At Buildcert, we have a few fundamental principles:
- We don’t ask you for personal information unless we truly need it.
- We don’t share your personal information with anyone except to comply with the law, develop or operate our products or services, or protect our rights.
- We don’t store personal information on our servers or the offsite servers of the third-party service providers we use to provide our core services unless required for the on-going operation of one of our services.
- the data collected and accessed through our Apps;
- how we deal with personal information more broadly.
There are inherent risks in transmitting information across the internet. In our mobile application products, we use FileMaker Pro to securely store data and we use SSL security to encrypt data sent over the internet for any online portals and smartphone apps.
Buildcert operates a mobile application called Buildcert Inspection Bookings (the “Application”). It is Buildcert’s policy to respect the privacy of the Application’s users (“you”, “your”) regarding any information collected through the Application.
Data collected and accessed through our App
The Inspection Bookings app is intended to assist Buildcert clients to quickly and easily book inspections and view scheduled inspections for their development projects. It allows information and data about an inspection booking to be viewed, updated and deleted. This includes:
- information about the property (lot number, property address);
- customer reference number;
- development identification number;
- inspection information (date, inspection type and description);
- site contact information (name and phone number);
- property access requirements; and
- photographs of the property.
Some of the information stored on our FileMaker Pro system is personal information. How we deal with personal information is set out below.
How we deal with personal information
What is personal information?
Personal information is defined in the Privacy Act 1988 (the Privacy Act) as: information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
Why do we collect personal information?
We collect personal information where it is reasonably necessary for our functions or activities. At a high level these functions and activities include:
- providing services to our customers;
- undertaking research to improve our services;
- obtaining services from other businesses;
- employing staff; and
- complying with legal and regulatory obligations.
Some common examples of personal information that we may collect include an individual’s name and contact details. Any sensitive information which we do collect will either be collected with the individual’s consent or as permitted by law.
How do we collect and keep personal information?
We receive personal information in different ways and through a number of different media including:
- via online sources (including via applications and portals);
- by email;
- by telephone;
- through face to face communications; and
- by hard copy correspondence and documentation.
We collect personal information directly from the individuals concerned and also indirectly via third parties. Users of our FileMaker Pro system may upload personal information of third parties on to our system. This includes personal information relating to property developers, property owners and site contacts.
We keep different types of records that include personal information. These include records stored electronically on databases and also hard copy files.
Some of the ways we protect personal information that we hold include:
- securing our physical premises both externally and internally;
- password protected electronic systems and technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and antivirus software;
- having internal policies which provide that staff and service providers have access to areas of our network only to the extent necessary for them to perform their role;
- determining levels of access to electronic systems at senior management level;
- maintaining physical security over hard-copy records; and
- providing our staff with training in relation to privacy obligations and requiring them to comply with this policy.
What kinds of personal information do we collect?
We collect a variety of different kinds of personal information. Some examples are set out below. Personal information that we collect about our clients in order to provide our services can include their:
- contact details;
- property details;
- invoices and correspondence addressed to the client;
- details of historical services provided to the client; and
- banking details and other financial information.
When do we use or disclose personal information?
If we collect personal information for a particular purpose, we may use or disclose that personal information for that purpose. For example, personal information that we collect for the purpose of providing a service may be used or disclosed for the purpose of providing that service.
We may also use or disclose personal information for other secondary purposes including the following:
- where the individual has consented to the use or disclosure for the secondary purpose;
- the secondary purpose is related to (or in the case of sensitive information directly related to) the purpose for which the personal information was collected and the individual concerned would reasonably expect us to use or disclose the information – for example providing marketing information to existing customers (unless the customer has requested not to receive marketing information from us);
- the use or disclosure is required or authorised under an Australian law or a court or tribunal order;
- a permitted general or health situation exists as defined in the Privacy Act; or
- we reasonably believe that the use or disclosure of the personal information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
We may disclose personal information to data and call centres, IT service providers and other service providers we engage to help manage our information resources. These service providers are all located within Australia.
How can you access your personal information that we hold?
Australian Privacy Principle 6 of the Australian Privacy Act 1998 (Cth) allows you to obtain access and make corrections to the personal information Buildcert has collected from you. You may request access to your personal information held by contacting us directly (contact details below). We will provide access where we are required to do so under law.
You may request details of your personal information by contacting us at firstname.lastname@example.org if you:
- wish to access, update or correct your personal information or your client’s personal information;
- wish to request not to receive direct marketing communications;
- require further information about how we handle personal information;
- have a complaint or concern in relation to privacy.
We will take any issue or concern relating to your privacy matter or complaint seriously and will take all reasonable steps to address your matter or complaint. If you are not satisfied with our handling of your privacy related matter or complaint, you may make a complaint to the Australian Information Commissioner (https://www.oaic.gov.au/).