This document provides context as to how 365mesh provides protections and policies with regard to our customer, staff and third parties and their privacy rights.
As a modern, forward-looking business, 365mesh recognises at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders and other stakeholders and respects the information which we have access to, during the course of delivering exceptional outcomes to our customers.
We collect personal information from you where it is reasonably necessary for a business purpose, including in order to supply you with services, ensure that we can improve our services to best meet your needs and to comply with our legal obligations.
If you do not wish to receive marketing material from us or about our products, services or events, please email our Privacy Compliance Officer at the details below.
1. What Information may we collect?
We may collect various data points, including your name, address, date of birth, occupation, contact details (e.g. phone numbers and email addresses), payment details (e.g. bank account or credit card details) and financial information.
We may collect this information in a number of ways, such as:
- From you – for example, where you complete your details in an order form or provide those details to one of our account managers;
- As a result of your use of our services – for example, when you pay your bill or use our services or self-service channels;
- From your online activity – for example, cookies and other digital identifiers;
- From third parties – for example, from your employer if you are an end user of one of our services or from a credit reporting agency in order to conduct a credit assessment or manage your credit situation with us.
We will take reasonable steps to ensure that you know we have your personal information, how we received it and how we will use it.
2. Storage of Personal Information and Dissemination.
Any information we hold about you is stored in secure electronic databases and is stored in compliance with over-arching data security and retention policies.
We may share your personal information to appropriately qualified staff within our organisation and with third parties that we work with in order to supply you with the services you have ordered from us. We will only share your information with third parties where they require it in order to make services available or manage their relationship with you. In these cases, we will ensure that we have arrangements in place with those partners that limit their use or disclosure of your personal information.
In some circumstances, we may need to refer or sell an overdue debt to debt collectors or other companies, in which case, we will give them access to the personal information they need to handle the debt.
We may provide third parties with personal information and cooperate with law enforcement bodies where we are permitted or required to do so by law. Scenarios where we may do this include where there is unlawful activity, serious misconduct or to mitigate a grave threat to life, health or safety.
We will also disclose personal information to others where you have asked us to, reasonably expect us to do so or given us permission.
3. Dissemination of information to non-Australian entities.
365mesh conducts business primarily in Australia and New Zealand. Outside of international Vendor relationships, it is not expected that personal information will be disclosed outside of these two countries.
Where those organisations are based in countries that do not have the same or substantially similar privacy laws as those in Australia, we will take reasonable steps to ensure that they do not breach the Australian Privacy Principles.
We may also store your information in the cloud or other types of networked or electronic storage. These services often involve diverse geographic locations, which change periodically for reasons which include data protection and processing efficiency. Where we use these services, it is not always practical for us to notify you of which country your personal information may be located in.
Please note that overseas organisations are subject to their own laws and may be required to disclose information that we share with them. In those instances, we will not be responsible for that disclosure.
4. Credit Card Transactions.
365mesh provides some services which are self-service based and will require you to provide credit card details. These services are out-tasked to various financial providers, who meet PCI-DSS and ISO requirements in order to provide transaction services.
For a list of providers, please contact 365mesh on the details provided below.
5. Notifiable Data Breach – Privacy Act 1998 (CTH).
Our primary goal is to maintain information governance and security via compliance with the Privacy Act 1998 (Cth) (the Act) and through our ISO27001 accreditation.
For personal information that we hold:
a. If we suspect there has been a data breach, we will take appropriate remedial actions if possible, to contain the suspected breach.
b. We will conduct an assessment within 30 days from when our suspicions arose. The assessment will follow our ISO 27001 procedure for Information Security Incident Management.
c. If we determine there has been a breach and the assessment concludes there is a risk of serious harm, we will:
i. notify affected persons in line with current standard processes, unless the incident is covered by an exception in the Act; and
ii. notify the Australian Information Commissioner.
d. We will review the incident and take appropriate actions to prevent future breaches.
With regards to personal information may have been stored or retained within cloud services, under 365mesh control, which have been compromised, we will notify you and share all relevant details of the alleged breach. We will undertake an assessment of the breach in accordance with our obligations under the Act and may assist you with your assessment and remedial actions under the Act.
6. Access to Your Personal Information.
We will take all reasonable steps to ensure that the personal information we have about you is accurate, complete and up-to-date. You can access and correct any of your personal information by sending an email to our Privacy Compliance Officer at the details below. We will always confirm your identity before giving access to your personal information.
Most of the time, we should be able to provide you with access free of charge. However, if your enquiry is complex or resource intensive and a handling fee applies, we will advise you of that fee and seek your consent before processing your request.
7. Contact Details – Privacy.
You may contact our team via:
Suite 5.02, 32 Delhi Rd
North Ryde NSW 2113
Att: Privacy Officer