info@collectionconsultancy.com.au
Phone 1300 565 988
Introduction
From 12 March 2014, the Australian Privacy Principles (APP’s) replaced the National Privacy Principles and Information Privacy Principles and were inserted into the Privacy Act 1988 (“the Act”) at schedule 1. These principles apply to private sector organisations who deal with information relating to individuals. This legislation is designed to protect personal information about individuals and sets in place a framework and guidelines about how to deal with this information. APP 1.3 requires an APP entity to have a clearly expressed and up-to-date APP privacy policy describing how it manages personal information. Further in February 2018, the Notifiable Data Breaches (“NDB”) Scheme was introduced under Part IIIC of the Act. The NDB establishes requirements and compliance mechanisms for entities in responding to data breaches.
As at 25 May 2018, the EU General Data Protection Regulation (“GDPR”) was introduced providing increased transparency for data protection for all businesses transferring data to the Europe Union. While the GDPR and the APP share some similarities, Collection Consultancy Australia Pty Ltd is providing robust privacy policies and procedures for its staff and clients. This includes ensuring that it conforms to all required APP’s including the provision of a clearly expressed and readily available Privacy Policy. This is completed by the provision of this Privacy Policy Manual.
An APP privacy policy is a key tool for meeting APP 1’s requirements.
To assist with this compliance, Collection Consultancy Australia Pty Ltd ensures that all of its staff members adhere to these policies and procedures. Any breaches of these policies and procedures must be reported to the relevant staff member’s manager or supervisor immediately so that any appropriate measures can be taken to mitigate any issues surrounding an identified breach.
Every staff member of Collection Consultancy Australia Pty Ltd who handles personal information is required to have an understanding of the Australian Privacy Principles (APP’s), the Act and the GDPR, where necessary. Where a more detailed knowledge of Collection Consultancy Australia Pty Ltd’s rights and responsibilities is required, the Privacy Officer will be able to provide assistance.
All staff are encouraged to discuss privacy issues with the nominated Privacy Officer.
Review
Formal review of this privacy policy shall be undertaken on a 6-monthly basis with the details of this review recorded by the Privacy Officer.
The Privacy Act 1988 and the Credit Reporting Privacy Code 2014 places obligations and responsibilities on employers and employees to ensure that information collected from individuals is collected, retained and used in line with the APP’s. Collection Consultancy Australia Pty Ltd shall abide by the following APP’s at all times:
APP No.
Part 1 – Consideration of personal information privacy
APP 1 Open and transparent management of personal information
APP 2 Anonymity and pseudonymity
Part 2 – Collection of personal information
APP 3 Collection of solicited personal information
APP 4 Dealing with unsolicited personal information
APP 5 Notification of the collection of personal information
Part 3 – Dealing with personal information
APP 6 Use or disclosure of personal information
APP 7 Direct marketing
APP 8 Cross-border disclosure of personal information
APP 9 Adoption, use or disclosure of government related identifiers
Part 4 – Integrity of personal information APP 10 Quality of personal information APP 11 Security of personal information
Part 5 – Access to, and correction of, personal information
APP 12 Access to personal information
APP 13 Correction of personal information
Further information regarding the APP’s can be obtained from the office of the Australian Information Commissioner at www.oaic.gov.au.
A copy of the APP’s as produced by the Office of the Australian Information Commissioner is attached as Appendix A. The NDB forms part of the Act as a new implemented scheme for companies to advise by its clients, in the event of a potential data breach that is likely to result in serious harm to any individuals whose personal information is involved in the breach. Collection Consultancy Australia Pty Ltd’s Privacy Policy Manual provides a data breach preparation and response to any potential breaches to ensure compliance under the NDB and the Act.
Upon the implementation of the GDPR on 25 May 2018, Collection Consultancy Australia Pty Ltd has updated the way they use and collect personal data from residents in the EU. This involves, identifying Collection Consultancy Australia Pty Ltd’s data protection officer (“Privacy Officer”), how clients can contact the Privacy Officer and identifying the process of transferring client’s personal information. Further, the implementation of cookies notices on Collection Consultancy Australia Pty Ltd’s website has been activated to ensure Collection Consultancy Australia Pty Ltd’s clients have adequate protection in providing consent to Collection Consultancy Australia Pty Ltd withholding their personal data.
