This Privacy Policy (herein the “Policy”) is current as at 1 November 2019 and may be varied from time to time. For the most recent version of our Policy, please visit: http://www.meggroup.com.au/privacy
This Policy applies to all employees, users, contractors, suppliers and service providers (herein “you”) of and to any company within the MEG Group of companies (herein the “Group”), or users of any Group member website (the “Website”), regardless of whether You hold an account with any member of the Group (herein and collectively “us / we”) or have access to or use of the Website.
The members of the Group as at the date of this policy and their respective websites are:
Mechanical Equipment Group Pty Ltd www.meggroup.com.au
Automation & Control Pty Ltd www.automation-control.com.au
Chain and Drives Australia Pty Ltd www.chainanddrives.com.au
Chain and Drives NSW Pty Ltd www.chainanddrives.com.au
Inquip Pty Ltd www.inquip.com.au
Partsbook Pty Ltd www.partsbook.com.au
Tank Environmental Systems Pty Ltd www.tankenviro.com.au
Techquip Pty Ltd www.techquip.com.au
You should read this Policy in conjunction with any other agreements you may have with us.
1. GENERAL
This Policy is in accordance with the Privacy Act 1988 (Cth) and covers how we collect, use, disclose and store your personal information. It also notes how you may access your information and have it corrected, if incorrect. It details:
- why your personal information is being collected, how it will be used and who it will be disclosed to
- the option of not identifying yourself, or of using a pseudonym in certain, limited circumstances;
- how you may ask for access to your personal information;
- whether we will send and how you can stop receiving any unwanted direct marketing;
- how you can ask for your personal information that is incorrect to be corrected
- how you can make a complaint to us, if you consider that we have mishandled your personal information.
This Policy is in place to ensure that your personal information is collected, held and used in an open and transparent way.
If you are a minor (under 18 years of age) we will require your guardian’s consent to you entering into any agreement with us and we may require proof of your age.
2. WHAT KINDS OF PERSONAL INFORMATION WILL WE COLLECT AND HOLD?
When you contact us, trade with us and / or apply for or enquire about products or services via the Website, we collect information that is necessary to be able to provide you with those products or services, or respond to your queries. For instance, we may ask for identification information such as your name, address and date of birth and contact information (company, email, website, job title,
telephone, fax and social networking contact details) and we only obtain and hold information provided willingly by you.
We may also collect:
- Information relating to your business including licensing and insurance information and other information as reasonably deemed relevant by us;
- demographic information such as location, age, gender, preferences and interests to assist us in identifying services that may be suitable to you as an end user;
- Information regarding your preferred language and currency to be used when contracting within the Website;
- other information relevant to customer surveys and/or offers;
- financial information to determine your eligibility for a credit account with us, which may be sourced via third party credit agencies;
- payment information from you to enable credits and debits of amounts required from time to time in accordance with our agreements with you. You may also send us your banking details (BSB and account name and number) so we may send monies to you if required, such as refunds.
We also collect IP address information (this happens implicitly when you use our Website) and information regarding the brand of devices being used to access our website, products, services and applications. This is partly for auditing, but mostly so we can determine website traffic, trends in what device types customers are using so we can refine/enhance the Website, our products and services and the information collected is not sold or provided to any third parties unless required by law.
We will only ask you for personal information which is reasonably necessary and directly related to us providing or assisting in providing the products or services to you. We may also be required to collect information from you as required by law.
We will only collect information from you with your consent, whether expressly obtained from you with your consent, or via the use of the Website.
You may ask us to cease collecting your data or delete your data in accordance with this Policy and we will comply with this request so far as is necessary, saving for legal and compliance requirements that may need we need to keep your data stored for a period of time. If this is the case, we may no longer be able to offer products or services or credit to you and you would likely be required to cease using the Website.
3. HOW WILL WE COLLECT YOUR PERSONAL INFORMATION?
We will collect most personal information directly from you. We may also collect information from you electronically, for instance, when you use our Website.
Information collected when you visit our website will not be personal information (unless you provide the same as part of a webpage initiated enquiry as to the Website, our products or services).
