In its everyday business operations, SysCare IT Solutions makes use of a variety of data about identifiable individuals, including data about:
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps SysCare IT Solutions is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to SysCare IT Solutions systems.
The following policies and procedures are relevant to this document:
2 Privacy and personal data protection policy
SysCare IT Solutions respects the right to privacy and is committed to safeguarding the privacy of our customers and website visitors. We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). This policy sets out how we collect and treat personal information.
A privacy statement is a document that declares the intentions of the organisation in relation to client information and data, how personal information is stored, how clients can access this information and the purposes for which personal information is used and disclosed.
SysCare IT Solutions privacy statement includes sections on the following areas:
2.1 Collection of personal information
SysCare IT Solutions will, from time to time, receive and store personal information you enter onto our website or via SysCare servicedesk, provided to us directly or given to us in other forms.
Before accessing services with SysCare IT Solutions users will be required to provide some basic information such as name, phone number, address and email address to enable us to send information, provide updates and process your service provision. We may collect additional information at other times, including but not limited to, when users provide feedback, when you provide information about personal affairs, change content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support. Additionally, we may also collect any other information provided by people interacting with us.
2.2 How we collect your personal information
2.3 Use of your personal information
SysCare IT Solutions may use personal information collected to provide you with information, updates and our services. We may also notify of new and additional services and opportunities that are available.
We may use personal information to improve our services and better understand the needs of individuals. SysCare IT Solutions may contact individuals by a variety of methods including, but not limited to telephone, email, sms or mail.
2.4 Disclosure of personal information
We may disclose personal information to any of our employees, managers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Policy. Personal information is only supplied to a third party when it is required for the delivery of our services and has been discussed with the client.
We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request. We may also use personal information to protect the copyright, trademarks, legal rights, property or safety of SysCare IT Solutions its customers or third parties.
Information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
By providing us with personal information, individuals consent to the terms of this Policy and the types of disclosure covered by this Policy. Where we disclose personal information to third parties, we will request that the third party follow this Policy regarding handling personal information.
2.5 Security of your personal information
SysCare IT Solutions is committed to ensuring that the information provided to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
The transmission and exchange of information is carried out at your own risk.
2.6 Access to personal information
Individuals may request details of personal information that we hold about them in accordance with the provisions of the Privacy Act 1988 (Cth). This information will be provided within a reasonable time frame, free of charge. If an individual would like a copy of the information, which we hold about them or believe that any information we hold on them is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at firstname.lastname@example.org
We reserve the right to refuse to provide you with information that we hold, in certain circumstances set out in the Privacy Act.
2.7 Complaints about privacy
If you have any complaints about our privacy practices, details of the complaint should be sent to email@example.com. We take complaints very seriously and will respond shortly after receiving written notice of the complaint.
When you visit our website syscare.com.au we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
2.8.3. Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for individual’s convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that SysCare IT Solutions is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
3 Data Protection Officer
A defined role of Data Protection Officer (DPO) has been established to oversee this Policy.
It is a requirement of the Privacy Act 1988 Notifiable Data Breaches (NDB) Scheme that when an organisation or agency the Privacy Act 1988 covers has reasonable grounds to believe an eligible data breach has occurred, they must promptly notify any individual at risk of serious harm. They must also notify the Office of the Australian Information Commissioner (OAIC). Breaches must be handled in accordance with the SysCare Personal Data Breach Notification Procedure (INFS 28)
Note: Breaches that relate to data from operations in Papua New Guinea will be undertaken via notification to the National Information & Communications Technology Authority (NICTA); While Papua New Guinea does not have a personal data protection law, the Cybercrime Code Act 2016. The Act, and cybersecurity more generally, is regulated by NICTA.
5 Our obligations as a cloud service provider
In addition to holding personal data on our own account, SysCare IT Solutions also stores and processes the personal data of our cloud customers. In doing so, there are a number of additional obligations that must be fulfilled to allow our customers to stay within the law.
Our policy in this area is informed by ISO 27018 – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors which, as well as recommending specific enhancements to ISO 27001 controls, also provides the following policy guidance:
Additional recommendations stated in ISO 27018 are also included in the relevant policies and procedures within the ISMS.
SysCare IT Solutions Pty Ltd
Sydney - Level 36, Gateway, 1 Macquarie Place, Sydney, NSW, 2000 :::::::: Melbourne - Suite 12, Level 10, 401, Docklands Drive, Docklands, VIC, 3008
Copyright © 2018 SysCare IT Solutions Pty Ltd - All Rights Reserved.
Powered by SysCare - The Personal Touch in IT!