PRIVACY POLICY
About this policy
JBX Pty Ltd, ABN: 52 134 120 139 (referred to in this Privacy Policy as ‘JBX’ ‘we’, ‘us’ or ‘our’) are committed to protecting the privacy of personal and health information in accordance with Australian privacy laws. Our Privacy Policy sets out how we and our related entities collect, use, disclose, store and manage personal and health information.
Our Privacy Policy complies with the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Health Privacy Principles set out in the Health Records and Information Privacy Act 2002 (NSW) (‘HRIP Act’) both as amended from time to time.
When dealing with JBX for the purpose of employment, provision of any goods or services, applications for commercial credit, communication via email, telephone, in writing, participation in any of our promotional activities, or use of our other services, including our websites and social media, you agree to the collection, use, disclosure and storage of your personal and health information in the manner described in this policy.
Types of personal and health information we collect:
The kinds of personal and health information we may collect from you will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:
-
identity particulars - such as your name, address, date of birth, occupation, telephone numbers and e-mail address;
-
personal information we collect from you when assessing, processing and managing an application by you for commercial credit;
-
personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, subscribe to our mailing list;
-
your bank, credit or debit account details when you make a purchase;
-
health information you provide us;
-
your records of communication with us;
-
if you visit our website, your website usage information such as your IP address.
The purpose for collecting your personal and health information
We will generally only collect and use your personal and health information for the primary purposes of:
-
our general business operations;
-
effectively providing you with our goods and services;
-
where applicable, assessing and processing an application for commercial credit, and for administrative purposes in relation to the ongoing management of your commercial credit arrangement;
-
communicating with you;
-
responding to your enquires or complaints;
-
meeting our legal and regulatory obligations;
-
conducting, improving and developing a relationship with you;
-
direct marketing (such as providing you with information about our products and promotional notices and offers); and
-
improving our websites.
Your personal and health information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent. This could include persons nominated by you as trade references, credit reporting bodies (“CRBs”) and your bankers.
We will take reasonable steps to ensure that you are aware of:
-
the likely use of the information;
-
the right of access to the information;
-
the identity and contact details of our employee/representative collecting your personal and health information;
-
any law requiring collection of the information; and
-
the main consequences of failure to provide your personal and/or health information.
How we may use and disclose your personal and health information
We may use your personal information for:
-
the primary purposes for which it was collected, such as those described above;
-
assessing and processing an application for, or administrative and management of, and commercial credit account with us;
-
administering and responding to your enquiry or feedback about our products and/or services;
-
conducting, and allowing you to participate in, a promotion, competition, promotional activity, survey, market research or customer behavioural activity;
-
promoting and marketing our current and future products and services to you, informing you of upcoming events and special promotions and offers and analysing our products and services to improve and develop new products and services (but giving you the opportunity to opt out of such direct marketing)
-
improving the operation of our websites.
We may disclose personal and health information we collect from you:
-
to our related companies, suppliers, consultants, contractors or agents for the primary proposes for which it was collected or for other purposes directly related to the purpose for which the personal and health information is collected. For example, your name and telephone number may be disclosed to our supplier to enable that supplier to respond to your request for information about a particular product;
-
for direct marketing by us but, giving you the opportunity to opt out of such direct marketing. We will include our contact details in any direct marketing.
-
to relevant Federal, State, Territory medical, health and safety authorities (as required);
-
where the law requires or authorises us to do so;
-
to others that you have been informed of at the time any personal and health information is collected from you;
-
with your consent (express or implied), to others.
Where the Privacy Act permits us to do so, we may also disclose your credit related information (in respect of commercial credit) to CRBs such as Veda or Dunn & Bradstreet, if you apply for commercial credit or request an increase in your commercial credit limit with JBX.
Where JBX collects information that we are likely to disclose to a CRB, please note:
-
the CRBs may include that information in reports provided to JBX to assist it to assess your credit worthiness;
-
if you fail to meet payment obligations in relation to commercial credit or commit a serious credit infringement, JBX may be entitled to disclose this to the CRB;
-
if you are an individual you may access information from JBX in accordance with this Privacy Policy and may access this information for the purpose of requesting JBX to correct the information or make a complaint to JBX.
We do not disclose your personal or health information for any secondary purposes unless your consent has been given or as required by law, and we will not sell or license any personal or health information that we collect from you. We do not use health records linkage systems.
