The personal information that we collect will depend on your relationship with us and the service(s) you or your organisation have engaged us to provide or are interested in. It may include:
We may collect your personal information directly from you or in the course of our dealings with you. For example, we collect personal information from you or about you from:
In some instances, we may receive personal information about you from third parties, including entities within the BlueRock Group, associated businesses, government agencies, regulatory authorities and referrers (such as other accountants, law firms, real estate agents, financial planners, insurers and business consultants). We may also receive personal information about you from your authorised third parties and publicly available sources.
We collect and hold your personal information for a variety of purposes, and you permit us to use it:
In addition to the above, you permit us to use your personal information:
Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.
Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:
Data held and stored on paper is stored in secure key-card premises.
Data held and stored electronically is protected by internal and external firewalls, high encryption and all access to electronic data including databases requires password access that meets Microsoft complexity standards.
Access to personal information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any personal information held by us.
Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.
We undertake regular data backups, with the data copied and backed up to multiple locations for redundancy purposes.
Our staff receive regular training on privacy procedures.
We will retain your personal information whilst it is required for any of our business functions or for any other lawful purpose. We will also retain your personal information for the time periods required by law (commonly, seven years).
We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. Paper records are sent for secure destruction. In some instances, paper records and original documents will be returned to you and/or relevant third parties.
Electronic records retained for longer than 7 years may be archived to alternative storage and are subject to the procedural safeguards described above.
You have a right to request access to or correction of your personal information held by us.
If you wish to access, correct or update any personal information that we hold about you, please contact us via the details below.
We will respond to your request within a reasonable time of you making the request and give you access in the manner you requested, unless it is unreasonable or impracticable for us to do so.
There may be reasons why we cannot give you access to the information that you have requested, or we refuse to correct your personal information. If this is the case, we will let you know these reasons in writing.
To assist us to keep our records up to date, please notify us of any changes to your personal information.
We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of personal information.
We are subject to the Notifiable Data Breaches Scheme (“NDB Scheme”) under the Privacy Act. In assessing and responding to suspected notifiable data breaches, we will act in accordance with:
From time to time, you may have the option to participate in surveys or provide feedback intended to improve the services offered by us which may involve providing additional personal information. Your participation in such activities is subject to your consent.
An Internet Protocol (“IP”) address is a small set of numbers automatically assigned to your computer when you log onto the internet. We may use general information about your visit to the website, including your IP address, the date and time of your visit, pages viewed and the type of browser you use. This assists us in improving the quality and usability of our website.
If you use social media, we may collect any information that you allow the social media site to share with us.
We may use and disclose your personal information for the purpose of direct marketing to you via direct mail, email, SMS, MMS, targeted digital advertising or any other means of marketing communication, where:
You may opt out of direct marketing communications at any time by contacting us or by using opt-out facilities set out in the direct marketing communications.
We may update our Privacy Policy from time to time. Our Privacy Policy was last updated on 23 June 2021. By continuing to use our website or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.
We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act, the APPs, and any alleged breach of this Privacy Policy. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please contact us.
Privacy Officer
BlueRock
Level 16, 414 La Trobe Street
MELBOURNE VIC 3000
Phone: (03) 8682 1111
Email: privacy@thebluerock.com.au