Privacy Policy

About Us

page1image1136page1image1880

Indoor Gardens Pty LtdABN: 51 009 203 187

Privacy Policy Manual

page1image3256
page2image1256

Indoor Gardens Pty Ltd – Privacy Policy Manual

Table of Contents

  1. Introduction Page 2

  2. Australian Privacy Principles (APP’s) and NDB Page 3

  3. General Data Protection Regulation (“GDPR”)________________________ Page 4

page2image4744page2image4904
  1. Types Of Personal Information That Is Collected & Held

  2. Procedures and responding to potential breaches of Privacy

  3. Purposes For Which Information Is Collected, Held, Used And Disclosed

  4. How An Individual May Access Personal Information Held, And How

    They May Seek Correction Of Such Information

  5. How An Individual May Complain About A Breach Of The APP, And

    How The Complaint Will Be Dealt With

  6. Will Personal Information Be Disclosed To Overseas Recipients

  7. Availability Of This Privacy Policy Manual

  8. Privacy Officer (Responsibilities)

  9. Appendix A

Page 4 Page 6 Page 8

Page 9

Page 10 Page 11 Page 11 Page12 Page13

page2image13280page2image13440page2image13600page2image13760page2image13920page2image14080page2image14240page2image14400page2image14560

DISCLAIMER: Subject to any applicable law which cannot be excluded and to all provision implied by statute which cannot be excluded, EC Credit Control (Aust) Pty Ltd accepts no responsibility for any loss, damage, cost or expense (whether direct or implied) incurred by you as a result of any error, omission or misrepresentation in any information in this manual.

page2image18536

This manual has been prepared by EC Credit Control (Aust) Pty Ltd www.eccreditcontrol.com.au | [email protected] Phone 1300 361 070

page2image20080

© Copyright – EC Credit Control 1999 - 2020 - #25214

Page 1

page2image21488
page3image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

1. Introduction

From 12 March 2014, the Australian Privacy Principles (APP’s) replaced the NationalPrivacy Principles and Information Privacy Principles and were inserted into the PrivacyAct 1988 (“the Act”) at schedule 1. These principles apply to private sector organisations who deal with information relating to individuals. This legislation is designed to protect personal information about individuals and sets in place a framework and guidelines about how to deal with this information. APP 1.3 requires an APP entity to have a clearly expressed and up-to-date APP privacy policy describing how it manages personal information. Further in February 2018, the Notifiable DataBreaches (“NDB”) Scheme was introduced under Part IIIC of the Act. The NDBestablishes requirements and compliance mechanisms for entities in responding to data breaches.

As at 25 May 2018, the EU General Data Protection Regulation (“GDPR”) wasintroduced providing increased transparency for data protection for all businesses transferring data to the Europe Union. While the GDPR and the APP share some similarities, Indoor Gardens Pty Ltd is providing robust privacy policies and proceduresfor its staff and clients. This includes ensuring that it conforms to all required APP’sincluding the provision of a clearly expressed and readily available Privacy Policy. This is completed by the provision of this Privacy Policy Manual.

An APP privacy policy is a key tool for meeting APP 1’s requirements.

To assist with this compliance, Indoor Gardens Pty Ltd ensures that all of its staff members adhere to these policies and procedures. Any breaches of these policies andprocedures must be reported to the relevant staff member’s manager or supervisorimmediately so that any appropriate measures can be taken to mitigate any issues surrounding an identified breach.

Every staff member of Indoor Gardens Pty Ltd who handles personal information isrequired to have an understanding of the Australian Privacy Principles (APP’s), the Actand the GDPR, where necessary. Where a more detailed knowledge of Indoor Gardens Pty Ltd’s rights and responsibilities is required, the Privacy Officer will be ableto provide assistance.

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 2

page3image21048
page4image1176

Indoor Gardens Pty Ltd – Privacy Policy Manual

All staff are encouraged to discuss privacy issues with the nominated Privacy Officer.

Review

Formal review of this privacy policy shall be undertaken on a 6 monthly basis with the details of this review recorded by the Privacy Officer.

2. Australian Privacy Principles (APP’s)

The Privacy Act 1988 and the Credit Reporting Privacy Code 2014 places obligations and responsibilities on employers and employees to ensure that information collectedfrom individuals is collected, retained and used in line with the APP’s. Indoor Gardens Pty Ltd shall abide by the following APP’s at all times:

APP No.

