Privacy Policy
Objective
This Privacy Policy explains how the Duxton Vineyards Group (Duxton Vineyards Pty Ltd ACN 608 763 515,Duxton Viticulture Pty Ltd ACN 609 424 704 and Duxton Winery Buronga Pty Ltd ACN 007 516 529) (“we”, “our” or “us”) collects, uses and manages your personal information and credit information, based on our obligations under the Australian Privacy Act 1988 (Cth) (“Act”) – including the Australian Privacy Principles (“APPs”) – and the European General Data Protection Regulation (“GDPR”).
Collection of personal and credit information
We will only collect personal information about an individual where the information is reasonably necessary for one or more of our functions, operations or activities or to comply with the law. The kinds of personal information collected and held, and how that information is collected and held and the purpose for which that information will be collected, held, used and disclosed will depend on the circumstances. For example, we collect and process your personal information as necessary in order to provide you with our services and/or products, as part of our general business operations, employees and contractors, emergency management, to assist with queries, to consider applications from prospective employees, contractors or service providers or to comply with the law. Depending on the circumstances, below are the types of personal information we might collect from you and use in accordance with this Privacy Policy:
- contact information such as your name and address, telephone numbers and email address;
- financial information, including bank account details;
- business details, including Australian Business Number (“ABN”);
- identification information such as name, date of birth, current or previous address, driver’s licence number;
- trade references – name of entity, ABN, contact name, telephone number, fax number, email, years trading with you;
- information about our services and/or products acquired or supplied;
information from enquiries made; - communications between us and an individual;
- third party information from our employees and contractors such as details of family members and next of kin.
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit our websites, we may collect the following information from you automatically through cookies or similar technology:
- your server address;
- your top level domain name (for example, .com, .gov, .au);
- the date and time of your visit to the site;
- the pages you accessed;
- the previous site you have visited; and
- the type of browser you are using.
We use cookies in a range of ways to improve your experience on our website, including:
- for essential purposes for the basic function of our website;
- for performance and functionality to manage and improve our website;
- to improve our business functions.
You can set your browser to accept or decline cookies, however, some of our website features may not function or function fully as a result.
Means of collection of personal data and credit information
Your personal information and credit information may be collected in a number of ways, including:
- directly by our employees when you seek, or enquire about, our services;
- when you use our website or complete a form on our website or provided directly by our employees;
- from a third party such as a contracting company or through third party service providers (including recruitment service providers providing services to us)
In some circumstances, where it is unreasonable or impracticable to collect information from you or to supplement information provided, we may collect information about you from a third party source (including public records). In such a case we will take reasonable steps to ensure that you are made aware of the personal information provided to us by the third party.
You need not provide all the information requested by us, but this may prevent us from providing some or all of our goods or services to you.
Purposes of collection and use
We collect and use your personal and credit information for the following purposes:
- as a necessary part of providing our goods and services to you including managing and administering products and services, assessing credit applications, reviewing existing credit terms, assessing creditworthiness, collecting overdue payments, assessing credit guarantees, administering accounts;
- facilitating product and service reviews;
- sales and billing;
- to promote and market our products and services to you or provide you with information that we believe may be of interest to you (unless as directed otherwise);
- to personalise and customise your experiences with our website;
to help us research the needs of our customers and to market our goods and services with a better understanding of your needs and the needs of customers generally; - to allow us to provide advertising material to you regarding us, our clients, and other business partners (unless as directed otherwise);
internal management purposes; - to consider applications from prospective employees, contractors or service providers;
- emergency management;
- training;
- to comply with the law;
- other purposes related to any of the above.
We will only use your information for the purposes for which it was collected (“primary purposes”) or a purpose related to the primary purpose, if this use would be reasonably expected by you, or otherwise, with your consent.
We may also collect personal information from other credit providers, Credit Reporting Bodies (“CRB”) and any other third parties for the purpose of our functions and activities including, but not limited to credit, sales, marketing and administration.
Disclosure
We may disclose your information to certain third parties to assist us with the primary purpose for which your information was collected. Third parties we may disclose your information to for this purpose include:
- third parties that provide goods and services to us or through us;
- third parties, such as marketing and digital agencies, who may send to you our e-newsletters on our behalf, however you may request not to receive such information by opting-out or by contacting our Privacy Officer (details below)
- financial institutions, fund managers, financial advisers, stockbrokers, actuaries, custodians, share registries, insurers, investment managers, auditors, and external dispute resolution services;
- our related bodies corporate;
- where necessary to protect the rights or safety of any of its employees or a third party;
- our website host or software application providers.
We may also be required to disclose information to third parties to comply with laws and regulations. This may include disclosure to:
- government agencies as required by law;
- third parties who perform an audit of our business;
- third parties for a business acquisition, sale or restructure;
- third parties which we are required or authorised by law to make disclosures to; and
- other third parties as authorised by you from time to time.
Other than as set out in this Privacy Policy, we will not disclose your personal information to other parties without your express consent.
We do not disclose your personal information to overseas recipients unless required as a matter of law.
We do not disclose your credit information to any credit reporting bodies Where personal information is disclosed to a third party, we will take all reasonable steps to satisfy ourselves that the information is held, used and disclosed in accordance with the APPs and the GDPR.
