The following document sets out the Privacy Compliance Plan of Mamp Pty Ltd (A.C.N. 088 243 181) (we, us, our) in accordance with the Privacy Act 1988 (Cth) including, in particular, Australian Privacy Principle 1.2 (the Act).
We may, from time to time, review and amend this Privacy Compliance Plan to take account of any changes to our business practice and the law.
A. OPEN AND TRANSPARENT MANAGEMENT OF PERSONAL INFORMATION
We will manage personal information and sensitive information (where the context permits, a reference to personal information below includes reference to sensitive information) in an open and transparent manner. In doing so, we will ensure that individuals are notified at the time of collecting their personal information (or if this is not possible then as soon as reasonably practical after):
· what type of personal information is being collected;
· to whom that personal information will be disclosed; and
· how we use that personal information.
We have a Privacy Officer, who is required to deal with any queries regarding access to or correction of personal information or any privacy related complaints.
We ensure all our employees are trained at regular intervals to ensure they understand our obligations under the Act.
We have currently adopted the following privacy policies in respect of the following aspects of our business:
If our business practices change, we will review the scope of our existing privacy policies and assess whether or not amendments or additional privacy policies are required in order to address any changes or additions to our business.
B1 Real Estate and/or Strata Business
We are not always able to deal with people who do not wish to identify themselves. This will be particularly the case when we are proposing to, or we do, act for a vendor or a landlord in relation to either the sale or rental/lease of any property.
Further, we are not able to allow people through any property inspections who do not wish to identify themselves as this can create security and other concerns for the property owner (among other considerations).
However, where possible, we should provide information of a general nature such as, for example, we can respond to general telephone and related enquiries about a rental/lease or sale property to unidentified individuals and we generally should not be requesting the individual to identify themselves for this purpose. Of course, if an individual makes an enquiry by email or other electronic or written methods then there is every possibility that the mode of communication may identify them.
General users of the website do not need to disclose their identity to us in order to use the website. The website does not, therefore, collect personal information about people who generally access it except in the circumstances described in section C2 of this Privacy Compliance Plan.
C. COLLECTION OF PERSONAL INFORMATION
C1 Real Estate and/or Strata Business
We collect and disclose personal information for the following purposes:
• to identify and/or verify the identity of any prospective or actual landlord or tenant for any property we manage or propose to manage;
• to process and assess any application received in relation to a tenancy or lease of any property;
• to advertise, market and promote any tenancy or lease of any property;
• to negotiate and prepare any tenancy agreement, lease or any other document for any property;
• to liaise and exchange information with the landlord or the tenant as well as their agents, contractors, legal, financial and other advisors in relation to or in connection with any tenancy or lease of the property;
• to manage any tenancy or lease agreement including the collection of rent and other amounts on behalf of the landlord and the preparation of required statements of account;
• to ensure the safety and security of landlords and existing occupiers and of each of their property in connection with the inspection of any property by prospective tenants;
• to comply with any applicable law in connection with the tenancy agreement or lease;
• to confirm whether the landlord or tenant is registered for GST purposes;
• to tell an individual about any other rental property that we are managing or any other service that we provide, unless that individual tells us not to (this is referred to as direct marketing);
• to identify and/or verify the identity of any prospective or actual vendor for any property we list as the sales agent;
• to advertise, market and promote the sale of any property;
• to negotiate and manage the sale of any property (including to provide non legal assistance with the exchange of the contract for the sale of property and the preparation of any required statements of account);
• to liaise and exchange information with the vendor, purchaser (including any prospective purchaser) as well with their respective agents, contractors, legal, financial and other advisors in relation to or in connection with the sale of the property;
• to ensure the safety and security of vendors and existing occupiers and of each of their property in connection with auctions and the inspection of any property by prospective purchasers;
• to comply with any applicable law in connection with the sale of the property;
• to confirm whether the vendor or purchaser is registered for GST purposes;
• to tell an individual about any other property that we are selling or any other service that we provide, unless that individual tells us not to (this is referred to as direct marketing).
• to provide statistical and other information to the Real Estate Institute of Queensland, RP Data, PriceFinder, realestate.com.au, domain.com.au, Survey Monkey, Active Pipe and Tica
• to act on behalf of clients in accordance with any agency agreement and to comply with our obligations under that agreement;
• to allow us to run our business efficiently and to perform administrative and operational tasks;
• to operate controlled money accounts;
• to comply with any dispute resolution or other legal process;
• in order to update our records and an individual’s contact details;
• if we enter into or propose to enter into any agreement or arrangement with any party for the purpose of or in connection with the acquisition of our business (including any part of our business that includes personal information), then we may provide that party (including its legal, financial and other professional advisers) with personal information in relation to or in connection with those arrangements; and
• any other purpose to which an individual has consented.
If we collect sensitive information then we generally collect it directly from the individual concerned. We should only collect sensitive information where it is actually required (for example, if a tenant has a disability, it may be relevant to disclose this to the landlord in order for the parties to assess whether the property is suitable for the proposed tenant).
We may also collect sensitive information when it has been provided to us by a third party who has been authorised to supply that information to us. Any sensitive information that is collected in this way must only be used for the purposes for which it is provided and is collected with the relevant individual’s consent. We require any third party that we deal with to comply with the Act.
We will use and disclose personal information only for the purposes for which it is collected in accordance with the Act, including:
• maintaining and updating our records;
• providing services and customer support, including service updates;
• comparing information for accuracy, and verifying it with third parties; and
• providing information as authorised or required by law or a relevant government body or authority.