Collection Consultancy Australia Pty Ltd collects personal information for a variety of reasons. This personal information will be collected in the normal course of business and will relate to Goods and/or Services that are provided by Collection Consultancy Australia Pty Ltd to clients. This information collected will be done so in the course of business where the client is a customer of Collection Consultancy Australia Pty Ltd or when the client acts as a guarantor for another person or company that is a client of Collection Consultancy Australia Pty Ltd. Collection Consultancy Australia Pty Ltd will not collect information that is not relevant or sensitive in nature unless it is required in the normal course of business.
The personal information that is collected may include, but will not be limited to the following;
1/ Full name
2/ Address
3/ Date of birth
4/ Credit references if applicable
5/ Publicly available information which relate to the client’s activities in Australia
6/ Any information recorded in the National Personal Insolvency Index
7/ The client acknowledges that provided the correct Privacy Act disclosures have been made that Collection Consultancy Australia Pty Ltd may conduct a credit report on the client for the purposes of evaluating the credit worthiness of the client.
8/ Driver’s license details
9/ Medical insurance details (if applicable)
10/ Electronic contact details including email, Facebook and Twitter details
11/ Next of kin and other contact information where applicable
Collection Consultancy Australia Pty Ltd ensures that all personal information is held in a secure manner. Where applicable and to the best of Collection Consultancy Australia Pty Ltd’s knowledge all computers or servers have the required security protections in place to safeguard and protect any personal information that is held by Collection Consultancy Australia Pty Ltd.
We use cookies on our website. Cookies are small files which are stored on your computer. They are designed to hold a modest amount of data (including personal information) specific to a particular client and website and can be accessed either by the web server or the client’s computer. In so far as those cookies are not strictly necessary for the provision of Collection Consultancy Australia Pty Ltd’s services, we will ask you to consent to our use of cookies when you first visit our website.
In the event that you utilise our website for the purpose of purchases/orders, Collection Consultancy Australia Pty Ltd agrees to display reference to cookies and /or similar tracking technologies, such as pixels and web beacons (if applicable), and requests consent for Collection Consultancy Australia Pty Ltd collecting your personal information which may include:
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy control, you can advise us if you would like to receive direct marketing communications. You can access the privacy controls via
OR:
If you consent to Collection Consultancy Australia Pty Ltd’s use of cookies on our website and later wish to withdraw your consent, you may manage and control Collection Consultancy Australia Pty Ltd’s privacy controls through your browser, including removing cookies by deleting them from your browser history when you leave the site.
Collection Consultancy Australia Pty Ltd also regularly conducts internal risk management reviews to ensure that its infrastructure (to the best of its knowledge) is secure and any identifiable risks have been mitigated as much as they can be in the normal course of business.
In accordance with the NDB, Collection Consultancy Australia Pty Ltd is aware of its responsibilities to notify its clients in the event of a potential data breach that may cause serious harm to clients. Further, in the event the client is located in the Europe Union (“EU”), Collection Consultancy Australia Pty Ltd acknowledges that any potential data breaches will be safeguarded by the provisions of the GDPR.
Collection Consultancy Australia Pty Ltd will collect and process personal information in the normal course of business. This personal information may be collected and processed (but is not limited to) by any of the following methods;
1/ Credit applications forms
2/ Work Authorisation forms, quote forms or any other business documentation
3/ Publicly available databases that hold information
4/ Websites that detail information such as Sensis, Facebook, Google etc.
5/ By verbally asking you for information as part of normal business practices
Where relevant to data processing as per the GDPR, and in particular where Collection Consultancy Australia Pty Ltd uses new technologies, and takes into account the nature, scope, context and purposes of processing and considers that the data processing is likely to result in a high risk to the rights and freedoms of natural persons, the Privacy Officer shall, prior to the processing of personal information, carry out an assessment of impact of the envisaged processing operations on the protection impact assessment. The data protection assessment will be required in instances whereby:
The assessment shall be carried out in accordance with Article 35 (7) of the GDPR and carry out reviews of such data protection impact assessments when there is any change of the risk associated with the processing of personal information.
