Privacy Policy
Privacy Policy by Arrow White Online
We take the handling of your personal information and privacy very seriously and do so in accordance with the Australian Privacy Principles (“APPs”), contained within the Privacy Act 1988 (Cth) (“Privacy Act”). This privacy policy sets out the manner in which we collect, store, manage, use and disclose personal information. This includes any documents and/or services we make available to you through the forms on our website (“Online Services’).
The Privacy Act defines ‘personal information’ to mean information or an opinion about an identified individual, or an individual who is reasonably identifiable.
We regularly review this Privacy Policy and may make changes to it from time to time on our Website without notice to you.
TYPES OF PERSONAL INFORMATION WE COLLECT
We commonly collect the following kinds of personal information about you:
COLLECTION OF PERSONAL INFORMATION
The above information is only collected, used and disclosed by us where reasonably necessary for us to do so to perform our services and/or where you provide it to us directly (including through the use of the Online Services and Forms).
USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION
We collect and use personal information for the following purposes:
SECURITY
Your personal information may be stored either as hard copies or electronically, and we take reasonable steps to protected that information from misuse or unauthorised access. Our electronic databases, Forms and information technology systems hold SSL encryption and are password protected.
Once your personal information is no longer needed by us to perform our services it is destroyed by us within the requisite period (currently seven years from completion of the services).
FORMS
The Forms on our website are secured using TLS 1.2 SSL through your browser and to the servers of the third-party form provider. The third-party provider states that they use a SSL (Secure Sockets Layer) which is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.
They further state that Forms and submissions are stored in a database which is encrypted at rest and they regularly update the technology and systems used to stay on top of the latest vulnerabilities.
PAYMENTS
All payments on our website through the Forms are handled by third party payment facilitator, Stripe. Stripe state that they utilise the most stringent level of certification available in the payments industry. All card numbers are encrypted at rest with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons can obtain plain text card numbers but can request that cards are sent to a service provider on a static allow list. Stripe’s infrastructure for storing, decrypting, and transmitting card numbers runs in a separate hosting environment, and doesn’t share any credentials with Stripe’s primary services including their API and website.
For further information see https://stripe.com/docs/security.
EXTERNAL LINKS
Any external links found on our Website are to websites which are not under our control. We recommend you review the privacy policies of those websites before using them.
REQUESTING ACCESS TO OR CORRECTING YOUR PERSONAL INFORMATION
You may request access to the personal information we hold about you or your business at any time by using the contact details set out below. Please note we will need to verify your identity before providing you with the requested information.
If for whatever reason we cannot provide you with access to the requested information (for example if the information requested is subject to legal privilege), we will provide you with written correspondence setting out (unless we are legally prevented from doing so) with the reasons for our refusal and the complaint options available to you.
All requests for personal information will be responded to as soon as possible and within a reasonable timeframe unless there are extenuating circumstances. If that is the case we will advise of the reasons in writing as soon as possible.
We seek to ensure that the personal information we hold is accurate, up-to-date and complete. If you believe that any personal information we have hold including any you have provided to us directly is incorrect, out of date, misleading or provided unlawfully, you may request that the information be corrected by using the below contact details. Where appropriate, we will ensure that all reasonable steps are taken to correct it within a reasonable timeframe.
ENQUIRIES AND COMPLAINTS
If you wish to complain about how we handle your personal information or simply have a question relating any matter raised in this privacy policy, please contact us using the details set out below, including your name, contact details and as much information regarding your enquiry or complaint as possible.
We will ensure that all reasonable steps are taken to investigate your complaint promptly and respond to you within a reasonable timeframe, in accordance with our legal obligations.
You may also wish to contact the Office of the Australian Information Commissioner on 1300 363 992 or via email at enquiries@oaic.gov.au.
were here to help every step of the way