As a brand communication agency Fuller collects, holds and discloses personal information. We take privacy seriously and are committed to complying with the Australian Privacy Principles in the Privacy Act 1988 (Cth).
Why do we collect personal information?
We collect personal information to:
- provide services to our clients
- communicate with our clients and contacts
- gain feedback about our services
- inform our clients and contacts about business opportunities and industry developments
- market our services and send invitations to our events
- to market our clients’ services and send invitations to our clients’ events
- manage our employees and contractors
- generally carry on our business
What personal information do we collect?
We limit personal information to a business or organisation name, the relevant individual’s name, gender and position (eg marketing manager) and phone and email contact details. Where relevant we may record an individual’s relationship with our existing contacts and business associates (our network) which could benefit the client or potential client.
How we collect personal information
We may also collect information about an individual from our clients, potential clients and their contacts and business associates and agents, from the individual’s employer and from publicly available records or a third party eg a provider of an employment or other reference.
Anonymity and pseudonyms
Individuals have the right not to identify themselves, or to use a pseudonym when dealing with us. However, if we request personal information and it is not provided, we may not be able to provide services to or otherwise assist the relevant individual.
General use and disclosure
We use and disclose personal information for the primary purpose for which it was collected, related purposes and other purposes authorised by the Privacy Act. In general, we use and disclose personal information for the purposes set out above.
Use and disclosure for direct marketing
We will only use an individual’s personal information to market our services or to send invitations to our events where we give that individual an opportunity to request us not to use the information for such purposes. We will not use an individual’s personal information for such purposes if the individual requests us not to do so.
To whom do we disclose personal information?
We may disclose personal information:
- to other persons in connection with the provision of our services including our clients and their contractors and other advisers, and to contacts and business associates of our clients and their contractors and advisers
- to our employees, contractors and advisers
- to credit reporting and debt collection agencies
- to anyone else whom the individual authorises us to disclose the information
- as otherwise authorised by the Privacy Act
Who else can access this information?
Our contractors may have access to some personal information we collect. For example, contractors may distribute some of our publications and develop and maintain our computer systems, electronic records, websites, blogs and other social media outlets.
Our auditors, insurers and legal and other professional advisers may also access our records to protect our interests and to ensure that we comply with our obligations.
Disclosure to overseas recipients
We do not disclose personal information to overseas contractors such as IT service providers.
Where it may be necessary to disclose personal information about an individual to overseas contractors consent to such disclosure must be provided by the individual.
How do we keep personal information secure?
We take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. We store information in access-controlled premises, and electronic information on secure servers. We require all persons authorised to access electronic information to use logins and passwords to access such information.
We require all our contractors and others to whom we disclose personal information or whom may have access to personal information we collect, to keep such personal information private and to protect such personal information from misuse and loss and from unauthorised access, modification or disclosure.
Unless we are prevented to do so by the law, we de-identify or destroy securely all personal information we hold when no longer reasonably required by us.
Integrity of personal information
We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete and that the personal information we use or disclose is, having regard to the purpose of such use or disclosure, accurate, up to date, complete and relevant.
To that end, we encourage you to contact us to update or correct any personal information we hold about you.
Accessing your personal information
You may request access to personal information we hold about you. We may require you to verify your identity and to specify what information you require. We deal with all requests for access to personal information as required by the Privacy Act. We may charge a fee where we provide access and may refuse to provide access if the Privacy Act allows us to do so.
Correction of personal information
We take reasonable steps to correct all personal information we hold to ensure that, having regard to the purposes for which it is held, the information is accurate, up to date, complete, relevant and not misleading. You may request corrections to personal information we hold about you. We deal with all requests for correction to personal information as required by the Privacy Act. We may refuse to correct personal information if the Privacy Act allows us to do so.
Third party information security for e-commerce websites
In our activity as a provider of communication orientated services we interact with data that may belong to our customers, their customers or some other entity’s data. Fuller recognisees that information assets have value, and need appropriate protection.
We are committed to ensuring that we take reasonable endeavours to protect information which we manage on behalf of our clients. We recognise that Information may be governed by law, including The Privacy Act (Cth) and by Industry Codes or Regulation, including the Payment Card Industry Data Security Standard (PCI DSS).
In our work supporting clients with websites, we may support those with requirements for e-commerce. In that circumstance we must recognise the Requirements of the PCI DSS, and understand that compliance to this code is mandated in every Card Scheme contract with merchants – in other words, our customers are legally obliged to comply. We are committed to supporting our clients maintain compliance to the PCI DSS, and will meet the requirements in those circumstances where we may impact the security of Payment Card Data.
Controls required by the PCI DSS include, at a minimum, that all administration of any website which is to manage the path to payment using cards such as VISA, MasterCard, AMEX, JCB must be conducted using appropriate access control, including that all “admin” accounts are unique to an individual, and that systems must be adequately patched for any known security vulnerability within 30 days of release of such patches.
Fuller does not intend to handle payment card data itself, and recognises the complexity of controls which would be required were we to store, process or transmit payment card data ourselves. We encourage our clients to use safe payment methods, such as the use of compliant third party payment service providers. Such an approach limits our compliance needs to a small subset of the entire PCI DSS controls.
While primary responsibility for PCI DSS compliance lies with our clients who are merchants, our intent is to comply to the extent reasonable with the PCI DSS controls as they apply to the systems which we support or manage for our clients. We are open to audit by our clients PCI DSS QSA as required by our clients from time to time to support their demonstration of compliance.
If you are not satisfied with the outcome, then you may make a complaint to the Office of the Australian Information Commissioner (OAIC). For information about how to make such a complaint, please refer to the OAIC website http://www.oaic.gov.au/.
To request access to or correction of personal information, to request not to receive marketing material or invitations from us, or to make a privacy complaint to us, please contact:
37 Fullarton Road
Kent Town, South Australia, 5067
Phone: +61 8 8363 6811
Fax: +61 8 8363 6822