As a client of Collection Consultancy Australia Pty Ltd and agreeing to Collection Consultancy Australia Pty Ltd’s Terms and Conditions of Trade, which comprises of Collection Consultancy Australia Pty Ltd’s privacy statement you hereby agree and consent to the provisions of this Privacy Policy Manual, including but not limited to the collection, processing, use and disclosure of your personal information. In the event that you do not wish to agree or consent to any of the above use, processing collection and disclosure, then Collection Consultancy Australia Pty Ltd warrants that any request by you to withdraw your consent or agreement shall be deemed as confirmation by you to cease any and/or all collection use, processing and disclosure of your personal information. You may make a Request to withdraw your consent at any time by telephone and/or by e-mail to the following contact details;
The Privacy Officer
Greg TrappettCollection Consultancy Australia Pty Ltd
309/88 Crown Street Woolloomooloo NSW 2011Info@collectionconsultancy.com.au 1300 565 988
Collection Consultancy Australia Pty Ltd will ensure that any Information that is to be obtained from you is done so using Collection Consultancy Australia Pty Ltd’s prescribed forms which;
Authorise Collection Consultancy Australia Pty Ltd:
1/ To collect personal information; and
2/ Inform the individual what personal information is being collected; and
3/ Inform the individual why (the purpose) the personal information is being collected; and
4/ Inform the individual why & when personal information will be disclosed to 3rd parties.
It is the responsibility of Collection Consultancy Australia Pty Ltd to ensure that any personal information obtained is as accurate and up to date as possible and information is only collected by lawful means in accordance with the Act and relevantly, in accordance with the GDPR.
Disclosure to Third Parties
Collection Consultancy Australia Pty Ltd will not pass on your personal information to third parties without first obtaining your consent. In accordance with the Act, and relevantly the GDPR, Personal Information can only be used by Collection Consultancy Australia Pty Ltd for the following purposes:
1/ Access a credit reporter’s database for the following purposes:
2/ Check trade references noted on the prescribed form for the following purposes:
3/ Market Collection Consultancy Australia Pty Ltd’s products and services.
4/ Any other day to day business purposes such as complying with ATO
requirements, managing accounting returns or legal matters.
Relationship with Credit Reporter - In the event that notification of a default has been reported to a Credit Reporter and your credit file has been updated (including any changes to the balance outstanding or contact details), then the Credit Reporter shall be notified as soon as practical of any such changes.
Collection Consultancy Australia Pty Ltd will only gather information for its particular purpose (primary purpose). In accordance with the Act, and relevantly the GDPR Collection Consultancy Australia Pty Ltd will not disclose this information for any other purpose unless this has been agreed to by both parties.
You shall have the right to request from Collection Consultancy Australia Pty Ltd a copy of all the information about you that is retained by Collection Consultancy Australia Pty Ltd. You also have the right to request (by telephone and/or by e-mail) that Collection Consultancy Australia Pty Ltd correct any information that is incorrect, outdated or inaccurate.
Any requests to receive your personal information or to correct personal information should be directed to the following contact details;
Collection Consultancy Australia Pty Ltd will destroy personal information upon your request (by telephone and/or by e-mail) or when the personal information is no longer required. The exception to this is if the personal information is required in order to fulfil the purpose of Collection Consultancy Australia Pty Ltd or is required to be maintained and/or stored in accordance with the law.
You can make a complaint to Collection Consultancy Australia Pty Ltd’s internal dispute resolution team (‘IDR’) regarding an interference with and/or misuse of your personal information by contacting Collection Consultancy Australia Pty Ltd via telephone or e-mail.
Any complaints should be directed to the following contact details in the first instance;
In your communication you should detail to Collection Consultancy Australia Pty Ltd the nature of your complaint and how you would like Collection Consultancy Australia Pty Ltd to rectify your complaint.