Sometimes we may collect personal information about you from other people or from publicly available sources of information, however this will only apply if you have purchased a product or service from us and we require this additional information to assist us in providing the product or service to you.
We may also collect and access information about you from publically available sources (such as business registries including ASIC, title registries and other such bodies) if we wish to determine your eligibility to provide services to us or our customers and / or to hold a credit account with us or for other reasonable purposes.
We will only collect personal information by lawful and fair means.
We will not collect information about you from third parties unless you consent to the same or if we are required or authorised by or under an Australian law or a court/tribunal order, to collect the information from someone other than you.
If we receive information about you that we did not request or which was unsolicited, and if the information is not freely available, we will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified. We will also take such steps as are reasonable in the circumstances (if any) to notify you of the unsolicited information being provided to us. We may not contact you at all regarding the unsolicited information if we determine, acting reasonably, that the information provided to us would not cause detriment or harm to you personally or professionally.
You may withdraw your consent to us collecting or using any of your information by ceasing to use the Website, deleting any application you may have on your devices and notifying us that you wish for your information to be deleted in accordance with this Policy.
How we use cookies
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages on our website are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
The Website and online content may contain links to other websites of interest, including via advertising banners from third parties. However, once you have used these links to leave the Website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Policy. You should exercise caution and look at the privacy statement applicable to the website in question. We do not make any representations or give any warranties as to the security of any websites outside of our control.
4. WHY YOUR PERSONAL INFORMATION IS BEING COLLECTED, HOW IT WILL BE USED AND WHO IT WILL BE DISCLOSED TO.
a) Why is your personal information being collected?
We collect your personal information to assist us with providing the products and services to you as required from time to time. We may also be required to collect information from you in accordance with the law, such as (but not limited to) any legislation which applies to the products and services.
We also collect your personal information to assist us to:
i) determine your eligibility for, or to provide, the Website and / or product or service (including ability to service any agreement to pay with us);
ii) provide you with the product or service;
iii) help you use the product or service;
iv) use the product or service in accordance with your agreements with us; and
v) to issue information, accounts and / or notices to you in relation to the services and the Website.
We will not use your information for any other purpose (unless such purpose is reasonably determined by us as a reasonable secondary purpose in accordance with your dealings with us from time to time) without your consent or unless we are required to by law. Such secondary purpose must be related to the primary purpose of us providing the Website and / or products or services to you.
b) How will your personal information be used?
We will use your personal information to allow us to offer the products and services to you via the Website and facilitate your use of the same in accordance with our agreement with you. We will also maintain a security audit trail of how and when information is provided, collected, held and amended.
We will use your personal information to contact you and to issue invoices/accounts, as well as provide support for the Website as may be required from time to time. We will send you notices regarding your use of the Website, including license information, notification of any updates to software, terms and conditions or this Policy.
If we use any of your personal information for statistical purposes, we will ensure the same is de-identified before being disclosed to any third party.
Your personal information may be used by us for the purposes of contacting you and marketing the Website and / or our products and services to you and you may opt out of any marketing communications. We will not use your personal information to provide you with marketing material from any third parties, although third party links may be advertised generically or periodically within the Website.
From time to time, we may also use your information to contact you for feedback on the Website and your experiences with us or a product, to facilitate marketing to you, as well as for market research purposes. We may contact you by email, phone or mail. We may use the information to assist us in making improvements to the Website and the products and services offered therein.
c) Who will your personal information be disclosed to?
We may share your personal information with our related entities and agents, however only for the purposes of providing the Website, products and services to you. We may also share your information with our legal representatives from time to time for the purposes of seeking legal advice or general advice.
In order for the Website to work as required, we will share your information with the other parties to the transaction, insofar as is necessary to ensure the products and services can be provided as required. This will include, but is not limited to, contact and service requirement information.
Aside from the above, we will never disclose your personal information to third parties, unless required at law. It is our intention that the integrity of the Website is not compromised.
d) Do we disclose your personal information overseas?
