Diagno Pty Ltd and related entities (Diagno) are committed to ensuring the protection of the privacy of the personal information it collects or receives during the course of its business.
This document sets out the policy of Diago and its related entities in relation to the protection of the privacy of personal information and is made in compliance with Diagno’s obligations under the Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs).
This policy applies to any individuals about whom Diagno currently holds, or may collect in the future, personal information.
The purpose of this policy is to inform such individuals about:
- What type of personal information we collect, and
- What we do with this personal information
What is personal information?
‘Personal information’ is information or an opinion, whether true or not, about an individual whose identity is apparent or can be reasonably identifiable. Information may or may not be recorded in material form in order to be classified as personal information.
Examples of personal information includes any information where a person is reasonably identifiable, such as:
- A person’s name, address, phone number and email address
- Photos
- Bank account details
- Financial information
- Tax file numbers and other government issued numbers
- Information about what a person likes and their opinions
- Information about where a person works
What is sensitive information?
This policy also refers to ‘sensitive information’. Sensitive information is a category of personal information and is information about a person’s:
- Racial or ethnic origin, political opinions, membership of a professional or trade organisation
- Religious or philosophical beliefs
- Sexual preferences or practices
- Health, genetic or biometric information
- Criminal records
Information that is not personal information
Information is not personal information where Diagno has removed any reference to an individual so that the person cannot be reasonably identifiable from the information. Diagno can use this information for its own purposes and for commercial gain.
How and when we collect personal information
Diagno collects personal information in a number of ways in the course of conducting its business, including when it is:
- Providing services to its clients
- Engaging with suppliers, clients and personnel
- Contacted via telephone, email or in person
- Establishing and administering client registration through its website or otherwise
- Signing up individuals to or administering its electronic mailing lists
- Conducting marketing or other activities through social media and other platforms recording video, email, internet or other electrical surveillance at its offices or at places where work is being performed.
Where reasonable and practicable, Diagno will collect personal information directly from the person and inform them of the collection. However, in some circumstances we will collect personal information through service providers, agents or publicly available sources (eg internet directories etc).
Personal information we collect and hold
The types of personal information we collect, and hold includes:
- Names, titles, contact and address details
- Dates of birth and gender
- Bank account details
- Email addresses
- IP addresses
- Financial information, relevant to the provision of accounting, taxation and other financial advice
- Tax file numbers
- Contact information
- Business circumstances
- Information about assets, investments and liabilities
- Employment history
- Gender
- Banking, credit and other finance related information
- Proof of identification documentation such as drivers licenses and passports
- Information relating to superannuation and insurance
- Australian Taxation Office related correspondence and correspondence from other parties
- Information about our client’s likes and their opinions
- Other relevant information
How we hold personal information
We hold personal information we collect in a number of formats including hard copy, on our computer systems and on other electronic systems.
If Diagno receives personal information it did not request, and Diagno determines that it would not be permitted to collect this information under the APPs, Diagno will destroy or de-identify the information as soon as practicable.
Why do we collect and hold personal information?
We collect personal information for purposes including to enable us to provide our services to clients, to contact and communicate with clients, employees, suppliers and other third parties, for internal record keeping and for marketing. We may also use personal information we collect for associated secondary purposes where the person to whom it relates could reasonably expect its use or disclosure.
Collection of Sensitive Information
Unless required or authorised by law, Diagno will not collect sensitive information about an individual unless:
- It has the consent of the person to whom it relates, and
- The information is reasonably necessary to one or more of Diagno’s functions or activities
Employee Records
Diagno is not required to comply with the Privacy Act when handling the personal information of its employees if the personal information is directly related to:
- A current or former employment relationship
- An employee record relating to the employee
This means that the APPs do not apply to Diagno when it handles current or past employee records for something that is directly related to the employment relationship. Diagno is also not required to grant its employees access to their personal information help by Diagno under the Privacy Act, although it may have an obligation to disclose certain employee records under other legislation.
Use and Disclosure of Personal Information
We may use or disclose personal information that we collect for its primary purpose (eg providing our services to clients and related activities ancillary to the provision of accounting services) or for related secondary purposes that a person would reasonably expect us to use or disclose that information (eg where we provide your details to a third party to assist us in the provision of our services to you).
Otherwise, Diagno will not use or disclose personal information to third parties without the consent of the individual to whom it relates unless the disclosure is:
- Required or authorised under law, or
- It is permitted under an exception to the Privacy Act
Overseas disclosures
Personal information that we collect may be disclosed to entities located overseas or be stored on a server overseas. If we disclose or transfer personal information to countries outside Australia, we will do so in compliance with Australian data protection and privacy laws. The countries to which Diagno discloses or transfers personal information to include within Australia and the United States, where some of our data is stored.
Security of Personal Information
Diagno will take all reasonable steps to ensure that personal information is stored in a manner that reasonably protects it from misuse, unauthorised access, modification or disclosure. Diagno does not guarantee that personal information cannot be accessed by unauthorised third parties. Where personal information is no longer required for the purpose for which it was obtained, we will take reasonable steps to destroy or de-identify this information.
Accessing and correcting personal information
Diagno will grant someone access to their personal information, or correct personal information, as soon as possible once a request has been made. All requests should be made in writing, either by post or email, to:
Attn: Office Manager
team@diagno.com.au
+61 7 5552 1100
PO Box 3287
AUSTRALIA FAIRÂ QLDÂ 4215
Diagno is not required to provide access to personal information if:
- Providing access would pose a serious threat to the life, health or safety of any individual or public health or safety
- Providing access would have an unreasonable impact on the privacy of other individuals
- The request is frivolous or vexatious
- The information relates to an existing or anticipated legal proceeding
- Denying access is required or authorised by law
- Providing access would prejudice Diagno’s rights or commercial interests
- There are other legal grounds to deny the request
Complaints
Complaints that Diagno, its employees, its agents or third parties have breached this policy should be made in writing by post or email to Diagno, to the above address.
Diagno deals with all complaints through an internal process. We will assess your complaint and respond to you within a reasonable period of time. Any subsequent action in relation to a compliant will depend on individual circumstances.
Status of this Policy
This policy is not intended to create contractually binding obligations upon Diagno.
This policy (and any other Diagno policy) may be varied or withdrawn from time to time by Diagno in its discretion.
18 July 2023