We will respond to that complaint within 7 days of receipt and will take all reasonable steps to make a decision as to the complaint within 30 days of receipt of the complaint.
We will disclose information in relation to the complaint to any relevant credit provider and or CRB that holds the personal information the subject of the complaint.
In the event that you are not satisfied with the resolution provided, then you can make a complaint to the Information Commissioner on the OAIC website at www.oaic.gov.au
Collection Consultancy Australia Pty Ltd does not disclose information about the client to third party overseas recipients unless the client has provided its consent. Collection Consultancy Australia Pty Ltd will notify you if circumstances change regarding overseas disclosure and will comply with the Act and the GDPR in all respects.
Unless otherwise agreed, Collection Consultancy Australia Pty Ltd agrees not to disclose any personal information about the client for the purpose of direct marketing. You have the right to request (by telephone and/or by e-mail) that Collection Consultancy Australia Pty Ltd does not disclose any personal information about you for the purpose of direct marketing.
This Privacy Policy manual is available to all clients of Collection Consultancy Australia Pty Ltd. It will be made available (where applicable) on Collection Consultancy Australia Pty Ltd’s website.
This manual will also be available upon request at Collection Consultancy Australia Pty Ltd’s business premises and is available to be sent to you if required.
If you require a copy of this Privacy Policy please make a request utilising the following contact information in the first instance:
Collection Consultancy Australia Pty Ltd has appointed an internal Privacy Officer to manage its privacy matters. The name of this officer is available by making contact with Collection Consultancy Australia Pty Ltd. The privacy officers’ duties include (but are not limited to) the following:
The Privacy Officer needs to be familiar with the APP’s. Educational material is available from the office of the Privacy Commissioner which explains what Collection Consultancy Australia Pty Ltd needs to know in order to comply with the Privacy Act.
If a person complains to the Privacy Commissioner that Collection Consultancy Australia Pty Ltd has breached their privacy, the Information Commissioner may contact the Privacy Officer to discuss the complaint, and to see whether there is any means of settling the matter. The Privacy Officer shall provide whatever assistance is necessary. The Privacy Officer may be asked to provide background information or identify the staff members who can do so.
Complaints
In the event that a complaint about privacy issues is received the Privacy Officer will:
1/ Take ownership of the complaint and ensure that it is dealt with in a timely manner.
2/ Acknowledge receipt of the complaint within 24 hours and advise the complainant of their rights.
3/ Fully investigate the complaint.
4/ Respond, with findings, to the complainant within 30 days of receipt.
5/ Keep a record of all complaints received for ongoing review of policies and procedures.
In the event that a complaint about privacy issues is received via a credit reporter the Privacy Officer will:
2/ Acknowledge receipt of the complaint to the credit reporter within 24 hours.
4/ Respond, with findings, to the credit reporter within 7 days of receipt.
APPENDIX A - INFORMATION PRIVACY PRINCIPLES
Compliance with the Australian Privacy Principles etc
1.2 An APP entity must take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
APP Privacy policy
1.3 An APP entity must have a clearly expressed and up to date policy (the APP privacy policy) about the management of personal information by the entity.
1.4 Without limiting sub-clause 1.3, the APP privacy policy of the APP entity must contain the following information:
Availability of APP privacy policy etc.
1.5 An APP entity must take such steps as are reasonable in the circumstances to make its APP privacy policy available:
Note: An APP entity will usually make its APP privacy policy available on the
entity’s website.
1.6 If a person or body requests a copy of the APP privacy policy of an APP entity in a particular form, the entity must take such steps as are reasonable in the circumstances to give the person or body a copy in that form.
2.1 Individuals must have the option of not identifying themselves, or of using a pseudonym, when dealing with an APP entity in relation to a particular matter.
2.2 Sub-clause 2.1 does not apply if, in relation to that matter:
Personal information other than sensitive information
3.1 If an APP entity is an agency, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of the entity’s functions or activities.
3.2 If an APP entity is an organisation, the entity must not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the entity’s functions or activities.