Part 1 – Consideration of personal information privacy

APP 1 Open and transparent management of personal information APP 2 Anonymity and pseudonymity

Part 2 – Collection of personal information

APP 3 APP 4 APP 5

Collection of solicited personal information
Dealing with unsolicited personal information Notification of the collection of personal information

Part 3 – Dealing with personal information

APP 6 APP 7 APP 8 APP 9

Use or disclosure of personal information
Direct marketing
Cross-border disclosure of personal information
Adoption, use or disclosure of government related identifiers

Part 4 – Integrity of personal information

APP 10 Quality of personal information APP 11 Security of personal information

Part 5 – Access to, and correction of, personal information

APP 12 Access to personal information APP 13 Correction of personal information

© Copyright – EC Credit Control 1999 - 2020 - #25214

Page 3

page4image19656
page5image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

Further information regarding the APP’s can be obtained from the office of theAustralian Information Commissioner at www.oaic.gov.au.

A copy of the APP’s as produced by the Office of the Australian InformationCommissioner is attached as Appendix A. The NDB forms part of the Act as a new implemented scheme for companies to advise its clients, in the event of a potential data breach that is likely to result in serious harm to any individuals whose personal information is involved in the breach. Indoor Gardens Pty Ltd’s Privacy Policy Manualprovides a data breach preparation and response to any potential breaches to ensure compliance under the NDB and the Act.

  1. General Data Protection Regulation (“GDPR”)

    Upon the implementation of the GDPR on 25 May 2018, Indoor Gardens Pty Ltd has updated the way they use and collect personal data from residents in the EU. This involves, identifying Indoor Gardens Pty Ltd’s data protection officer (“Privacy Officer”),how clients can contact the Privacy Officer and identifying the process of transferringclient’s personal information. Further, the implementation of cookies notices on Indoor Gardens Pty Ltd’s website has been activated to ensure Indoor Gardens Pty Ltd’sclients have adequate protection in providing consent to Indoor Gardens Pty Ltd withholding their personal data.

  2. Types of Personal Information That is Collected, Used, Processed & Held

    Indoor Gardens Pty Ltd collects personal information for a variety of reasons. This personal information will be collected in the normal course of business and will relate to Goods and/or Services that are provided by Indoor Gardens Pty Ltd to clients. This information collected will be done so in the course of business where the client is a customer of Indoor Gardens Pty Ltd or when the client acts as a guarantor for another person or company that is a client of Indoor Gardens Pty Ltd. Indoor Gardens Pty Ltd will not collect information that is not relevant or sensitive in nature unless it is required in the normal course of business.

    The personal information that is collected may include, but will not be limited to the following;

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 4

page5image21640
page6image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

  1. 1/  Full name

  2. 2/  Address

  3. 3/  Date of birth

  4. 4/  Credit references if applicable

  5. 5/  Publically available information which relate to the clients activities in Australia

  6. 6/  Any information recorded in the National Personal Insolvency Index

  7. 7/  The client acknowledges that provided the correct Privacy Act disclosures have been made that Indoor Gardens Pty Ltd may conduct a credit report on the client for the purposes of evaluating the credit worthiness of the client.

  8. 8/  Driver’s licence details

  9. 9/  Medical insurance details (if applicable)

  10. 10/  Electronic contact details including email, Facebook and Twitter details

  11. 11/  Next of kin and other contact information where applicable

Indoor Gardens Pty Ltd ensures that all personal information is held in a secure manner. Where applicable and to the best of Indoor Gardens Pty Ltd’s knowledge allcomputers or servers have the required security protections in place to safeguard and protect any personal information that is held by Indoor Gardens Pty Ltd.

We use cookies on our website. Cookies are small files which are stored on your computer. They are designed to hold a modest amount of data (including personal information) specific to a particular client and website, and can be accessed either by the web server or the client’s computer. In so far as those cookies are not strictlynecessary for the provision of Indoor Gardens Pty Ltd’s services, we will ask you toconsent to our use of cookies when you first visit our website.

In the event that you utilise our website for the purpose of purchases/orders, Indoor Gardens Pty Ltd agrees to display reference to cookies and /or similar tracking technologies, such as pixels and web beacons (if applicable), and requests consent for Indoor Gardens Pty Ltd collecting your personal information which may include:

  1. (a)  IP address, browser, email client type and other similar details;

  2. (b)  Tracking website usage and traffic; and

  3. (c)  Reports are available to Indoor Gardens Pty Ltd when Indoor Gardens Pty Ltd

    sends an email to the client, so Indoor Gardens Pty Ltd may collect and review that information

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 5

page6image22760
page7image1152

Indoor Gardens Pty Ltd – Privacy Policy Manual

Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy control, you can advise us if you would like to receive direct marketing communications. You can access the privacy controls viahttps://plantercraft.com.au.

Indoor Gardens Pty Ltd also regularly conducts internal risk management reviews to ensure that its infrastructure (to the best of its knowledge) is secure and any identifiable risks have been mitigated as much as they can be in the normal course of business.

