Privacy

Stilmark Privacy Policy

Introduction

This Policy is the Privacy Policy of Stilmark Holdings Pty Ltd ACN 147 919 122 (Stilmark, we, us, our). It sets out how we manage the collection, use and disclosure of Your personal information, and how You can access or correct the information we hold about You.

Please be assured that we will take reasonable steps to protect Your personal and sensitive information in accordance with the Australian Privacy Principles (APP) and the Privacy Act 1988 (Privacy Act).

Before we get into the detail, we would like to define a few terms that will hopefully make it easier for You to understand this policy:

When we refer to “Your information”, we are referring to Your personal information, as defined under the Privacy Act. Essentially this is any information or opinion about You that is capable, or reasonably capable, of identifying You, whether the information or opinion is true or not and is recorded in material form or not.
The Privacy Act defines some types of personal information as “sensitive information”. We do not commonly collect sensitive information, which includes information about a person's race, political or religious beliefs, sexual preferences, criminal convictions, membership of professional or trade associations or unions and biometric and health data. In the event we require any sensitive information we would only collect this with Your permission, and we will only use it for the purpose for which You provided it.

Collection of personal information

Why we collect personal information

We collect personal information when it is reasonably necessary for one or more of our functions or activities.

These include:

to provide You with access to and use of our platform, systems, products and services;
to verify that the information You provide to us is correct;
to protect You and us against fraud, prohibited or unlawful activity which may cause You or us harm in relation to our products or services;
to maintain and develop our business systems, processes and infrastructure; and
to meet legal and regulatory requirements

When You visit our Website or Platform

When You access our Website or Platform we may collect non-personal information in aggregate form, such as Your browser type, which pages of our site You access and Your IP address. We use this aggregate information to understand how our users use our Website or Platform.

We also use ‘cookies’ which are records of Your interaction with our site that are stored by Your browser. Cookies help make Your browsing experience easier, by for example, remembering the information You previously entered. You can disable cookies through Your browser settings.

Information we may collect

The personal information we will collect about You may include:

information to identify You, including Your name, date of birth and contact details;
government identifiers such as Your driver licence number;
such other information we consider necessary to our functions and activities.

How we collect personal information

Wherever possible, we will only collect personal information directly from You (rather than someone else) unless it is unreasonable or impracticable to do.

Incomplete or inaccurate information

We may not be able to provide You with the products or services You are seeking if You provide incomplete or inaccurate information.

Sensitive information

In addition to the above conditions of collecting personal information, we will only collect sensitive information about You if we obtain prior consent to the collection of the information or if the collection is required or authorised by law.

Dealing with unsolicited personal information

If we receive personal information that is not solicited by us, we will only retain it, if we determine that it is reasonably necessary for one or more of our functions or activities and that You have consented to the information being collected or given the absence of Your consent that it was impracticable or unreasonable for us to obtain it under the circumstances.

If these conditions are not met, we will destroy or de-identify the information.

If such unsolicited information is sensitive information, we will obtain Your consent to retain it regardless of what the circumstances are.

Integrity of Your personal information

Quality of personal information

We ensure that the personal information we collect and use or disclose is accurate, up to date, complete and relevant.

Please contact us if any of the details You have provided to us change or if You believe that the information we have about You is not accurate or up to date.

Security of personal information

We are committed to ensuring that we protect any personal information we hold from misuse, interference, loss, unauthorised access, modification and disclosure.

For this purpose, we have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.

We may hold Your personal information in physical form or in electronic form on computer systems located in Australia or overseas, including with contracted third party technology and ‘cloud’ storage providers.

We take reasonable steps to protect Your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorised access, disclosure, and alteration of Your personal information. Safeguards include the use of firewalls and data encryption, physical access controls to the data centres, and information access authorisation controls.