Sensitive information
3.3 An APP entity must not collect sensitive information about an individual unless:
(a) the individual consents to the collection of the information and:
(b) sub-clause 3.4 applies in relation to the information.
3.4 This sub-clause applies in relation to sensitive information about an individual if:
law or a court/tribunal order; or
the APP entity; or
to the collection of the information by the entity; or
(e) the APP entity is a non-profit organisation and both of the following apply:
Means of collection
3.5 An APP entity must collect personal information only by lawful and fair means.
3.6 An APP entity must collect personal information about an individual only from the individual unless:
(a) if the entity is an agency:
Solicited personal information
3.7 This principle applies to the collection of personal information that is solicited by an APP entity.
4.1 If:
the entity must, within a reasonable period after receiving the information, determine whether or not the entity could have collected the information under Australian Privacy Principle 3 if the entity had solicited the information.
4.2 The APP entity may use or disclose the personal information for the purposes of making the determination under sub-clause 4.1.
4.3 If:
4.4 If sub-clause 4.3 does not apply in relation to the personal information, Australian Privacy Principles 5 to 13 apply in relation to the information as if the entity had collected the information under Australian Privacy Principle 3.
5.1 At or before the time or, if that is not practicable, as soon as practicable after, an APP entity collects personal information about an individual, the entity must take such steps (if any) as are reasonable in the circumstances:
5.2 The matters for the purposes of sub-clause 5.1 are as follows:
(a) the identity and contact details of the APP entity;
(b) if:
the fact that the entity so collects, or has collected, the information and the circumstances of that collection;
(c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order— the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/ tribunal order, that requires or authorises the collection);
(d) the purposes for which the APP entity collects the personal information;
(e) the main consequences (if any) for the individual if all or some of the personal information is not collected by the APP entity;
(f) any other APP entity, body or person, or the types of any other APP entities, bodies or persons, to which the APP entity usually discloses personal information of the kind collected by the entity;
(g) that the APP privacy policy of the APP entity contains information about how the individual may access the personal information about the individual that is held by the entity and seek the correction of such information;
(h) that the APP privacy policy of the APP entity contains information about how the individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the entity, and how the entity will deal with such a complaint;
Part 3 – Dealing with Personal Information
Use or disclosure
6.1 If an APP entity holds personal information about an individual that was collected for a particular purpose (the primary purpose), the entity must not use or disclose the information for another purpose (the secondary purpose) unless:
Note: Australian Privacy Principle 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.
6.2 This sub-clause applies in relation to the use or disclosure of personal information about an individual if:
(a) the individual would reasonably expect the APP entity to use or disclose the information for the secondary purpose and the secondary purpose is:
(b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(c) a permitted general situation exists in relation to the use or disclosure of the information by the APP entity; or
(d) he APP entity is an organisation and a permitted health situation exists in relation to
the use or disclosure of the information by the entity; or
reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Note: For permitted general situation, see section 16A. For permitted health situation, see section 16B.
6.3 This sub-clause applies in relation to the disclosure of personal information about an individual by an APP entity that is an agency if:
6.4 If:
Written note of use or disclosure
6.5 If an APP entity uses or discloses personal information in accordance with paragraph 6.2(e), the entity must make a written note of the use or disclosure.
Related bodies corporate
6.6 If:
Exceptions
6.7 This principle does not apply to the use or disclosure by an organisation of:
Direct Marketing
7.1 If an organization holds personal information about an individual, the organization must not use or disclose the information for the purpose of direct marketing.
Note: An act or practice of an agency may be treated as an act or practice of an organization, see section 7A.
Exceptions – personal information other than sensitive information
7.2 Despite sub-clause 7.1, an organization may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
7.3 Despite sub-clause 7.1, an organisation may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:
(a) the organisation collected the information from:
(b) either:
(c) the organisation provides a simple means by which the individual may easily request not to receive direct marketing communications from the organisation; and
(d) in each direct marketing communication with the individual:
Exception – sensitive information
7.4 Despite sub-clause 7.1, an organisation may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Exception – contracted service providers
7.5 Despite sub-clause 7.1, an organisation may use or disclose personal information for the purpose of direct marketing if:
7.6 If an organisation (the first organisation) uses or discloses personal information about an individual:
7.7 If an individual makes a request under sub-clause 7.6, the first organisation must not charge the individual for the making of, or to give effect to, the request and:
Interaction with other legislation
7.8 This principle does not apply to the extent that any of the following apply:
8.1 Before an APP entity discloses personal information about an individual to a person (the overseas recipient):
the entity must take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
Note: In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16 C, to have been done, or engaged in, by the APP entity and to be a breach of the Australian Privacy Principles.