5. Procedures and responding to potential breaches of Privacy

In accordance with the NDB Indoor Gardens Pty Ltd is aware of its responsibilities to notify its clients in the event of a potential data breach that may cause serious harm toclients. Further, in the event the client is located in the Europe Union (“EU”), Indoor Gardens Pty Ltd acknowledges that any potential data breaches will be safeguarded by the provisions of the GDPR.

Indoor Gardens Pty Ltd will collect and process personal information in the normal course of business. This personal information may be collected and processed, but is not limited to, any of the following methods;

  1. 1/  Credit applications forms

  2. 2/  Work authorisation forms, quote forms or any other business documentation

  3. 3/  Publically available databases that hold information

  4. 4/  Websites that detail information such as Sensis, Facebook, Google etc

  5. 5/  By verbally asking you for information as part of normal business practices

Where relevant to data processing as per the GDPR, and in particular where Indoor Gardens Pty Ltd uses new technologies, and takes into account the nature, scope, context and purposes of processing and considers that the data processing is likely to result in a high risk to the rights and freedoms of natural persons, the Privacy Officer shall, prior to the processing of personal information, carry out an assessment of impact of the envisaged processing operations on the protection impact assessment. The data protection assessment will be required in instances whereby:

page7image20080

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 6

page7image21168
page8image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

  1. (a)  a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;

  2. (b)  processing on a large scale of special categories of data referred to in Article 9(1) of the GDPR, or of personal data relating to criminal convictions and offences referred to in Article 10 of the GDPR; or

  3. (c)  a systematic monitoring of a publicly accessible area on a large scale.

The assessment shall be carried out in accordance with Article 35 (7) of the GDPR and carry out reviews of such data protection impact assessments when there is any change of the risk associated with the processing of personal information.

As a client of Indoor Gardens Pty Ltd and agreeing to Indoor Gardens Pty Ltds Terms and Conditions of Trade, which comprises of Indoor Gardens Pty Ltd’s privacystatement you hereby agree and consent to the provisions of this Privacy Policy Manual, including but not limited to the collection, processing, use and disclosure of your personal information. In the event that you do not wish to agree or consent to any of the above use, processing collection and disclosure, then Indoor Gardens Pty Ltd warrants that any request by you to withdraw your consent or agreement shall be deemed as confirmation by you to cease any and/or all collection use, processing and disclosure of your personal information. You may make a request to withdraw your consent at anytime by telephone and/or by email to the following contact details;

The Privacy Officer Fiona Jennings
Indoor Gardens Pty Ltd
55 Zappeion Entrance Landsdale WA 6065 [email protected] (08) 9309 2442

Indoor Gardens Pty Ltd will ensure that any Information that is to be obtained from you is done so using Indoor Gardens Pty Ltd’s prescribed forms which;

Authorise Indoor Gardens Pty Ltd:

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 7

page8image20736
page9image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

  1. 1/  To collect personal information; and

  2. 2/  Inform the individual what personal information is being collected; and

  3. 3/  Inform the individual why (the purpose) the personal information is being

    collected; and

  4. 4/  Inform the individual why & when personal information will be disclosed to 3rd

    parties.

It is the responsibility of Indoor Gardens Pty Ltd to ensure that any personal information obtained is as accurate and up to date as possible and information is only collected by lawful means in accordance with the Act and relevantly, in accordance with the GDPR.

6. Purposes For Which Information Is Collected, Held, Used And Disclosed

Disclosure to Third Parties

Indoor Gardens Pty Ltd will not pass on your personal information to third parties without first obtaining your consent.

In accordance with the Act, and relevantly the GDPR, Personal Information can only be used by Indoor Gardens Pty Ltd for the following purposes:

  1. 1/  Access a credit reporter’s database for the following purposes:

    a) To assess your application for a credit account; or
    b) To assess your ongoing credit facility; or
    c) To notify a credit reporter of a default by you; or
    d) 
    To update your details listed on a credit reporter’s database; or

  2. 2/  Check trade references noted on the prescribed form for the following purposes: a) To assess your application for a credit account; or
    b) To assess your ongoing credit facility; or
    c) To notify a default.

  3. 3/  Market Indoor Gardens Pty Ltd’s products and services.

  4. 4/  Any other day to day business purposes such as complying with ATO

    requirements, managing accounting returns or legal matters.

Relationship with Credit Reporter - In the event that notification of a default has been reported to a Credit Reporter and your credit file has been updated (including any

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 8

page9image20672
page10image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

changes to the balance outstanding or contact details), then the Credit Reporter shall be notified as soon as practical of any such changes.

Indoor Gardens Pty Ltd will only gather information for its particular purpose (primary purpose). In accordance with the Act, and relevantly the GDPR Indoor Gardens Pty Ltd will not disclose this information for any other purpose unless this has been agreed to by both parties.