Use or disclosure of personal information

Use or Disclosure

If we hold personal information about You that was collected for a particular purpose (“the primary purpose”), we will not use or disclose the information for another purpose (“the secondary purpose”) unless:

We have obtained Your consent to use or disclose the information; or
You would reasonably expect us to use or disclose the information for the secondary purpose and the secondary purpose is:

if the information is sensitive – directly related to the primary purpose; or
if the information is not sensitive – related to the primary purpose.

the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
a permitted general situation exists in relation to the use or disclosure of the information by us; or
a permitted health situation exists in relation to the use or disclosure of the information by us, in which case we will de-identify the information before disclosing it; or
we reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
where we use or disclose personal information in accordance with this section we will keep a copy of this disclosure (e.g.: the email or letter used to do so).

Who we may communicate with

Depending on the product or service You have, the entities we exchange Your information with include but are not limited to:

regulatory bodies in Australia and overseas;
external organisations that are our assignees, agents or contractors;
companies that help us provide our services, such as technology services providers;
other persons and entities as permitted under the Privacy Act.

Our use or disclosure of Your personal information may not be limited to the examples above and may also include us collecting Your personal information from these organisations and individuals.

We will take reasonable steps to ensure that the organisations and individuals that we disclose Your personal information to are bound by sufficient confidentiality and privacy obligations with respect to the protection of Your personal information in compliance with the law.

Outsourcing

We may disclose Your personal information when we outsource certain functions, including information technology support. We may also seek expert help from time to time to help us improve our systems, products and services.

In all circumstances where Your personal information may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not able to use or disclose Your personal information for any purposes other than our own.

We take our obligations to protect Your personal information very seriously and make every effort to deal only with parties who share and demonstrate the same commitment to the protection and handling of Your personal information.

Disclosure required by law

We may be required to disclose Your personal information by law e.g. under Court Orders or Statutory Notices.

Direct marketing

We will only use or disclose the personal information we hold about You for the purpose of direct marketing if we have received the information from You and You have not requested not to receive such information.

Direct marketing means that we should use Your personal information to provide You with information on our products and services that may interest You.

We may disclose Your personal information to third parties who assist us in providing marketing offers to You.

We will never sell Your personal information to any organisation outside of Stilmark.

You can opt-out of receiving marketing information altogether by contacting us.

Cross border disclosure of personal information

Disclosing personal information to cross border recipients

We will only disclose Your personal information to a recipient who is not in Australia and who is not our entity after we ensure that:

the overseas recipient does not breach the Australian Privacy Principles; or
You will be able to take action to enforce the protection of a law or binding scheme that has the effect of protecting the information in a way that is at least substantially similar to the way in which the Australian Privacy Principles protect the information; or
You have consented to the disclosure after we expressly disclosed to You that there is no guarantee that the overseas recipient will not breach the Australian Privacy Principles; or
the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) Privacy Act) exists in relation to the disclosure of the information.

Access to personal information

You have a right to request access to the personal information we hold about You. We will generally be able to meet Your request, subject to certain exceptions under the Privacy Act. We may charge for giving access to personal information and will inform You in advance of any likely charge. If You would like to access Your information, please contact us on the details set out below. Your request will usually receive a response within 5 business days.

In the event that we refuse You access to Your personal information, we will provide You with an explanation for that refusal. These reasons may include:

where providing access will provide a serious threat to life or health of any individual or pose an unreasonable impact on the privacy of other individuals;
the request for access is frivolous or vexatious;
the information relates to legal proceedings between us and You;
the information would reveal our commercially-sensitive decision-making process; or
we are prevented by law from disclosing the information or providing access.

Stilmark takes reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete, up-to-date and relevant to the products or services provided to You or the nature of our relationship with You.

If You believe that this is not the case in relation to any personal information we hold about You, You have the right to request that we correct Your personal information. To request correction of Your personal information, please contact us on the details set out below.

Questions or concerns

Resolving privacy concerns

If You have any questions or concerns regarding this Privacy Policy or our handling of Your personal information, please contact us.

Changes to this privacy policy

We may make changes to this Privacy Policy from time to time, by publishing our updated privacy policy on our Website. Our amended privacy policy.

Document Number

Version

Created / Amended by

Approved by

Date

Document Review Date

SG_P_30

3.0

James Lamb

Steven Butler

1^st July 2020

June 2021