8.2 Sub-clause 8.1 does not apply to the disclosure of personal information about an individual by an APP entity to the overseas recipient if:
(a) The entity reasonably believes that:
(b) Both of the following apply:
(i) The entity expressly informs the individual that if he or she consents to the disclosure of the information, sub-clause 8.1 will not apply to the disclosure;
(ii) After being so informed, the individual consents to the disclosure; or
Note: For permitted general situation, see section 16A.
Adoption of government related identifiers
9.1 An organization must not adopt a government related identifier of an individual as its own identifier of the individual unless:
Use or disclosure of government related identifiers
9.2 An organization must not use or disclose a government related identifier of an individual unless:
Note 1: An act or practice of an agency may be treated as an act or practice of an organization, see section 7A.
Note 2: For permitted general situation, see section 16A.
Regulations about adoption, use or disclosure
9.3 This sub-clause applies in relation to the adoption, use or disclosure by an organization of a government related identifier of an individual if:
Note: There are prerequisites that must be satisfied before the matters mentioned in this sub-clause are prescribed, see subsections 100(2) and (3).
Part 4 – Integrity of Personal Information
10.1 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity collects is accurate, up to date and complete.
10.2 An APP entity must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the entity uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.
11.1 If an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances to protect the information:
11.2 If:
The entity must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
Part 5 – Access To, And Correction Of, Personal Information
Access
12.1 If an APP entity holds personal information about an individual, the entity must, on request by the individual, give the individual access to the information.
Exception to access – agency
12.2 If:
then, despite sub-clause 12.1, the entity is not required to give access to the extent that the entity is required or authorized to refuse to give access.
Exception to access – organization
12.3 If the APP entity is an organization then, despite sub-clause 12.1, the entity is not required to give the individual access to the personal information to the extent that:
Dealing with requests for access
12.4 The APP entity must:
(a) Respond to the request for access to the personal information:
(b) Give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Other means of access
12.5 If the APP entity refuses:
The entity must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
Access charges
12.7 If the APP entity is an agency, the entity must not charge the individual for the making of the request or for giving access to the personal information.
12.8 If:
The charge must not be excessive and must not apply to the making of the request.
Refusal to give access
12.9 If the APP entity refuses to give access to the personal information because of sub-clause 12.2 or 12.3, or to give access in the manner requested by the individual, the entity must give the individual a written notice that sets out:
12.10 If the APP entity refuses to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.
Correction
13.1 If:
the entity must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
Notification of correction to third parties
13.2 If:
The entity must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Refusal to correct information
13.3 If the APP entity refuses to correct the personal information as requested by the individual, the entity must give the individual a written notice that sets out:
Request to associate a statement
13.4 If:
Dealing with requests
13.5 If a request is made under sub-clause 13.1 or 13.4, the APP entity:
(a) Must respond to the request:
(i) if the entity is an agency—within 30 days after the request is made; or
(ii) If the entity is an organization—within a reasonable period after the request is made; and
(b) Must not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).
The information provided in this fact sheet is of a general nature. It is not a substitute for legal advice.
With over 35 years’ experience Collection Consultancy Australia prides itself in offering Products and Services designed to Protect Business Assets and Cashflow. Quite often the process can start from simply making business owners aware that there is option available, through to business specific solutions and education. We are here to let business owners know that there can be a better way to secure their financial future.
PO Box 7160,East Brisbane QLD 4169.
Phone: 1300 565 988.
Email: info@collectionconsultancy.com.au
By using this website you agree to the use of cookies as described in our privacy Policy