7. How An Individual May Access Personal Information Held, And How They May Seek Correction Of Such Information

You shall have the right to request from Indoor Gardens Pty Ltd a copy of all the information about you that is retained by Indoor Gardens Pty Ltd. You also have the right to request (by telephone and/or by email) that Indoor Gardens Pty Ltd correct any information that is incorrect, outdated or inaccurate.

Any requests to receive your personal information or to correct personal information should be directed to the following contact details;

The Privacy Officer Fiona Jennings
Indoor Gardens Pty Ltd
55 Zappeion Entrance Landsdale WA 6065 [email protected] (08) 9309 2442

Indoor Gardens Pty Ltd will destroy personal information upon your request (by telephone and/or by email) or when the personal information is no longer required. The exception to this is if the personal information is required in order to fulfil the purpose of Indoor Gardens Pty Ltd or is required to be maintained and/or stored in accordance with the law.

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 9

page10image16784
page11image1152

Indoor Gardens Pty Ltd – Privacy Policy Manual

8. How An Individual May Complain About A Breach Of The APP, And How The Complaint Will Be Dealt With

You can make a complaint to Indoor Gardens Pty Ltd’s internal dispute resolution team(‘IDR’) regarding an interference with and/or misuse of your personal information bycontacting Indoor Gardens Pty Ltd via telephone or email.

Any complaints should be directed to the following contact details in the first instance;

The Privacy Officer Fiona Jennings
Indoor Gardens Pty Ltd
55 Zappeion Entrance Landsdale WA 6065 [email protected] (08) 9309 2442

In your communication you should detail to Indoor Gardens Pty Ltd the nature of your complaint and how you would like Indoor Gardens Pty Ltd to rectify your complaint.

We will respond to that complaint within 7 days of receipt and will take all reasonable steps to make a decision as to the complaint within 30 days of receipt of the complaint.

We will disclose information in relation to the complaint to any relevant credit provider and or CRB that holds the personal information the subject of the complaint.

In the event that you are not satisfied with the resolution provided, then you can make a complaint to the Information Commissioner on the OAIC website at www.oaic.gov.au

page11image14096

© Copyright – EC Credit Control 1999 - 2020 - #25214 Page 10

page11image15184
page12image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

9. Will Personal Information Be Disclosed To Overseas Recipients

Indoor Gardens Pty Ltd does not disclose information about the client to third party overseas recipients unless the client has provided its consent. Indoor Gardens Pty Ltd will notify you if circumstances change regarding overseas disclosure and will comply with the Act and the GDPR in all respects.

Unless otherwise agreed, Indoor Gardens Pty Ltd agrees not to disclose any personal information about the client for the purpose of direct marketing. You have the right to request (by telephone and/or by email) that Indoor Gardens Pty Ltd does not disclose any personal information about you for the purpose of direct marketing.

10. AvailabilityOfThisPrivacyPolicyManual

This Privacy Policy manual is available to all clients of Indoor Gardens Pty Ltd. It will be made available (where applicable) on Indoor Gardens Pty Ltd’s website.

This manual will also be available upon request at Indoor Gardens Pty Ltd’s businesspremises and is available to be sent to you if required.

If you require a copy of this Privacy Policy please make a request utilising the following contact information in the first instance:

The Privacy Officer Fiona Jennings
Indoor Gardens Pty Ltd
55 Zappeion Entrance Landsdale WA 6065 [email protected] (08) 9309 2442

© Copyright – EC Credit Control 1999 - 2020 - #25214

Page 11

page12image15536
page13image1144

Indoor Gardens Pty Ltd – Privacy Policy Manual

11. PrivacyOfficer(Responsibilities)

Indoor Gardens Pty Ltd has appointed an internal Privacy Officer to manage its privacy matters. The name of this officer is available by making contact with Indoor Gardens Pty Ltd. The privacy officers duties include (but are not limited to) the following:

The Privacy Officer needs to be familiar with the APP’s. Educational material isavailable from the office of the Privacy Commissioner which explains what Indoor Gardens Pty Ltd needs to know in order to comply with the Privacy Act.

If a person complains to the Privacy Commissioner that Indoor Gardens Pty Ltd has breached their privacy, the Information Commissioner may contact the Privacy Officer to discuss the complaint, and to see whether there is any means of settling the matter. The Privacy Officer shall provide whatever assistance is necessary. The Privacy Officer may be asked to provide background information or identify the staff members who can do so.

Complaints

In the event that a complaint about privacy issues is received the Privacy Officer will:

  1. 1/  Take ownership of the complaint and ensure that it is dealt with in a timely

Privacy Policy

For further information, or to arrange an obligation-free quote, contact the friendly team at Plantercraft on (08) 9249 9078