Quality, access to and correction of information
You are entitled to have access to and seek correction of any personal information that we may hold about you. We require that requests for access to or to update or correct your personal information to be in writing outlining the details of your request. Such requests should be addressed to the Privacy Officer via the details provided in this Privacy Policy. We will take appropriate steps to verify your identity (or verify that you act as an authorised agent of the individual concerned) before granting a request to access your personal information. We will respond to your request for access to your personal information within a reasonable time after you make the request and if access is granted, access will be provided within 30 days from your request. We will, on request, provide you with access to your personal information or update or correct your personal information, unless we are lawfully excluded from granting your request, including if:
- giving access would be unlawful;
- we are required or authorised by law or a court/tribunal order to deny access; or
- giving access is likely to prejudice one or more enforcement related activities conducted by an enforcement body.
Where your request for access is accepted, we will provide you with access to your personal information in a manner, as requested by you, providing it is reasonable to do so.
Your request for correction will be dealt with within 30 days, or such longer period as agreed by you. If we deny your request, we will provide you with a written notice detailing reasons for the refusal and the process for making a complaint about the refusal to grant your request.
We will accept your request for correction of your credit information where we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.
Upon accepting a request for correction of your personal information, we will take all steps that are reasonable in the circumstances, having regard to the purpose for which your information is held, to correct your personal information.
If your request for correction of credit information is accepted, we will provide written notice of this correction to any entity to which we have disclosed this information previously, to the extent that this is practicable.
Storage and security
Your personal and credit information will be stored as physical files in a secured area in Australia, on our electronic data base system and on computers with appropriate back up and security systems. All our servers are located in Australia. Any personal or credit information which is collected via our website, or which is held on our computer systems, is protected by safeguards including physical, technical (including firewalls and SSL encryption) and procedural methods.
We take reasonable steps to hold information securely in electronic or physical form. We are committed to keeping secure the data you provide to us and we will take all reasonable precautions to protect your personally identifiable information from loss, misuse, interference, unauthorised access or alteration.
We aim to achieve this through:
- imposing confidentiality requirements on our employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to our systems;
- only providing access to personal information once proper identification has been given;
- controlling access to our premises; and
- implementing website protection measures.
In the event of a data breach, we are committed to complying with our obligations at law, including our notification obligations.
Retention
We may retain your personal information for as long as is needed for the purposes outlined in this Privacy Policy, or as required by law. Where your personal information is not required to be retained by law and is no longer required for the purposes for which it was collected or used, we will take reasonable steps to irrevocably destroy or de-identify it.
Data subject rights under the GDPR
In addition to the rights in our Privacy Policy, if you are an individual based in the EU, you have rights with respect to your personal data under the GDPR, which include:
- right of access – you have the right to ask us for copies of your personal data;
- right to rectification – you have the right to ask us to rectify your personal data you think it is inaccurate. You also have the right to ask us to complete your personal data if you think it is incomplete;
- right to erasure – you have the right to ask us to erase your personal data;
- right to restriction of processing – you have the right to ask us to restrict the processing of your personal data;
- right to object to processing – you have the right to object to the processing of your personal data.
- right to data portability – you have the right to ask that we transfer the personal data you gave us to another organisation, or to you.
These rights are not absolute, and some only apply in certain circumstances.
You are not required to pay any charge for exercising your rights over your personal data.
If you make a request in relation to any of these rights, we have one month to respond to you. Please contact our Privacy Officer (details below) if you wish to make a request.
Links
Our website, and documents produced in the course of providing the services such as reports, may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies and other terms that apply to those other websites may differ substantially from our Privacy Policy, and we encourage you to read these privacy policies and other terms of use before accessing those websites.
Changes to this Privacy Policy
We may change our Privacy Policy from time to time by publishing changes to it on our website at www.duxtonvineyards.com.au. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy. You may also request a copy of our most up-to-date Privacy Policy by contacting our Privacy Officer (details below).
Complaints
If you believe that we have breached a term of this Privacy Policy or the Act, you may submit a written complaint. The written complaint can be emailed or posted to us using the contact details set out below. You must include contact details for us to contact you regarding your complaint
Our Privacy Officer will consider your complaint and respond as soon as reasonably possible, but no later than 30 days from receiving the complaint.
If you are unsatisfied with the outcome of your complaint you may refer your complaint to the Office of the Australian Information Commissioner.
If you are an individual residing in the EU, you may submit your complaint to your local data protection authority.
Contact us
If you wish to:
- gain access to your personal information;
- exercise any of the rights described in this Privacy Policy;
- make a complaint about a breach of this Privacy Policy or our obligations at law;
- contact us with a query about how your information is collected or used;
- contact us regarding any other matter concerning this Privacy Policy
Contact our Privacy Officer:
Privacy Officer contact: HR/WHS Manager
Email: privacy@duxtonvineyards.com.au
Postal address: c/- PO Box 785, Stirling South Australia 5152
Phone: +61 8 8130 9500
For more information on privacy, see the Office of the Australian Information Commissioner’s website at: http://www.oaic.gov.au