Privacy Policy

decrease text sizeincrease text sizeprint page

Collection

  • 1. Internetrix will only collect personal information that is necessary for one or more of its legitimate functions or activities.
  • 2. Internetrix will only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
  • 3. When Internetrix collects personal information from the subject of the information (or, if that is not practicable, as soon as practicable thereafter), it will take reasonable steps to ensure that the subject of the information is aware of:
    • 3.1 how to contact Internetrix;
    • 3.2 the fact that he or she is able to gain access to the information;
    • 3.3 the purposes for which the information is collected;
    • 3.4 to whom (or the types of individuals or organisations to which) it usually discloses information of this kind;
    • 3.5 any law that requires the particular information to be collected; and
    • 3.6 the main consequences (if any) for the individual if all or part of the information is not provided.
  • 4. Where information is being collected on a form, Internetrix' obligations under paragraph 3 will be satisfied by a statement on the form.
  • 5. Where information is collected over the phone, it may not be practicable to cover all the paragraph 3 matters at the time of collection. If so, Internetrix will inform people as soon as possible in any confirmatory documentation.
  • 6. Where it is reasonable and practicable to do so, Internetrix will collect personal information directly from the subject of the information.
  • 7. Where Internetrix collects personal information from a third party, it will take reasonable steps to ensure that the subject of the information is or has been made aware of the matters listed under paragraph 3.

Use and disclosure

  • 8. Internetrix will only use or disclose personal information for a purpose other than the primary purpose of collection (a 'secondary purpose') if:
  • 8.1
    • (a) the secondary purpose is related to the primary purpose of collection; and
    • (b) the subject of the information would reasonably expect Internetrix to use or disclose the information for the secondary purpose; or
  • 8.2 the individual has consented to the use or disclosure; or
  • 8.3 Internetrix reasonably believes that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to an individual's life or health; or
  • 8.4 Internetrix has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
  • 8.5 the use or disclosure is required or specifically authorised by law; or
  • 8.6 the use or disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty or for the protection of the public revenue; or
  • 8.7 an intelligence or law enforcement agency asks Internetrix to use or disclose the personal information on the basis that the use or disclosure is necessary to safeguard the national security of Australia.

Determining primary purpose of collection

  • 9. When Internetrix collects personal information from an individual, both parties are usually aware of the purpose of collection, for example: to purchase a product or service, enter a competition, make a donation or obtain a discount. This is the "primary" purpose of collection, even if Internetrix has some additional purposes in mind.
  • 10. Where the information is not collected from the individual, Internetrix usually uses the information soon after collection in a manner associated with the primary purpose of collection.

Reasonable expectations test

  • 11. Internetrix will only use or disclose personal information in ways in which a person with no special knowledge of the industry or activity involved would "reasonably expect".
  • 12. If Internetrix uses or discloses personal information under paragraph 8.6 or 8.7, it will make a note of the use or disclosure.

Data quality

  • 13. Internetrix will take reasonable steps to make sure that the personal information it collects, uses or discloses is, accurate, complete and up to date.

Data security

  • 14. Internetrix will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
  • 15. Internetrix will take reasonable steps to destroy or permanently suppress personal information if it is no longer needed for any purpose.

Openness

  • 16. Internetrix has clearly expressed policies on its management of personal information which are readily available.
  • 17. Internetrix, on request, will take reasonable steps to let individuals know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

