data Loss Prevention Policy Templates
There are a number of data privacy laws already in effect, not to mention the host of pending legal requirements and potential laws being penned across the globe. Our data loss prevention policy contains three elements:
- Location: Where the policy will be enforced.
- Condition: The parameters the policy searches for to prevent data loss.
- Action: If a situation meets the set conditions, action is taken to prevent loss.
Direct Marketing
Perform Well may also use your personal information for the purpose of marketing its services. If you do not want to receive marketing material from us, you can contact us as detailed below:
- for electronic communications, you can click on the unsubscribe function in the communication (if available); or
- for hard-copy communications, you can email info@performwell.au; or
- through our contact details below.
Privacy on Our Websites
Cookies and Web Beacons
Cookies and web beacons are used on the Perform Well website, primarily used to enhance your online experience and to make our sites more useful and attractive to you. Cookies are small text files placed on your computer when you first visit the site. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. A web beacon is a clear picture file that is placed on a website or in an email that is used to monitor the behaviour of a user visiting the website or sending an email. When the HTML code for the web beacon points to a site to retrieve the image, at the same time, it can pass along information such as the IP address of the computer that retrieved the image, the time the web beacon was viewed and how long, the type of browser that retrieved the image and previously set cookie values.
Your Choices
You have several choices regarding your use of Perform Well’s website(s). In general, you are not required to provide personal information when you visit our websites. However, if you apply to receive information about our services, events and industry updates or wish to apply for a job, provision of certain personal information will generally be required.
Links to Third-Party Websites
Perform Well’s website(s) may contain links to third parties’ websites. Those other websites are not subject to our privacy policy and procedures. You will need to review those websites to view a copy of their privacy policy. Perform Well also does not endorse, approve or recommend the services or products provided on third party websites.
Children
We understand the importance of protecting children’s privacy, especially in an online environment. In particular, our websites are not intentionally designed for or directed at children under the age of 13. It is our policy to never knowingly collect or maintain information about anyone under the age of 13, except as part of a specific engagement to provide professional services which necessitates such personal information be collected or for the purposes of ensuring compliance with our auditor independence policies.
Aggregated or De-Identified Information.
We may aggregate or de-identify Personal Information and use the aggregated information to analyse the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyse the general behaviour and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and will not attempt to reidentify the information.
Gaining Access to Personal Information We Hold
You can request access to your personal information, subject to some limited exceptions permitted or required by law. Such request must be made in writing to account. Please see the ‘How to contact us’ section for details. Perform Well may charge reasonable costs for providing you access to your personal information.
Keeping Personal Information Current
If you believe that any personal information Perform Well has collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request correction. To do so, please contact info@performwell.au and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act. Please see the ‘Contact us’ section for details as to how to contact us.
Complaints
If you wish to make a complaint to Perform Well about our handling of your personal information, you can contact info@performwell.au as set out in the ‘Contact us’ section. You will be asked to set out the details of your complaint in writing in the form provided. Perform Well will endeavour to reply to you within 30 days of receipt of the completed complaint form and, where appropriate, will advise you of the general reasons for the outcome of the complaint. In some circumstances, we may decline to investigate the complaint, for example, if the complaint relates to an act or practice that is not an interference of the privacy of the person making the complaint. If you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner.
Contact Us
If you have a query in relation to this Privacy Policy or to exercise your rights under the GDPR at the contact details in this Privacy Policy, please contact us. If you would like to notify Perform Well that you no longer wish to receive marketing material from us, access or correct your personal information, or to make a complaint about Perform Well's handling of your personal information, please contact us as follows:
Perform Well
A: 31 Sherwood Rd, Toowong QLD 4066
T: 07 3102 1264
E: info@performwell.au
Note: We may ask you to verify your identity before acting on any of your requests.