Empired Limited (ABN 81 090 503 843) (“Empired”) and its related entities are committed to protecting the privacy of personal information. Personal information is defined under the Privacy Act 1988 (Cth) (“Privacy Act”). All people and organisations working with and for Empired are required to be familiar with and to comply with the obligations set out in this Policy. Your use of Empired’s web site and/or web services evidences your consent to Empired’s collection, use and disclosure of personal information in the manner set out below. The personal information we collect includes, but is not limited to:
- Personal information for employment, customer and marketing purposes such as full name, postal address, phone and fax numbers and email addresses.
- Personal information relating to a person’s business or professional capacity such as ABN/ACN, position, organisation, postal address, phone and fax numbers and email addresses.
- Transactional information such as credit card details or bank details.
- Personal information for Human Resources, Finance and general entity administration purposes for employees and contractors.
- Personal information for the purpose of organising, inviting and holding an event with Empired or its related entities.
- Directly from the person and/or the company they represent that we are interacting with to provide advice, services, materials and/or resources, employment opportunities or company information. This information can be collected in hard copy forms, online or by email, post, facsimile, face to face, over the phone or through our reseller channel, including wholesalers and partners.
- Enquiries made to external parties in order to provide advice, services, materials and/or resources, employment opportunities or company information, for example reference checks for employment purposes.
- From publicly available information.
- We take reasonable steps to maintain the security of personal information to protect it from unauthorised disclosures.
- Information in hard copy format is stored in our secure offices secured by swipe passes, lock and key cabinets or rooms, and password protected rooms.
- Information in electronic format is stored securely on our secure servers or in accredited systems that meet security and privacy standards.
- Empired will not sell, rent or lease customer lists or other personal information to third parties. Personal information will not be distributed, shared or passed on to any third party unless consent has been granted by the individual or organisation, or Empired is required to do so by law.
- Empired uses this information to provide our core services to our customers, market our services and our brand to the industry and potential customers, recruit employees, have productive working relationships with our employees, and to engage with partners and third party service providers.
- We may share personal information with Empired’s related entities (including our overseas subsidiaries in New Zealand, Singapore and the United States) or to third parties such as our vendors or suppliers who provide us with goods or services, our clients (who may be located overseas) or our professional advisers, where permitted by the Privacy Act.
Empired is transparent and accountable for the limited personal information that we collect and aim to maintain the accuracy and quality of this information. Should you wish to access or correct your personal information we hold, please contact Empired via firstname.lastname@example.org or +61 8 6333 2200. You may also use these contact details to notify us of a privacy complaint if you think we have failed to comply with our obligations under the Australian Privacy Principles. If a complaint is made, it will be thoroughly assessed in a timely manner and any breach will be rectified, where practicable and possible. All complaints will be taken seriously and will feed into continual processes for reviewing and improving privacy.
Empired may, at its discretion, update or revise this Policy from time to time. Please check our website www.empired.com for the current version of this Policy.
Data Breach Reporting
The Privacy Act and General Data Protection Regulation (Regulation (EU) 2016/679) requires that reasonable and appropriate protection is made around information, including personal information and customer data (“Information”), and that certain data breaches are reported to the relevant authorities. Empired may collect and store Information to enable Empired to provide services to its customers. That Information may be held in various forms and transmitted through systems controlled by Empired or its customers.
In the event a data breach occurs or, a data breach is suspected, Empired will follow this Policy and the below Response Plan to contain, assess and respond appropriately.
- Initial notification: If personnel become aware of an actual or suspected data breach they must immediately notify the Privacy Officer with information regarding the data breach.
- Preliminary assessment: The Privacy Officer shall notify the relevant personnel to collate information regarding the data breach.
- Assessment of Risk: The Privacy Officer in conjunction with management will assess the severity of the data breach based on the information received.
- Notification: The Privacy Officer in conjunction with management will consider whether notification to the relevant authority and/or affected individuals is required and, if notification is required, make that notification.
- Review: Empired will undertake an internal review of the circumstances to consider if further action is required.