AWS respects the privacy of individuals who have dealings with AWS, such as customers, suppliers and employees. AWS is bound by the Australian Privacy Principles, to the extent required by the Australian Privacy Principles (“APP’s”), Privacy Act 1988 (Cth) (“Privacy Act”), and the Credit Reporting Code (“CR Code”). The following policy outlines how AWS collects, uses and manages personal information
Why does AWS collect personal and sensitive information?
AWS is a supplier of aluminium extrusion and associated hardware. To operate our business, we need to collect some information about the people we deal with. Collecting personal information is also necessary in some circumstances to meet our legal obligations.
Who does AWS collect personal information about?
AWS collects and holds personal information about:
- our employees;
- contractors who provide services to
- our customers;
- applicants who wish to open commercial credit accounts with us or apply to become a guarantor in relation to such credit;
- our suppliers;
- job applicants; and
- other people who may come into contact with AWS.
We do offer links to third party websites on our websites. Before disclosing your personal information on any other website, we advise you to examine the terms and conditions of using that website and its privacy statement.
What kind of personal information does AWS collect and how does AWS collect it?
The type of information we collect varies, depending on the purpose, and may include (but is not limited to) name, address, contact details, employment information, credit information, credit eligibility information and marketing information.
This information may be obtained through the submission of completed forms, provided in person or by telephone by the individuals themselves, or information obtained from a third party such as a credit reporting body or another credit provider.
Where reasonable and practicable, we collect information directly from the individual. AWS may also collect information from other sources including publicly available information.
In all cases if we collect personal information about you from a third party, we will take reasonable steps to ensure that you are made aware of the collection.
AWS also collects a range of credit information about individuals, including the following:
- certain identification information about an individual, including full name, any aliases or previous names, date of birth, gender, drivers licence number, current and previous addresses, and the names of current and former employers;
- consumer credit eligibility information about an individual, such as the name of their credit providers, the type of consumer credit, the maximum amount of credit available under the consumer credit, and the terms and conditions of the consumer credit;
- default information about the individual (including whether the overdue amount has since been repaid);
- details as to whether information requests have been made about an individual to credit reporting bodies by credit providers, mortgage insurers or trade insurers;
- the type of commercial credit or consumer credit, and the amount of credit, the individual has sought from a credit provider; and
- publicly available information about the credit worthiness of the individual.
AWS usually collects this information from application forms submitted by applicants for commercial credit, from publicly available sources of information and on individual’s representative sources (e.g. spouse, professional adviser or a referee nominated by the individual).
How does AWS use personal information and to whom may we disclose it?
In general, AWS uses personal information to:
- provide products or services that have been requested;
- maintain relationships with suppliers and contractors;
- communicate both internally and externally;
- provide ongoing information about AWS and services to AWS customers; and to comply with our legal obligations.
Depending on the product or service provided, personal information may be disclosed to:
- service providers and specialist advisers to AWS including legal, accounting, business consulting services and mercantile agents;
- insurers, credit providers, courts, tribunals and regulatory authorities as agreed or authorised by law;
- credit reporting or reference agencies or insurance investigators; or
- a person authorised by an individual to access the information.
We also collect, hold, use and disclose credit information and credit eligibility information about individuals to:
- • assess applications for commercial credit and to collect overdue payments;
- • assess the credit worthiness of an applicant to become a guarantor in relation to commercial credit;
- • establish and operate our customers’ commercial credit accounts;
- • obtain credit information about applicants for commercial credit from credit reporting bodies, such as CreditorWatch, Veda Advantage and Dun & Bradstreet;
- • obtain credit references about individuals from other credit providers;
- • allow credit reporting bodies to create and maintain credit information files about individuals; and
- • notify defaults to other credit providers, industry credit bureaus and debt collectors.
If you do not provide information about yourself that AWS has requested, AWS may not be able to provide you with the relevant product or service.
Cross-border disclosure of Personal Information
AWS does not disclose Personal Information to any third parties outside Australia.
AWS may use or disclose the Personal Information for direct marketing purposes to inform you of, among other things, articles relating to business-relevant tips and developments, new products, promotions and discounts. If we have received Personal Information from third parties, we may use or disclose it for direct marketing if you have consented to receiving direct marketing or it is impracticable to obtain that consent. We will also give you the opportunity to opt out of receiving direct marketing communication.
Credit-Related Personal information
AWS sometimes provides products and services to customers on credit. As a consequence, AWS does in some cases handle certain consumer credit-related personal information described below, including information from credit reporting bodies (“CRBs”):
- name, sex, date of birth, driver’s licence number, employer and three most recent addresses;
- confirmation of previous information requests to CRBs made by other credit providers and credit insurers about the individual;
- details of previous credit applications, including the amount and type of credit and credit limit;
- details of current and previous credit arrangements, including credit providers, start/end dates and certain terms and conditions;
- permitted payment default information, including information about related payment arrangements and subsequent repayment;
- information about serious credit infringements (e.g. fraud);
- information about adverse court judgments and insolvency;
- publicly available information about the individual’s credit worthiness;
- any credit score or credit risk assessment indicating a CRB’s or credit provider's analysis of the individual’s eligibility for consumer credit.
