Table of Contents
About this policy 1
Collection of your information 2
Collecting sensitive information 2
Collecting information through our websites 2
Email lists, registrations and feedback 3
Social networking services 3
Electronic forms 4
Your cloud data 4
Credit card payment of account 4
Data breach notifications 5
Disclosure to service providers 5
Disclosure of sensitive information 5
Disclosure of personal information overseas 5
Quality of information 5
Storage and security of information 5
Building access 6
How to make a complaint 6
Version 1.0, September 2018
About this policy
OverviewWe collect, hold, use and disclose information to carry out functions or activities within our Company (HLP Controls Pty Limited)
These functions and activities include:
- handling your name, address, phone number & email address information;
- holding these details on our Company server in MYOB;
- handling your credit card details when you give them to us to use to pay your invoices;
- accessing & handling details such as your ABN and credit reporting information when you open a credit account with us;
- holding your data-logged data on a secure cloud server;
- assessing suitable candidates for career opportunities within the HLP Controls.
At all times we try to only collect the information we need for the particular function or activity we are carrying out.
Collection of your information
The main way we collect information about you is when you give it to us. For example, we collect personal information such as contact details when you:
- contact us to ask for information, to buy a product or pay an account over the phone (but only if we need it);
- ask for access to information HLP Controls holds about you;
- ask for access to password protected sections of the HLP Controls web sites;
- set up an account on the HLP Controls cloud server to store your data;
- apply for a job vacancy at the HLP Controls;
- make a complaint to us.
Collecting sensitive informationSometimes we may need to collect sensitive information from you, for example, you may choose to pay your account via your credit card. This information will include all of the credit card details such as the number, name on the card, expiry date & CCV. We do not hold credit card information after it is used for the payment you authorised us to use it for.
HLP Controls has its own public websites. These are:
Collecting information through our websites
There are a number of ways in which we collect information though our websites.
We use Google Analytics to collect data about your interaction with our website. Google Analytics is hosted by a third party. The sole purpose of collecting your data in this way is to improve your experience when using our web sites. No specific personal information on You is collected. The types of information collected that we are able to access and examine is all general in nature.
The types of data we collect with these tools include:
- country and city;
- system, browser, operating system and service provider;
- mobile operating system, service provider and screen resolution;
- search terms and website pages visited;
- date and time when website pages were accessed.
Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website.
Our websites generally set the _ga: Google Analytics cookie
Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our websites.
Email lists, registrations and feedback
We will collect information that you provide to us when signing up to mailing lists and registering for our email-outs, or when submitting feedback on our websites.
Should you not wish to receive our email-outs at any time, you can unsubscribe by clicking the ‘Unsubscribe’ button at the base of the email. Your details will then be removed from that email data base list.
We use social networking services such as Facebook and YouTube to communicate about our products, business and to post helpful videos. When you communicate with us using these services we may collect your information, but we only use it to help us to communicate with you. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Facebook and YouTube (a Google company) on their websites.
Social networking services
We do not hold your personal information other than that which you have disclosed through your contact with us.
HLP Controls has electronic forms for completion on it’s web sites.
When you submit a form using this service it is encrypted and sent to us as an email. We download the information when we open the email.
Your cloud data
When you activate an account to have your data, such as temperature and other records, held on our cloud server, we will hold this information for you for 2 years. Within this period you can access and download your information as many times as you require. Should you or your business or your legal and moral requirements require more than 2 years of data to be held, then you need to download your own data & store it yourself, for instance on a hard disk drive or flash drive before the 2 year period has ended.
Once data has been stored for 2 years it will automatically be deleted.
Deleting your stored cloud data
Should your credit account become sixty (60) days in arrears of payment, or should you give us written notice of termination of our arrangement to store your data for you, we reserve the right to delete your stored data within seven (7) days.
When you send us an email it is stored on our in-house server. The details are held, backed up and not deleted. We hold these details in case you have further queries or in case we need to refer back to your emailed information at any time.
This information is available for our staff to view via password protected access.
Common situations in which we disclose information are detailed below.
Credit Card Payment of Account
We will not disclose personal information about you to anyone outside our Company, except for instance to a Government agency in the event of a breach, unless you agree, or would reasonably expect us to disclose such information.
Data breach notifications
If we have a data breach at HLP Controls either on our in-house server or on our cloud server we will inform you immediately that we are aware of the event. We will also notify the Office of the Australian Information Commissioner (OAIC) of the data breach and comply with any and all of their recommendations and requirements.
Such a data breach could include if a device containing our customer’s information is lost or stolen, a database containing information is hacked, or information is mistakenly provided to the wrong person. Please note that HLP Controls do not store credit card information. We use the credit card details you give us for the purpose you have allowed and then destroy the details.
HLP Controls uses a number of service providers to whom we disclose information. These include providers that host our website servers, manage our IT and manage our payment gateways. You can access the privacy policies for the web site hosts at www.experiencedigital.com.au and www.sitesuite.com.au/privacy-statement
Disclosure to service providers
We only disclose information when you request that we do so or when you would reasonably expect us to do so. We only use secure sites for payment processing. These are detailed in ‘Credit card payment of account’ section in this document.
We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes that you would reasonably expect or if you agree.
Disclosure of sensitive information
Disclosure of personal information overseas
To ensure that the information we hold is accurate, up-to-date and complete we:
Quality of information
- record information in a consistent format
- where necessary, confirm the accuracy of information we collect with you
- promptly add updated or new information to existing records when you advise us of a change
We take steps to protect the security of the information we hold from both internal and external threats by ensuring that our systems can only be accessed with a unique password. All of our staff have unique password access to our server.
Storage and security of information
When we no longer require your printed information
We destroy information in a secure manner when we no longer need it. For example, we generally destroy records by in-house shredding.
Only certain trusted staff members are allowed key access to our building. They use a unique password to deactivate the security system. The logs of who accessed the security system, date and time can be access by Management at any time needed.
If you wish to complain to us about how we have handled your information you should complain in writing to: [email protected]
How to make a complaint
If we receive a complaint from you we will determine what (if any) action we should take to resolve the complaint and will promptly report back to you with a resolution.