Personal information includes any information or opinion about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether Left Field have kept a record of it.
We may collect personal information about the following individuals:
- clients including but not limited to natural persons, sole traders, partnerships, companies, trusts, trustees;
- prospective clients;
- service providers or suppliers;
- prospective employees, employees and contractors; and
- other third parties with whom we come into contact.
The above listed are referred to as ‘individuals’ in this policy.
The information that Left Field seeks to collect will depend on the products or services that it recommends or provides. If an individual does not allow Left Field to collect all of the information requested, Left Field may not be able to deliver all of those services effectively.
Whereby Left Field receives unsolicited personal information about individuals, if possible, Left Field will return the unsolicited personal information to the person who provided it. In all other cases, we destroy the information, unless the personal information is relevant to Left Field’s purposes for collecting personal information.
Types of Information
Left Field will not collect any personal information except when the individual has knowingly provided that information to us or authorised a third party to provide that information to us.
Left Field may ask for identification information. This information may include but is not limited to name, address, contact details, date of birth, and tax file number.
We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes.
Left Field may collect and hold additional personal information about individuals. This could include transaction information or making a record of queries or complaints an individual makes and, if they make an insurance claim, collecting additional information to assess the claim.
The collection of sensitive information is restricted by the Privacy Act. This includes information about religion, racial or ethnic origin, political opinions, criminal record, and sexual orientation. It also includes health information and biometric information.
Generally, Left Field only collects this sort of information if it is necessary to provide a specific product or service and the individual has consented to that collection. For example, we may collect health information about the individual to process a claim under an insurance policy or collect voice biometric information to verify identity or authorise transactions.
Choosing not to Provide Information
Left Field may be unable to provide its services if it does not have all the relevant information it requires to deliver such services.
For what purposes does Left Field collect, hold, use and disclose personal information?
The main reason Left Field collect, use, hold and disclose personal information is to facilitate the provision of its service offerings. This includes:
- checking whether an individual is eligible for the product or service;
- assisting where online applications are not completed;
- providing the product or service; and
- helping to manage the product or service.
Left Field may also use information to comply with legislative or regulatory requirements in any jurisdiction, prevent fraud, crime or other activity that may cause harm in relation to its products or services and to help run the business. Left Field may also use information to tell individuals about products or services that it feels may interest them.
Collection of Information
Left Field collects most of the personal information directly from the individual. This can be done electronically.
Left Field also collects personal information about an individual from other areas of its business including sharing information amongst its subsidiaries and related parties or from third party organisations. This may happen without the individual’s direct involvement. For instance, Left Field could collect personal information about an individual from:
- publicly available sources of information;
- the individual’s external representatives (including legal adviser, mortgage broker, executor, administrator, guardian, trustee, or attorney);
- the individual’s employer;
- other organisations, who jointly with Left Field, provide products or services to the individual;
- commercial information service providers, such as companies that provide fraud prevention reports; and
- insurers, re-insurers and health care providers.
Holding Personal Information
Left Field strives to maintain the relevance, reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. Much of the information Left Field holds about an individual will be stored electronically in secure data centres, which are located in Australia, and owned by either Left Field or external service providers. This does not include third parties backing up or mirroring their data in overseas jurisdictions. Some information Left Field holds about an individual will be stored in paper files and these files will be held in secure offsite storage.
Left Field use a range of physical and electronic security measures to protect the security of the personal information they hold. For example:
- access to information systems is controlled through identity and access management;
- employees are bound by internal information security policies and are required to keep information secure; and
- monitoring and reviewing compliance with internal policies and industry best practice.
Left Field take reasonable steps to destroy or permanently de-identify any personal information after it can no longer be used.
Disclosing Personal Information
Left Field may provide personal information about individuals to external organisations. To protect personal information, Left Field enter into contracts with their service providers that require them to comply with the Privacy Act. These contracts oblige them to only use the personal information Left Field disclose to them for the specific role they ask them to perform.
Generally, Left Field disclose personal information to organisations that help them with their business. These may include:
- Left Field agents, contractors and external service providers (for example, mailing houses and technology service providers);
- insurers, re-insurers and health care providers;
- payment systems operators (for example, merchants receiving card payments);
- other organisations, who jointly with Left Field, provide products or services to the individual;
- financial services organisations, including banks, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers;
- debt collectors;
- Left Field legal advisers or auditors;
- An individual’s representatives (including their legal adviser, accountant, mortgage broker, executor, administrator, guardian, trustee, or attorney);
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
- IT Service Providers;
- external dispute resolution schemes; and
- Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
- Other companies in the event of a corporate sale, merger, reorganisation, dissolution or similar event
We may also disclose an individual’s personal information to others where:
- Left Field are required or authorised by law or where they have a public duty to do so;
- The individual may have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
- Left Field are otherwise permitted to disclose the information under the Privacy Act.