This information may include information about an individual’s arrangements with other credit providers as well as with AWS. AWS may disclose credit-related personal information to CRBs to assist the CRBs to maintain information about individuals to provide to other credit providers for credit assessments. AWS may collect credit-related personal information from CRBs for purposes including, to the extent permitted by law, to assess relevant credit or guarantee applications, manage and review the credit or guarantee, assign debts, collect overdue payments and produce assessments and ratings in respect of the individual’s credit worthiness. AWS may also exchange credit-related personal information with guarantors, debt buyers and other credit providers.
The CRB AWS uses is CreditorWatch, GPO Box 276 Sydney 2001, www.creditorwatch.com.au, [email protected];
Under the Privacy Act, individuals may request CRBs not to:
- use their credit-related personal information to determine their eligibility to receive direct marketing from credit providers; and
- use or disclose their credit information, if they have been or are likely to be a victim of fraud.
How do we treat sensitive information?
The Privacy Act defines 'sensitive information’ as (among other things) information about a person's racial or ethnic origin, religion, membership of political bodies, trade union or other professional or trade association, sexual preferences or practices, criminal record or health. Sometimes it may be necessary for AWS to collect sensitive information.
If you provide AWS with sensitive information, it is our policy that this information will be used and disclosed only for the purpose for which it was provided or another directly related purpose, unless you agree otherwise, or unless use or disclosure of this information is allowed by law.
The way we use tax file numbers and information received from a credit reporting body about an individual is also restricted by law.
How do we manage personal information?
AWS trains its employees who handle personal information to respect the confidentiality of that information and the privacy of individuals.
How do we store personal information?
AWS is required by the APPs and Part IIIA of the Privacy Act to safeguard the security and privacy of your information, whether you interact with us personally, by telephone, mail, over the internet or other electronic medium. AWS stores personal information at its own premises with the assistance of its service providers. AWS maintains strict procedures and standards and takes a range of steps to prevent unauthorised access to or, disclosure of, personal information and protect an individual’s information from misuse or loss. Once an individual’s information is no longer needed by AWS reasonable steps are taken to destroy or de-identify it.
How do we keep personal information accurate and up-to-date?
AWS seeks to ensure that the personal information it holds is accurate, complete and up-to-date. We realise that this information changes frequently with changes of address and other personal circumstances. We encourage you to contact AWS as soon as possible in order to update any personal information we hold about you. Our contact details are set out below.
Can you access and correct the personal information we hold about you?
You may obtain access to, and correct, any personal information which AWS holds about you (including credit eligibility information), unless one of the exceptions in the Privacy Act applies.
To make a request to access information AWS holds about you, please contact AWS in writing using the details listed below. AWS will require you to verify your identity and to specify what information you require. AWS may charge a reasonable fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.
If you seek access to credit eligibility information that we hold about you, we will Endeavour to provide you with access within 30 days of your request (unless unusual circumstances apply). In order to ensure that you have access to the most up-to-date information, you should also request access to the credit reporting information held by credit reporting bodies about you.
Requests to correct credit information and credit eligibility information will be assessed on a case-by-case basis.
If we are satisfied that the personal information is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct the information within 30 days of your request, or such longer period as agreed with you in writing. In certain circumstances, we may need to consult with a credit reporting body or another credit provider to determine the accuracy or otherwise of the information.
If we correct personal information about you, we will give you written notice of the correction within a reasonable time period. We will also notify you in writing if we decide not to correct the information in accordance with the requirements of the Privacy Act.
What if you have a complaint?
Please specify the nature of your complaint in writing.
If your complaint relates to an alleged contravention of the credit reporting provisions or the CR Code, we will acknowledge your complaint in writing within 7 days and advise you as to how we will deal with it. After investigating the complaint, we will make a decision within 30 days of the complaint being made (or such longer period as agreed with you in writing) and notify you in writing of our decision.
Please note that if you wish to make a complaint about our handling of an access and/or correction request, you may complain directly to the Office of the Australian Information Commissioner (OAIC).
AWS Privacy Officer
PO Box 311
Liverpool NSW 1871
Telephone: +61 2 8783 7611
FAX: +61 2 8783 7633
Email: [email protected]
If you are not satisfied with our response to your complaint, you may escalate your complaint to the OAIC by calling 1300 363 992 or emailing [email protected]
Updates to this policy