Your information will be stored in servers located in Australia only, backed up in servers at our office location. Back up information is located in another office of a member of the Group, at a secondary location, save and except for our accounting information (hosted off site by MYOB) and email content which is stored using Microsft 365 cloud (off site) storage. We send your information as encrypted data (minimum 256 bit AES (SSL)) and your information is held at these sites in accordance with this Policy. If we determine a third party may hold your information, we will make best endeavours to ensure any data is held by a reputable service provider with a Privacy Policy of a standard equal to or higher than this Policy, with adequate protections in place.
5. HOW WILL YOUR PERSONAL INFORMATION BE HELD?
Most of the personal information we hold will be stored electronically in secure data centres, encrypted as required and backed up. These data centres are located in Australia. We use a range of security measures to protect the personal information we hold and ensure any third party providers we may use claim to be GDPR compliant. We will make all best endeavours to have a contract in place with data storage providers to ensure their obligations are known and clear and confirming their services comply with Article 28 of the EU GDPR as may be required.
We will take all such steps as are reasonable in the circumstances to protect the information:
a. from misuse, interference and loss; and
b. from unauthorised access, modification or disclosure.
When your agreement with us has terminated and our supply of products and services to you has ceased, we may no longer require your personal information. In this instance, we will take such steps as are reasonable in the circumstances to destroy your information upon your request, or to ensure that the information is de-identified, unless we are required to maintain the information by or under an Australian law, due to any legal compliance requirements or a court/tribunal order requires we maintain the information.
If you require we delete any information about you that is held by us, you must ask us in writing in accordance with this Policy.
If you are an employee of ours, we cannot delete your data unless and until all relevant periods of compliance and auditing have been completed, usually 7 years from the date of termination of your employment with us.
We will make best endeavours at all times to ensure your information is stored by equipment and providers that are aware of their obligations pursuant to this Policy and who have sufficient know-how and resources to ensure the information is held securely and only accessed by suitable authorised persons who have been trained to handle the information in a compliant manner.
We will utilize industry standard encryption techniques to transfer and store information. This may include (but not be limited to) HTTPS/SSL utilising certificates issued by recognized reputable issuers.
We will take reasonable steps to ensure the procedures to access, modify and/or delete any of your information are in place and enforced to ensure your information is safe and held in accordance with this Policy.
We will ensure security notification procedures are in place and followed by all relevant parties to ensure reporting obligations pursuant to this Policy are met in the case of a data breach, including any obligations being met in a timely manner.
We may use sub-processors of your information. Any sub-processors we use will be vetted for GDPR and/or Australian privacy law compliance.
6. THE OPTION OF NOT IDENTIFYING YOURSELF, OR OF USING A PSEUDONYM IN CERTAIN CIRCUMSTANCES
When making enquiries through our Website, you may wish to use a pseudonym.
You may not use a pseudonym if you wish to hold a Website account and/or enter into an agreement with us for us to provide you with any products or services, as we are required under Australian law to deal with individuals who have identified themselves. It would also be impracticable for us to deal with individuals who have not identified themselves or who use a pseudonym as we would not be able to provide our products and services on that basis.
7. HOW YOU MAY ASK FOR ACCESS TO YOUR PERSONAL INFORMATION
You can request access to the personal information we hold about you or delivery of the said information to you or a third party. You can also ask for corrections to be made. To do so, please contact us on the details listed at ‘Contact us’.
We may refuse access to your personal information if we are required or authorised to refuse access (to the extent required or authorised) by or under:
i. the Freedom of Information Act; or
ii. any other Act of the Commonwealth, or a Norfolk Island enactment, that provides for access by persons to documents.
We may also refuse access if:
a. We believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
b. giving access would have an unreasonable impact on the privacy of other individuals;
c. the request for access is frivolous or vexatious;
d. the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings;
e. giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
f. giving access would be unlawful;
g. denying access is required or authorised by or under an Australian law or a court/tribunal order;
h. both of the following apply:
i. We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in; and
ii. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
i. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
j. giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.
