Corporate & Commercial Solutions - Empowering Global Business Success
Privacy Commitment
In the course of our business there may be circumstances where we collect personal information. We are committed to protecting the privacy of the personal information we collect. Our privacy policy has been developed to ensure that such information is handled appropriately.
We may make changes to this Privacy Policy from time to time to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this Privacy Policy will be made available on our website. We encourage you to check our website from time to time to ensure that you are aware of our current Privacy Policy.
Managing use of personal information
We manage the personal information we collect by:
o providing team members with training on privacy issues;
o implementing procedures such as providing privacy statements when dealing with a client’s personal information;
o regularly reviewing our privacy compliance;
o implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information and security cards to access on-site information; and
o appointing a designated privacy officer to monitor privacy compliance and be a contact for any privacy complaints and access or correction requests.
We comply with our confidentiality obligations when dealing with an individual’s personal information.
Personal information we collect and hold
We are a company providing corporate support and services, and hold different information depending on the corporate and other services provided to clients, or in the case of prospective employees, the information needed to assess future employment with us. Generally, the types of information that we may collect and hold include:
o contact information (such as name, address and phone number);
o financial information;
o business circumstances;
o family circumstances;
o information about assets and investments;
o employment history;
o gender;
o date and place of birth;
o insurance information;
o banking information;
o credit information;
o credit card details;
o expertise and interests;
o tax file numbers;
o driver’s licence and other photographic information;
o video or photographic footage given by clients to us for corporate support;
o information otherwise required by law; and
o any other personal information required to perform the corporate or other
o service to the individual.
Where possible, we will only collect the personal information required to provide the corporate or other service to the individual.
Sensitive information we collect and hold
The sensitive information that we collect and hold about an individual will include any information necessary to provide corporate support and other services to the individual. This may include:
o health information;
o racial or ethnic origins;
o political opinions and membership of political associations;
o religious beliefs or affiliations;
o philosophical beliefs;
o membership of professional or trade associations or unions;
o sexual preferences or practices;
o criminal records;
o genetic information;
o any sensitive information required to be disclosed by law; and
o any other sensitive information required to perform the corporate or other service to the individual.
We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under applicable privacy laws.
Collection of Personal Information
Where reasonable and practicable, we will collect personal information directly from the individual to whom the personal information relates. However, we have a referral network and also collect personal information from numerous other sources. It is not possible to provide an exhaustive list of these sources, but they may include:
o partnering entities, consultants, advisors or agents for individuals we support;
o friends, family members and associates of the individual;
o banks and financial institutions;
o government bodies;
o our affiliates;
o insurance companies;
o businesses about their employees, contractors, customers or suppliers;
o solicitors;
o feedback surveys; and
o from paid search providers.
Holding Personal Information
We hold personal information physically on our premises and electronically, through internal servers and websites and a private cloud (including Microsoft OneDrive and Google Drive), and on electronic storage devices, including USB, and by Microsoft with our mailboxes stored ‘at rest’ within Australia.
We will take reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a cyber attack) or that unauthorised disclosures will not occur.
Some of the methods we use to store and secure information include:
o strict security access measures preventing unauthorised parties gaining access to areas that contain personal information;
o having designated areas to meet with clients and non-Crestbridge Solutions’ employees that do not contain personal information;
o using unique usernames, passwords and other protections on systems that can access personal information; and
o restricting printing and physical storage of more sensitive information.
Why do we Collect, Hold, Use or Disclose Personal Information
We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is collected varies, depending on the particular service being provided, but is generally to provide corporate support and other services to an individual or their business.
In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.
Personal information may also be used or disclosed by us for secondary purposes that are within the individual’s reasonable expectations and related to the primary purpose of collection.
We may disclose personal information:
o to other service providers or referral partners, in order to provide the corporate service or other service to the individual or company;
o to government bodies (such as ASIC or the ATO);
o to paid search providers;
o with the consent of the individual to whom the information relates;
o to Crestbridge Solutions affiliates; or
o to third party contractors where we or our affiliates contract out any financial, administrative, legal, information technology or other services, including independent market research that enables us to improve our service to our clients.
Otherwise, we will only disclose personal information to third parties with the relevant individual’s consent or if the disclosure is permitted by applicable privacy laws.
Disclosing Information Overseas
We generally do not disclose your personal information to overseas recipients otherwise than in accordance with your directions. In some cases we may indirectly disclose personal information overseas through our service providers. For example, we disclose personal information with Microsoft, Google or Hubspot, which has data centres located in the United States.
Where we disclose your personal information to parties located overseas (or which have data centres located in other countries), we take reasonable steps to ensure that those parties will handle the personal information in accordance with the Australian Privacy Principles. We are not required to take such steps if we believe that the overseas recipient is already subject to a law that has the effect of protecting personal information in a substantially similar way to the relevant law in Australia, or with your consent.
Data Breaches
A data breach occurs when personal information is lost or subjected to unauthorised access, use, modification or disclosure or other misuse or interference.
We have implemented a data breach response plan to assist us to effectively contain, evaluate and respond to data breaches in order to mitigate potential harm to any persons affected by a data breach.
In summary, our data breach response plan:
o directs our team as to the steps they should take in the event of an actual or suspected data breach;
o appoints a team to handle data breaches;
o specifies a strategy for assessing and responding to data breaches;
o sets out the process for notifying any affected persons, the relevant privacy commissioner and other relevant parties; and
o outlines the review process to help prevent data breaches in the future.
We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach if:
o there is a risk of serious harm to you;
o notification could enable you to avoid or mitigate serious harm;
o the compromised personal information is sensitive or likely to cause humiliation or embarrassment to you; or
o we are required to notify you by law.
We will notify the relevant privacy commissioner if we reasonably believe that your personal information has been subjected to a data breach that is likely to result in serious harm to you, as required by law.
Where appropriate, we may also notify other third parties of a data breach.
Your access to and updating your Personal Information
It is important the information we hold about individuals is up to date. Individuals should contact us if their personal information changes.
Access to information and correcting personal information
Individuals may request access to the personal information we hold or ask for their personal information to be corrected. We will grant an individual access to their personal information as soon as possible, subject to the request circumstances.
In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.
We may deny access to personal information if:
o the request is impractical or unreasonable;
o providing access would have an unreasonable impact on the privacy of another person;
o providing access would pose a serious and imminent threat to the life or health of any person;
o providing access would compromise our professional obligations; or
o there are other legal grounds to deny the request.
We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied. If the personal information we hold is not accurate, complete and up to date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
Complaints
If a person wishes to complain about an alleged privacy breach, they must follow the following process:
o The complaint must be firstly made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
o In the unlikely event the privacy issue cannot be resolved, they may take their complaint to the office of the Australian information commissioner.
Contact Us
If you require further information about this Privacy Policy or Crestbridge Solutions' management of your personal information please contact us on the Contact link on our website.
Changes
We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.
This policy was last updated on 6 July 2023.
Crestbridge Solutions ®
Copyright © 2024 Crestbridge Solutions All Rights Reserved