Credit card or other payments
If and when Left Field collect credit card or other payment details, we will not store them. The card details will be passed directly via a secure encrypted SSL connection directly to the bank’s payment getaway.
Furthermore, the page that transmits card details has been through thorough checks and has been deemed to be PCI DSS compliant by an Approved Scanning Vendor.
Disclosure of personal information overseas
Left Field may disclose an individual’s personal information to a recipient which is located outside Australia. This includes:
- Other members of Left Field that are located outside Australia, in some circumstances.
- Some encrypted data may be backed up or mirrored in overseas jurisdictions by third parties.
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, the APPs;
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
Left Field may use personal information to offer individuals products and services they believe may interest them, but will not do so if the individual tells them not to. Left Field may offer individuals products and services by various means, including mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising through Left Field’s website.
Left Field may also disclose an individual’s personal information to external companies who assist Left Field to market their products and services to the individual, such as a mailing house.
If individuals do not wish to receive marketing offers from Left Field, they must expressly request Left Field not to do so.
Left Field will collect information from individuals electronically, for instance through internet browsing, mobile or tablet applications.
Each time an individual visits one of Left Field’s websites, Left Field collects information about the individual’s use of the website, which may include the following:
- The date and time of visits;
- Which pages are viewed;
- How users navigate through the site and interact with pages (including fields completed in forms and applications completed);
- Location information about users;
- Information about the device used to visit our website; and
- IP addresses.
Left Field uses technology called cookies whenever an individual visits a Left Field website. Cookies are small pieces of information stored on the individual’s hard drive or in memory. Cookies can record information about an individual’s visits to the site, allowing it to remember them the next time they visit and provide a more meaningful experience.
One of the reasons for using cookies is to offer individuals increased security. The cookies Left Field send to an individual’s computer cannot read their hard drive, obtain any information from their browser or command their computer to perform any action. Cookies are designed so that they cannot be sent to another site, or be retrieved by any non-Left Field site.
Left Field won’t ask individuals to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use. Sometimes Left Field may invite individuals to send their details to them via private messaging, for example, to answer a question. individuals may also be invited to share their personal information through secure channels to participate in other activities, such as competitions.
Our websites have links to external third-party websites that may benefit the user. External websites should contain their own privacy statements and we recommend you review them when using their websites. Please note, however, that third party websites are not covered by this policy, and these sites are not subject to Left Field’s privacy standards and procedures.
Access to and Correction of Personal Information
Under the Privacy Act, individuals have a right to seek access to information which we hold about them; although, there are some exceptions to this. They also have the right to ask us to correct information about them which is inaccurate, incomplete or out of date. To do so, they must contact Left Field.
We do not charge for receiving a request for access to personal information or for complying with a correction request. We do however reserve the right to charge you for all reasonable costs and outgoings specifically incurred in meeting your request for information. In processing an individual’s request for access to their personal information, a reasonable cost may be charged if they have requested access more than once within twelve months. This charge covers such things as locating the information and supplying it to them.
There are some circumstances in which Left Field are not required to give individuals access to their personal information. If Left Field refuse to give an individual access to or to correct their personal information, Left Field will give them a notice explaining the reasons why, except where it would be unreasonable to do so. If we refuse an individual request to correct their personal information, the individual also has the right to request that a statement be associated with their personal information noting that they disagree with its accuracy. If Left Field refuses an individual’s request to access or correct their personal information, we will also provide them with information on how they can complain about the refusal.
Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, Left Field is legally required to notify affected individuals of any eligible data breaches.
Concerns and Complaints
If an individual is concerned about how their personal information is being handled or if they have a complaint about a breach by Left Field of the Australian Privacy Principles, they must contact Left Field.
Left Field will acknowledge the complaint as soon as practical after receipt of the individual’s complaint. Left Field will let the individual know if they need any further information from the individual to resolve their complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days but some complaints can take longer to resolve. If a complaint is taking longer, we will let the individual know what is happening and a date by which they can reasonably expect a response.
The individual can contact Left Field by:
- calling (03) 6459 0430
- emailing firstname.lastname@example.org
- visiting www.leftfield.net.au
- writing to us at 2/33-35 Steele Street, Devonport, Tasmania
If the individual is unhappy with our response, they may complain to the Office of the Australian Information Commissioner about the way Left Field handled their personal information.
The Commissioner can be contacted at:
Changes to this Policy
Left Field is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.