CoSec Consulting Pty Ltd ACN 150 499 442 and its affiliates (including but not limited to CoSec Directors Pty Ltd ACN 604 395 879 and CoSec Local Agent Services Pty Ltd ACN 604 391 611) (collectively known as “CoSec” and also referred to in this Policy as “us,” “we” and “our”) seeks to provide the best possible service to its clients.
We recognise that any personal information we collect about you will only be used for the purposes indicated in our policy, where we have your consent to do so, or as otherwise required or authorised by law. It is important to us that you are confident that any personal information we collect from you or is received by us will be treated with appropriate respect ensuring protection of your personal information.
Our commitment in respect of personal information is to abide by the Privacy Act 1988 (Cth) and any other relevant law or regulation (Privacy Law).
When we refer to personal information we mean information or an opinion about you, from which you are, or may reasonably be, identified. This information may include (but is not limited to) your name, date of birth, driver’s licence number, marital status, phone number, email address, address, nationality, employment history, income, assets liabilities and compliance information.
Due to the nature of the services provided by us, some of the information we collect may be sensitive information, including details about your race or ethnic background. We may also collect other sensitive information about you from time to time (such as information about your health, religion, trade union membership, political opinion, sexual preference or criminal record), but only if such information is required in order to provide services to you. We will only collect sensitive information about you with your consent.
We may collect your personal information in various ways, including by email, telephone enquiries made by you or on your behalf, information you make available to us, undertaking work with you and through our website (including where you submit information to us and/or through the use of features that automatically collect information (e.g. cookies) from the users of our website).
Where reasonable and practical we will collect your personal information only directly from you with your consent. However, we may also obtain information about you from third parties, such as a party who contacts us on your behalf, from our contractors who supply services to us, through our referrers, from a publicly maintained record or from other individuals or companies authorised by you.
If you do not provide the information that we need, we may not be able to provide you with our services.
If you are contacting us for the first time by email and you think that your query may raise contentions issues, please only provide your name and the names of others involved, but do not include any confidential information about the substance of matter, so that we can undertake conflict checks. Unfortunately, should you disclose any details or the substance of the matter before we are formally engaged, we are unable to guarantee the confidentiality of the information provided.
Personal information about clients will only be used internally or disclosed on a confidential basis to other firms acting as our agent. Your personal information will not be forwarded to any third party without your express consent. If we need to forward personal information to any third party, such as an interstate or overseas agent, a lawyer, accountant or a government agency, we will first obtain your consent.
We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Law. This may include using your personal information for the following purposes:
To enable us to maintain a successful relationship with you, we may disclose your personal information to:
By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.
Sometimes we are required or authorised by law to disclose your personal information. Circumstances in which we may disclose your personal information would be to a Court, Tribunal or law enforcement agency in response to a request or in response to a subpoena or to the Australian Taxation Office.
CoSec does not intend to disclose your personal information to overseas recipients. If we elect to send your personal information offshore, we will notify you and obtain your consent prior to doing so.
From time to time we may use your personal information to provide you with current information about our services or services being offered by us or any company we are associated with. By providing us with your personal information, you consent to us using your information to contact you on an ongoing basis for this purpose, including by mail, email, SMS, social media and telephone.
If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our Privacy Officer on the contact details below. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.
It is important to our relationship that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we will ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information (including your credit related personal information) that we hold about you, you should contact us to have it updated. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.
We will provide you with access to the personal information we hold about you, subject to limited exceptions in the Privacy Law as outlined below. You may request access to any of the personal information we hold about you at any time.
To access personal information that we hold about you, use the contact details specified below. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.
There may be situations where we are not required to provide you with access to your personal information. For example, such a situation would be information relating to an existing or anticipated legal proceeding with you, or if your request is vexatious.
An explanation will be provided to you if we deny you access to your personal information we hold.
In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where, it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information. Such a situation would be where you make general inquiries about our services.
CoSec has physical, electronic and procedural safeguards to protect the personal information it collects, from unauthorised access, modification and disclosure. Our offices are secured by a security system and physical files are kept locked on site. Digital files are stored electronically on Google Inc.’s G Suite Core Services, which are audited using industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 and SOC 3 Type II audits, which are the most widely recognised internationally accepted independent security compliance audits.
Electronic personal information is stored in databases requiring logins and passwords for access, and is restricted to staff who require access.
As disclosed in our letter of engagement to clients, files that contain client’s personal information are retained for no more than seven years. We destroy all client files and documents seven years after the date of the final bill rendered by us in relation to each client matter. Access Records Management securely destroys documents by pulping or shredding and issues a certificate of destruction once the documents have been destroyed. Internal paper-based documents containing personal information are pulped before being recycled.
CoSec has implemented Privacy Compliance Programs to ensure our compliance with the notifiable data breaches obligations under the Privacy Law.
However, in the event of a serious data breach, we will take all steps required of us under the law, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) if necessary.
CoSec welcomes the EU General Data Protection Regulation (GDPR) as an important step forward in streamlining data protection requirements across the EU.
Where you are located in the EU, or CoSec offers its services within the EU, CoSec will comply with the GDPR in the delivery of its services, in addition to or in replacement of its compliance with the Privacy Law (as required by relevant law).
You may request further information about the way we manage your personal information or lodge a complaint by contacting our Privacy Officer(s) on the contact details below.
We will deal with the complaint by investigating the complaint, and providing a response to the complainant within 15 business days, provided that we have all necessary information and have completed any investigation required. In cases where further information, assessment or investigation is required, we will seek to agree alternative time frames with you.
Our Privacy Officer is Blair Lucas. If you have a question regarding the personal information that CoSec holds about you, please contact firstname.lastname@example.org.