Response to Request for Information
We will respond to your request for personal information within a reasonable period after the request is made and give access to the information in the manner requested by you, if it is reasonable and practicable to do so.
We will respond to your request within 1 calendar month of receipt of your request.
Should we be unable to provide the information requested by you in the manner requested by you, we will take steps as are reasonable in the circumstances to give access in a way that meets your needs or through a mutually agreed intermediary if appropriate.
Access Charges
We will not charge you to make a request for personal information, however we may charge you for giving access to the information and for administrative costs in obtaining and providing the personal information. These costs will not be excessive and we will provide you with an estimation of these costs upon response to your request for the personal information. We may also charge you if your access and variation requests are unfounded or excessive.
Refusal to give access
If we refuse your request for access to your personal information, we will provide you with written notice setting out:
a. the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
b. the mechanisms available to complain about the refusal; and
c. any other matter prescribed by the regulations.
We will also, where applicable and where possible, include an explanation for the commercially sensitive decision to refuse access.
8. DO WE USE OR DISCLOSE PERSONAL INFORMATION FOR MARKETING?
We may use your personal information to offer you products and services that we believe may interest you unless you ask us not to provide marketing material to you and you do so in writing.
We will not use or disclose sensitive information about you for the purposes of direct marketing, unless you have authorised the use and disclosure of your sensitive information for that purpose.
Opting In or Out of Direct Marketing
If you wish to receive marketing offers from us or opt out of marketing offers please contact us on the details listed at ‘Contact us’. You may also change your preference at any time via the Website and any direct marketing provided to you will include details on how to remove your name from our marketing list.
9. HOW YOU CAN ASK FOR YOUR PERSONAL INFORMATION THAT IS INCORRECT TO BE CORRECTED
We must take steps to ensure as far as reasonable in the circumstances, that the personal information we collect, use and disclose is accurate, relevant, up-to-date and complete.
If we hold any information about you that we or you believe is inaccurate, out of date, incomplete, irrelevant or misleading, we will take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If you request that we notify other entities of the correction of your information (if we had previously disclosed such information to the said entity), we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Refusal to correct information
We may refuse to correct your information. If we refuse to correct your personal information, we will provide you with a written notice detailing:
a. the reasons for the refusal except to the extent that it would be unreasonable to do so; and
b. the mechanisms available to complain about the refusal; and
c. any other matter prescribed by the regulations.
If we refuse to correct your personal information as requested by you and you request we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, then we will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
Response to request for an amendment to your information
We will respond to your request for personal information to be amended within 1 month of receipt of your request and give access to the information in the manner requested by you, if it is reasonable and practicable to do so.
Access charges
We will not charge you to make a request to amend your personal information and we will not charge you to make the said amendments to your personal information, unless such access and variation requests are unfounded or excessive.
10. DATA BREACH POLICY
If there is a data breach in relation to your data, we will notify you and report any such breaches to any relevant local authorities, unless we determine, acting reasonably, that the data breach is unlikely to result in any risk to your safety, rights and freedoms.
If a third party is storing any information on our behalf, they are required to notify us of any data breach whatsoever and we will contact you as soon as possible if this breach effects your data, safety, rights and freedoms.
11. HOW YOU CAN MAKE A COMPLAINT TO US, IF YOU CONSIDER THAT WE HAVE MISHANDLED YOUR PERSONAL INFORMATION
If you are concerned about how your personal information is being handled or if you would like to make a complaint, please contact us on the details listed at ‘Contact us’.
If you are unhappy with our response, we will provide you with details of the agencies to which you can direct your further concerns.
12. POLICY UPDATES
If this Policy is amended by us at any time, we will contact you using the information you have provided, notifying you of the change of this Policy. Any updated Policy will be located on our website and available upon request in accordance with this Policy.
13. CONTACT US
You can contact us by:
Calling: (08) 9303 4966
Emailing: admin@meggroup.com.au
Writing to: Privacy Department MEG
PO Box 1343
Wangara WA 6947
Our Privacy Officer can also be contacted in relation to privacy concerns by writing to us, attention to the Privacy Officer.