- the data collected and accessed through our Apps;
- how we deal with personal information more broadly; and
- the use of data gathering tools on our website.
There are inherent risks in transmitting information across the internet. We cannot guarantee the security of information transmitted to us via online channels. We use SSL security to encrypt data sent over the internet for any online portals and smartphone apps.
Data collected and accessed through our Apps
The Inspection App is intended to assist property managers with the inspection of properties. It allows information and data about a property to be captured and uploaded on to Property Plus. This includes:
- information about the property (e.g. number of bedrooms, number of bathrooms etc);
- metre readings;
- information relevant to the assessment of the condition of the different areas of the property; and
- photographs of the property.
The Owner Portal App allows owners, managers and tenants to use smart phones and other mobile devices to access information that they have access to on Property Plus. This includes (as relevant):
- property details (for example, lease information, inspection information, any listings for the property, photographs of the property and location information);
- financial information (including financial statements and information about rent paid);
- Information about any managers or team members responsible for managing the property;
- notifications/reminders; and
Some of the information stored on Property Plus, including information accessible via the Owner Portal App, is personal information. How we deal with personal information is set out below.
How we deal with personal information
What is personal information?
Personal information is defined in the Privacy Act 1988 (the Privacy Act) as: information or an opinion about an identified individual, or an individual who is reasonably identifiable:whether the information or opinion is true or not; andwhether the information or opinion is recorded in a material form or not.
Why do we collect personal information?
There are few, if any, organisations that can function without personal information. We are no exception. We collect personal information where it is reasonably necessary for our functions or activities. At a high level these functions and activities include:
- providing services to our customers;
- undertaking research to improve our services;
- obtaining services from other businesses;
- employing staff; and
- complying with legal and regulatory obligations.
Some common examples of personal information that we may collect include an individual’s name and contact details.
The Privacy Act recognises certain types of personal information as sensitive information. Examples of sensitive information about in individual include information about the individual’s:
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
Any sensitive information which we do collect will either be collected with the individual’s consent or as permitted by law.
How do we collect and keep personal information?
We receive personal information in different ways and through a number of different media including:
- via online sources (including via applications and portals);
- by email;
- by telephone;
- through face to face communications; and
- by hard copy correspondence and documentation.
We collect personal information directly from the individuals concerned and also indirectly via third parties. Users of our hosted property management system may upload personal information of third parties on to our system. This includes personal information relating to tenants, property owners and property managers.
We keep different types of records that include personal information. These include records stored electronically on databases and also hard copy files.
Some of the ways we protect personal information that we hold include:
- securing premises both externally and internally;
- password protected electronic systems and technology products to prevent unauthorised computer access or damage to electronically stored information, such as requiring identifiers and passwords, firewalls and antivirus software;
- having internal policies which provide that staff and service providers have access to areas of our network only to the extent necessary for them to perform their role;
- determining levels of access to electronic systems at senior management level;
- maintaining physical security over hard-copy records; and
- providing our staff with training in relation to privacy obligations and requiring them to comply with this policy.
What kinds of personal information do we collect?
We collect a variety of different kinds of personal information. Some (non exhaustive) examples are set out below.
Personal information that we collect about property managers who use our hosted property management system can include their:
- job title; and
- contact details.
Personal information that we collect about tenants can include:
- identity verification information (e.g. driver licence or other ID details);
- emergency contact details;
- details of any current tenancy and/or rental history;
- invoices and correspondence addressed to the tenant;
- details of current home ownership;
- if the tenant is employed, details of current and previous employment;
- income details;
- if the tenant is self-employed, information about their business;
- if the tenant is a student, information about their place and course of study;
- if the tenant is in receipt of social security or other benefits, details of the type and amount of benefit;
- details of vehicle and pet ownership where applicable;
- details of historical services provided to the tenant by the property manager; and
- sensitive or health information (for example if there are special circumstances that the tenant wishes to be taken into account by the property manager or owner).
Personal information that we collect about property owners can include:
- name and contact information;
- emergency contact information;
- invoices and correspondence addressed to the owner;
- details of historical services provided to the owner by the property manager; and
- banking details and other financial information.
When do we use or disclose personal information?
If we collect personal information for a particular purpose, we may use or disclose that personal information for that purpose. For example, personal information that we collect for the purpose of providing a service may be used or disclosed for the purpose of providing that service.
We may also use or disclose personal information for other secondary purposes including the following:
- where the individual has consented to the use or disclosure for the secondary purpose;
- the secondary purpose is related to (or in the case of sensitive information directly related to) the purpose for which the personal information was collected and the individual concerned would reasonably expect us to use or disclose the information – for example providing marketing information to existing customers (unless the customer has requested not to receive marketing information from us);
- the use or disclosure is required or authorised under an Australian law or a court or tribunal order;
- a permitted general or health situation exists as defined in the Privacy Act; or
- we reasonably believe that the use or disclosure of the personal information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
We may disclose personal information to data and call centres, IT service providers, mail houses and other service providers we engage to help manage our information resources. These service providers are generally located within Australia. However, we also use some contractors based in the Philippines. This means some of the personal information we collect and hold is collected and held in the Philippines.
How can you access your personal information that we hold?
You may request access to your personal information held by contacting our Privacy Officer (contact details below). We will provide access where we are required to do so under law.
What should you do if you believe we hold personal information about you that is wrong or you wish to complain about how we have handled your personal information?
If you believe that we hold personal information about you that is wrong (which includes inaccurate, out of date, incomplete, irrelevant or misleading), or you wish to complain about how we have handled your personal information, you should contact our Privacy Officer.
If you have complained to us about how we have handled your personal information, and you believe that we have not satisfactorily resolved your complaint, you may wish to contact the Office of the Australian Information Commissioner (https://www.oaic.gov.au/).
How to contact our Privacy Officer
To contact our Privacy Officer, please write to:
Level 3, 15 Claremont Street
The use of data gathering tools on our website
- each page of the website that you visit;
- your server address;
- the type of browser you are using;
- your operating system;
- your top level domain name;
- the date and time that each page is accessed; and
- documents that you download.
Search terms that you enter when searching our publications database engine are collected, but are not associated with any other information that we collect, hence the user is not identifiable. We use these search terms to ascertain what users are looking for on our website and to improve the services that we provide.
The information is used for the purpose of statistical usage analysis or systems administration.
This policy does not apply to, and we are not responsible for, the use of or the protection of information provided to any other websites that may be linked to our website.