How your personal and health information is stored and secured:
We take reasonable steps to protect your personal health information from loss, misuse or unauthorised access by restricting access to the information in electronic format and by appropriate physical and communications security.
If a substantial data breach has or may have occurred (for example, your personal or health information is shared with unauthorised persons) we will notify you and any relevant authority as soon as is practicable or within the time frame stipulated by applicable laws.
We only keep your personal and health information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to securely destroy or permanently de-identity your personal and health information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
Using our Website and Cookies
As with most websites, when you visit our website or use an application on our website, we may record anonymous information such as IP address, time, date, referring URL, pages accessed and documents downloaded, type of browser and operating system.
We also uses “cookies”. A cookie is a small file that stays on your computer until, depending on whether it is a sessional or persistent cookie, you turn your computer off or it expires. Cookies may collect and store your personal information. You may adjust your internet browser to disable cookies. If cookies are disabled you may still use our website, but the website may be limited in the use of some of the features.
Our website may also contain links to or from other websites. We are not responsible for the privacy practices of other websites. This Privacy Policy applies only to the information we collect on our website. We encourage you to read the privacy policies of other websites you link to from our website.
Marketing and Opting-Out
We may use your personal information for:
· promoting and marketing of our current and future products and services;
· informing you of upcoming events and special promotions and offers; and
· analysing our products and services to improve and develop new products and services.
We may exchange your personal information between our related entities so they can also assist in the marketing of our products and services to you.
We will only offer you products or services, where we reasonably believe that they could be of interest or benefit to you.
At the point we collect information from you, you may be asked to “opt in” to consent to us using or disclosing your personal information. You will generally be given the opportunity to “opt out” from receiving marketing communications from us. You may “opt out” from receiving these communications by clicking on an unsubscribe link at the end of an email or by contacting us with such request.
Analytics
We may use Google Analytics, a web analysis service, to collect, monitor and analyse Personal Information about users and visitors to our website. Google Analytics transmits and stores a website’s traffic data to Google servers in the United States. Google Analytics provides reports which assist in understanding a website’s usage and traffic. Google Analytics does not personally identify you as the user or correlate your IP address with any other data held by Google.
You can refuse the use of Google Analytics by setting your browser to disable cookies used by Google Analytics. However, if you refuse cookies used by Google Analytics, you may be prevented from taking full advantage of our website.
By visiting, browsing, accessing or using the products, services, features, contact/request forms or functions offered on our website and agreeing to this Privacy Policy, you consent to Google processing data about you in the manner described in Google’s privacy policy and for the purposes outlined in this Privacy Policy.
Cross border disclosure
Your personal information may also be processed by, or disclosed to employees, consultants, contractors, agents, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries, including for example, we may use a server hosted overseas to store data, which may include your personal information.
We will take reasonable steps, in the circumstances, before your personal information is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal information (‘the reasonable steps’).
The reasonable steps may not apply if you consent to the disclosure of your personal information to an overseas recipient and we reasonably believe that the overseas receipt is subject to laws that are suitability similar to the privacy laws in Australia.
If you consent to the disclosure of your personal information to an overseas recipient, the overseas recipient may not be accountable under the Privacy Act, and you will not be able to seek redress for breaches under the Privacy Act.
Your health information will not be processed or disclosed to recipients outside of New South Wales.
Specific rights of European residents
JBX is committed to ensuring its compliance with the European Union General Data Protection Regulation (‘GDPR’).
Although our Privacy Policy explains how we meet our obligations to Australian residents, we may also have some individuals who are located in the European Union (‘EU Residents’) that have additional rights in respect of their Personal Data.
Personal Data is defined as: “Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier”. This should be considered fundamentally interchangeable with the Australian expression “Personal Information” for the purposes of this Privacy Policy.
Health Data is defined as: “Personal Data concerning health should include all data pertaining to the health status of a data subject which reveal information relating to the past, current or future physical or mental health status of the data subject. This includes information about the natural person collected in the course of the registration for, or the provision of, health care services as referred to in Directive 2011/24/EU of the European Parliament and of the Council to that natural person; a number, symbol or particular assigned to a natural person to uniquely identify the natural person for health purposes; information derived from the testing or examination of a body part or bodily substance, including from genetic data and biological samples; and any information on, for example, a disease, disability, disease risk, medical history, clinical treatment or physiological or biomedical state from a physician or other health professional, a hospital, a medical device or an in vitro diagnostic test". This should be considered fundamentally interchangeable with the Australian expression “Health Information” for the purposes of this Privacy Policy.