Access and correction

  • 18. Where Internetrix holds personal information about an individual, it will provide the individual with access to the information on request, including the source of the information, except to the extent that:
    • 18.1 providing access would pose a serious and imminent threat to the life or health of any individual; or
    • 18.2 providing access would have an unreasonable impact upon the privacy of other individuals; or
    • 18.3 providing access would be unduly onerous for Internetrix; or
    • 18.4 the request for access is frivolous or vexatious; or
    • 18.5 providing access would be likely to prejudice an investigation of possible unlawful activity; or
    • 18.6 providing access would be unlawful; or
    • 18.7 denying access is specifically authorised by law; or
    • 18.8 the information relates to existing legal dispute resolution proceedings between Internetrix and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
    • 18.9 providing access would reveal the intentions of Internetrix in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
    • 18.10 an intelligence or law enforcement agency asks Internetrix not to provide access on the basis that providing access would be likely to cause damage to the national security of Australia.
  • 19. Where providing access would reveal evaluative information generated by Internetrix in connection with a commercially sensitive decision-making process, Internetrix may give the individual an explanation for the decision rather than direct access to the information.
  • 20. If Internetrix has given an individual an explanation under paragraph 19, and the individual believes that direct access to the evaluative information is necessary to provide a reasonable explanation of the reasons for the decision, the individual should have access to an independent process to review whether that is so.
  • 21. Wherever direct access by the individual is impracticable or inappropriate, Internetrix and the individual will consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
  • 22. If Internetrix levies charges for providing access to personal information, those charges:
    • 22.1 will not be excessive; and
    • 22.2 will not apply to lodging a request for access.
  • 23. If Internetrix holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up to date, Internetrix will take reasonable steps to correct the information so that it is accurate, complete and up to date.
  • 24. If the individual and Internetrix disagree about whether the information is accurate, complete and up to date, and the individual asks Internetrix to associate with the information a statement claiming that the information is not accurate, complete or up to date, Internetrix will take reasonable steps to do so.
  • 25. Internetrix will provide reasons for denial of access or correction.

Identifiers

  • 26. Internetrix will not adopt as its own identifier an identifier that has been assigned by a government agency (or by an agent of, or contractor to, a government agency acting in its capacity as agent or contractor).
  • 27. Internetrix will not use or disclose an identifier assigned to an individual by a government agency (or by an agent of or contractor to a government agency acting in its capacity as agent or contractor) unless one of clauses 8.4 to 8.8 applies.

Anonymity

  • 28. Wherever it is lawful and practicable, individuals should have the option of not identifying themselves when entering transactions.
    Trans border data flows
  • 29. Internetrix will only transfer personal information to another party if:
    • 29.1 Internetrix reasonably believes that the recipient of the information is subject to a statute, binding scheme or contract which effectively upholds principles for fair information handling that are substantially similar to Internetrix' policies; or
    • 29.2 the individual concerned consents to the transfer;
    • 29.3 the transfer is necessary for the performance of a contract between the individual concerned and Internetrix, or for the implementation of pre-contractual measures taken in response to the individual's request; or
    • 29.4 the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual concerned between Internetrix and a third party; or
    • 29.5 the transfer is for the benefit of the individual concerned, and
      • (a) it is not practicable to obtain the consent of the subject of the information to that transfer; and
      • (b) if it were practicable to obtain such consent, the subject of the information would be likely to give it; or
    • 29.6 Internetrix has taken reasonable steps to ensure that the information which it has transferred will not be collected, held, used or disclosed by the recipient of the information inconsistently with this policy.

Sensitive information

  • 30. Internetrix will not collect personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or details of health or sex life unless:
    • 30.1 the subject of the information has consented; or
    • 30.2 the collection is required or specifically authorised by law; or
    • 30.3 the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the subject of the information is physically or legally incapable of giving consent; or
    • 30.4 in the course of the legitimate activities of a non-profit-seeking body with a racial, ethnic, political, philosophical, religious or trade-union aim and on condition that the information relates solely to the members of the body or to individuals who have regular contact with it in connection with its purposes and that the information is not disclosed without the consent of the subject of the information; or
    • 30.5 the collection is necessary for the establishment, exercise or defence of a legal claim.
  • 31. Paragraph 30 does not apply where:
    • 31.1 the information is required for the purposes of preventative medicine, medical diagnosis, the provision of care or treatment or the management of health-care services, and
    • 31.2 is collected:
      • (a) as required by law; or
      • (b) in accordance with rules established by competent bodies dealing with obligations of professional confidentiality.

If you have any questions about this Policy, please contact us today.