Your privacy is important to you and it is important to us. To help us deliver our services we collect, store and share a range of different data. We are committed to protecting your privacy and keeping your information safe.
This policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We encourage you to read this Policy carefully. This policy may be updated from time to time and you will be informed of any changes.
We are aligned with the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (the Privacy Act). The NPPs governs the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. It is not intended to cover categories of personal information that are not covered by the Privacy Act.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au
It’s important to Barhead that you are informed about sharing your personal information with us.
What is personal information and why do we collect it?
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Some of the types of personal information we collect include:
Information collected from visiting our Website (cookies etc.).
- Names, job titles, contact and address details
- Information in identification documents (for example, passport, driver’s license)
- Tax file numbers and other government-issued identification numbers
- Date of birth and gender
- Bank account details, and other financial information
- Educational qualifications, employment history and salary
- Personal information about your spouse and dependents
It may be necessary in some circumstances for Barhead to collect sensitive information. Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- With your consent; or where required or authorized by law
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
Holding personal information
“Personal information” is information about an individual and may include information that would allow us to identify an individual such as name, email address, telephone number, bank account details, taxation details, and accounting and financial information.
We take security measures to protect the personal information we hold including both physical (eg. security passes to enter our offices) and technology (eg. restriction of access, the use of encryption, passwords and digital certificates) measures.
We do not disclose personal information to third parties for them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information to them for research or promotional purposes.
Barhead does hold some personal information in hard copy and electronic formats.
Disclosure of personal information
Depending on the nature of the engagement or circumstances of collection, we may disclose your personal information to our employees located overseas to fulfil the purpose for which the personal information was collected, or a related or ancillary purpose or otherwise in accordance with the Privacy Act. The countries to which such disclosures are made, and types of personal information disclosed, depend on the specific circumstances of the engagement. This may include, but is not limited to, independent contractors and consultants, information technology providers, credit managers and debt collecting agencies.
We require our service providers to adhere to our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorized purposes.
We may disclose your personal information to third parties to which you consented the disclosure or use of your personal information or when required or authorized by law(s).
How we store and protect your data
Barhead data and information is held in Australia on Microsoft Servers, but we do advocate the use of some third-party applications and service providers to assist the provision of our services. The servers of these third-party providers are commonly located in the United States of America, Singapore or in Europe.
Physical security controls and measures minimize the risk of unauthorized access to our site and restricted areas including:
- Restricted access to production and sensitive areas through biometric controls.
- Restricted access to server room, access log and audit.
- Photo IDs for all employees; no ID, no access
- Strategically placed CCTV cameras monitor all areas
- 24/7 security personnel
- Visitor access protocol and log book controls
- No paper, pens, phones or recording devices in production and sensitive areas
Barhead’s Information Security Self-Assessment Checklist Or ISSAC, safeguards Barhead and our customer’s data against theft or manipulation, by continuously monitoring behaviours and compliance to IT and Information Security policies.
- Monitors employee behaviours and compliance to access and usage policies
- Educates and assesses Barhead employees understanding
- Performs physical checks of employee work stations, email accounts and shared drives
- Performs checks of physical security mechanisms such as access systems and cameras
- Assesses and identifies risk areas
Barhead is committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorized access, modification or disclosure. With third party providers we ensure that your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities and all data transferred between you and the Service is encrypted.
You can always choose not to provide your personal information to Barhead, but it may mean that we are unable to provide you with the service.
Barhead only discloses your personal information in limited circumstances
Barhead uses a range of service providers to help us maximize the quality and efficiency of our services and our business operations (including internal business requirements, such as recruitment and human capital requirements). This means that individuals and organizations outside of Barhead will sometimes have access to personal information held by Barhead and may collect or use it from or on behalf of Barhead.
Barhead does not routinely disclose personal information to other organizations unless:
Use or disclosure is permitted by this policy;
- We believe it is necessary to provide you with a product or service which you have requested (or, in the case of a partner, employee or contractor of Barhead, it is necessary for maintaining or related to your role at Barhead);
- To protect the rights, property or personal safety of any member of the public or a customer of Barhead or the interests of Barhead;
- Some or all of the assets or operations of Barhead are or may be transferred to another party as part of the sale of some or all of Barhead’s business;
- You give your consent; or
- Such disclosure is otherwise required or permitted by law, regulation, rule or professional standard.
Grant of license
The Customer is pursuant to the terms of this Policy, given a subscription-based right to use the Software to fulfil the objectives defined in any specific agreement between the Customer, Barhead and/or any Barhead Partner.
The Customer will be granted access to a dedicated portal as well as one or additional user accounts which are specified to the Agreement.
The Customer’s right of use is limited to the use considered reasonably necessary for attaining the object of this Policy and the Agreement and does not grant the Customer any rights beyond this. Barhead will retain any proprietary, intangible and intellectual property rights to the Software and solutions, including copyright to all adaptions configured specifically for the Customer, unless otherwise agreed in writing and enclosed to this Policy. In order to protect Barhead’s business, Customer does not have the right to reverse engineer, decompile, or otherwise disassemble the Software.
If for some reason you believe we have failed to adhere to our principles on privacy and data security, please notify us by email at firstname.lastname@example.org and we will investigate to determine and correct the problem promptly.
You can request access to your personal information, subject to some limited exceptions permitted or required by law.
Such request must be made in writing to Barhead and we may charge reasonable costs for providing you access to your personal information.
Requests should be addressed to:
Barhead Solutions Australia Pty Ltd
Level 6, 222 Pitt Street
Sydney NSW 2000
Please allow 10 business days for your request to be processed.