If we could not have collected the personal information by lawful and fair means, or the personal information does not relate to one of our purposes for collecting the personal information, we will either destroy or de-identify the relevant personal information.
· how we collect their personal information;
· the purposes of the collection of their personal information;
· those entities that we usually disclose personal information to;
· what happens if the individual chooses not to provide us with personal information;
· direct marketing that may be undertaken by us or any related company, preferred supplier or sponsor;
· when we are required to collect personal information under an Australian or State law, such as the Property Occupation Act 2014 (QLD), including any regulation under that law;
· any disclosure of personal information that we make to an overseas entity.
If we know that, as part of our relationship with the individual, we will disclose their personal information to another identifiable entity, we will notify the individual of the following matters at the time we first collect their personal information (or if that is not possible, then as soon as reasonably practical thereafter):
· the identity and contact details of that organisation; and
F. USE OR DISCLOSURE OF PERSONAL INFORMATION
If, during our relationship with the individual, we wish to use their personal information for an additional purpose, we will obtain their consent unless the purpose is related to the primary purpose of collection or we are permitted by law to do so.
We notify individuals either at the time of collecting their personal information (or as soon as reasonably practical after) that their personal information (excluding sensitive information) will be used by us and any associated businesses for the purposes of direct marketing.
In all direct marketing communications we will provide a prominent statement about how an individual can elect not to receive direct marketing. If the direct marketing communication is an email then we will provide a working ‘unsubscribe’ function within the email.
We will keep appropriate records to ensure those individuals that have made requests not to receive direct marketing communications do not receive them. We do not charge a fee to unsubscribe from direct marketing communications.
We do not sell personal information. We do not use sensitive information for the purposes of direct marketing (unless we obtain the express consent of the individual concerned).
If we purchase personal information for the purposes of direct marketing, we will conduct appropriate due diligence to ensure appropriate consents from the individuals have been obtained by that third party.
We do not disclose personal information overseas.
We may use cloud storage and IT servers that may be located overseas to store the personal information we hold. As electronic or networked storage can be accessed from various countries through an internet connection it is not always practical to know in which country information about an individual may be held.
We do not use Government-related identifiers to identify individuals.
We may receive tax file numbers in the course of our practice. We may also receive and disclose a tax file number to a financial institution (such as a bank) in order to open a controlled monies account in relation to a lease or a sale and purchase of property, however, we do not use or disclose tax file numbers for any other purpose.
We rely on individuals to help us to ensure that their personal information is accurate, up-to-date, complete, relevant and not misleading.
If we become aware that personal information is inaccurate, out-of-date, incomplete, irrelevant or misleading (for instance, when mail is returned), we will update our systems accordingly.
We hold personal information on secure IT systems. All IT systems are appropriately updated with passwords, virus scanning software and firewalls when needed.
Any paper records are only accessible to employees and others as they are needed. Any paper records are held within an office that is locked and security protected at night.
We may destroy personal information that is held electronically and in paper form seven years after our relationship with an individual ends. If we do that, we will do it by shredding paper copies and deleting electronic records containing personal information about the individual or permanently de-identifying the individuals within those records.
Individuals may request access to any personal information that we hold about them. We may (but do not currently intend to) charge the individual a fee for requesting access to their personal information. If we charge a fee, the fee must be justified and reasonable.
We will verify the individual’s identity prior to disclosing any of their personal information to them.
When an individual requests access to their personal information, we will conduct a search of our customer relationship database. This search may also indicate if there are any paper records that contain personal information.
We will not give access to the personal information that we hold about an individual where it is unreasonable or impracticable to provide access or in circumstances where the request would likely:
· pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
· unreasonably access the privacy of other individuals;
· be frivolous or vexatious;
· relate to legal proceedings or anticipated legal proceedings, and the correct method of access to personal information is by the process of discovery in those legal proceedings;
· reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
· be unlawful or in breach of an Australian or State law;
· prejudice the taking of appropriate action in relation to a matter where unlawful activity or misconduct relates to our functions or activities;
· prejudice enforcement-related activities of an enforcement body; or
· reveal commercially sensitive information.
When we receive a request for access we will usually respond to the individual with 7 days. However, depending on the nature of the request, we may provide the personal information when the request is made.
If the individual is requesting a large amount of personal information, or the request cannot be dealt with immediately, then after we have investigated the request for access we will advise the individual what personal information we hold and provide details of that personal information.
We will comply with all reasonable requests by an individual to provide details of their personal information that we hold in the requested format.
If we do not provide access to the personal information we will provide written reasons setting out why we do not believe we need to provide access.
If we hold personal information about an individual and we are reasonably satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading, or we receive a request to correct the information, we will take reasonable steps to correct the information.
If we correct personal information that we have previously disclosed, we will take reasonable steps to notify the entity to which we disclosed the information of the correction. We may not always make corrections to an individual’s personal information. When we do not make requested corrections, we will provide reasons for our refusal to make the correction.
If, after notifying the individual of our refusal to correct personal information, the individual requests us to issue a statement on the record that contains the personal information, we will take reasonable steps to do so in accordance with Australian Privacy Principle 13.4, so that it is clear to anyone inspecting our files that the relevant individual has requested that the personal information be corrected.
We are not entitled to charge a fee in relation to any request to correct personal information.