Privacy Policy
Scope
This Privacy Policy describes how Catalyst IT Australia collects, uses, discloses, stores and gives access to Personal Information in accordance with the Privacy Act 1988 (the “Act”). In particular it sets out:
- From whom Catalyst collects Personal Information;
- What Personal Information Catalyst collects;
- How Catalyst collects Personal Information;
- Why Catalyst collects Personal Information;
- How Catalyst uses Personal Information;
- How Personal Information can be accessed and corrected; and
- What happens in the event of a Privacy Breach.
Any questions about this Privacy Policy may be directed to:
The Privacy Officer
PO Box 1480, Deewhy NSW 2099
email to: [email protected]
From Whom Catalyst Collects Personal Information
Catalyst may collect Personal Information from:
- Catalyst’s clients
- Members of Catalyst’s staff
- Visitors to Catalyst’s premises or websites
What Personal Information Catalyst Collects
The Personal Information that Catalyst collects may include your name, email address, physical address, telephone number, image, billing information, Client Information and any other information supplied by you to Catalyst in the course of your interaction with us.
How Catalyst Collects Personal Information
Catalyst may collect Personal Information about you in the following ways:
- When you provide information directly to us, whether in person, over the phone, via email or the postal system, via SMS message or other means of communication;
- When you use our services;
- When Personal Information is supplied to us by a third-party;
- When you visit our website we may collect your Client Information via a Data Collection Tool; and
- When you visit our premises we may collect your image (and in exceptional cases where necessary for security purposes, sound recordings) via CCTV cameras.
Why Catalyst Collects Personal Information
Catalyst collects Personal Information for the purposes of:
- Providing services to you;
- Administering our business; and
- Ensuring the physical and digital security of you, our clients, visitors, staff and our premises.
How Catalyst Uses Personal Information
Catalyst uses Personal Information to effect the above purposes.
- The circumstances in which Catalyst may disclose Personal Information include:
- Where you consent to the disclosure;
- Where the disclosure is required to effect the above purposes; or
- Where the disclosure is required by law.
- Catalyst stores Personal Information:
- In our IT or physical infrastructure for as long as is reasonably necessary to effect the above purposes; and
- In the case of CCTV Images or sound recordings, in our IT infrastructure for no longer than three (3) months (except where necessary).
- Personal Information may be subject to the following security measures:
- User authentication and authorisation;
- Network and at-rest encryption;
- Patching and vulnerability management; and
- Physical security protocols.
How Personal Information Can Be Accessed and Corrected
You may access and submit corrections to your Personal Information by contacting us directly by any means set out at clause 1.2.
What Happens in the Event of a Privacy Breach
Please see the provisions for Notifiable Data Breaches in the Catalyst Information Security Policy. All Notifiable Data Breaches will be handled according to those provisions.
In the event of a Privacy Breach, Catalyst will:
- Notify the affected individuals and organisations, including (if appropriate) law enforcement organisations;
- Attempt to mitigate the extent and consequences of the breach;
- Attempt to remedy the situation, as appropriate in the circumstances; and
- Review the breach and Catalyst’s processes and procedures with a view to minimising the risk of a similar breach occurring in the future.
Review
This policy is reviewed at least annually and more frequently if required. All changes to the policy are reviewed by the CISO and approved at the quarterly Management meetings. This policy is available on the Catalyst internal wiki and on the Catalyst IT Australia website.