Under the GDPR, JBX is primarily a “controller” of Personal and Health Data, as opposed to being a “processor”. As part of its GDPR compliance, JBX provides its services in a way that ensures:
· Personal and Health Data (i.e. Personal and Health Information) is:
- processed fairly, lawfully and in a transparent manner; and
- collected and processed only for specified and lawful purposes.
· Processed Personal and Health Data (i.e. Personal and Health Information that is used, held or disclosed by JBX) is:
- adequate, relevant and not excessive;
- accurate and, where necessary, kept up to date;
- kept secure, and not longer than necessary;
- not transferred to countries outside the European Union without adequate protection; and
- treated in accordance with individuals’ legal rights.
Whilst JBX strives to provide all individuals with appropriate access and control over their data, individuals covered by the GDPR are also able to:
· prescriptively restrict, limit or otherwise provide instructions to JBX regarding how we can use or process their Personal and Health Data. This includes being able to object to how and why their Personal and Health Data is used (e.g. by the removal of their consent for particular functions);
· request the erasure (i.e. deletion) of their information; and
· request JBX provides all Personal and Health Data held about them in a portable format, meaning in a way that is structured, commonly used and machine-readable. Individuals who exercise this right to data portability are also able to direct JBX to transmit this data to other entities who they intend to allow to process their Personal and Health Data.
JBX will allow and assist individuals that are EU Residents to exercise these rights, unless we have compelling and legitimate legal grounds not to (e.g. a legal obligation under Australian legislation, or if the Personal or Health Data has been fully anonymised).
In relation to your Personal and Health Data, JBX ensures that your consent is:
· freely given;
· specific;
· informed; and
· a clear indication is given by you signifying your agreement to the processing of your Personal and Health Data.
Accurate and up-to-date information
We take reasonable steps to ensure your personal and health information is accurate, up-to-date and not misleading by updating our records whenever changes to the data come to our attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer. To contact our Privacy Officer please see contact details below.
We will correct information we hold about you if we discover, or you are able to show us to a reasonable standard, the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with our reasons for taking that view.
We disregard information that seems to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
Access to your personal and health information
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal and health information we hold about you by contacting our Privacy Officer. If access is refused to your personal or health information for reasons permitted by the Privacy Act or HRIP Act, we will give you a notice explaining our decision to the extent practicable and your options.
To contact our Privacy Officer please see contact details below. If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.
Dealing with unsolicited information
We take all reasonable steps to ensure that all unsolicited information is destroyed or de-identified immediately.
Anonymity when dealing with us
Only where it practicable to do so, we may allow you the option not to identify yourself when dealing with us.
Collecting sensitive information
JBX does not collect sensitive information, unless it is specifically relevant and necessary for the purpose of our business activities and functions, and your consent is first obtained. All sensitive information that is collected is used in accordance with this Privacy Policy.
Government identifiers
We do not use government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.
Transfer of ownership
As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganisation, dissolution or similar event, your Personal and Health Information may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of our business (or its assets) will continue to have the right to use your Personal and Health Information in accordance with the terms of this Privacy Policy.
Complaints and disputes
If you have reason to believe that we have not complied with our obligations relating to your personal or health information under this Privacy Policy, under the Privacy Act or under the HRIP Act, please refer any compliant or queries to our Privacy Officer (details below).
We will ensure your compliant is handled by our Privacy Officer in an appropriate and reasonable manner. Where necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
Website: www.oaic.gov.au
Phone: 1300 363 992
Information and Privacy Commission NSW
Website: www.ipc.nsw.gov.au
Phone: 1800 472 679
Questions
Please refer any queries or complaints about our Privacy Policy or privacy issues to:
ATTN: JBX Privacy Officer PO Box 2343 |
Phone: (02) 9894 5648 |
Our Privacy Officer will consider your question or complaint and respond to you as required in a reasonable timeframe.
Variations
We reserve the right to vary, replace or terminate this Privacy Policy from time to time.
Last Updated 7th December 2023