PRIVACY POLICY

Who we are

This is the website terms (terms) for Harvest Road Group Pty Ltd (ACN 169 138 014) and its related entities (referred to herein as we, us or our).

This privacy policy sets out how we collect, use, disclose and manage your personal information.

Our commitment to privacy

We are committed to protecting the privacy of your personal information. We work to ensure that we comply with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles under the Privacy Act, and any other applicable privacy laws. If you are resident in the European Economic Area (EEA) or the United Kingdom (UK), applicable privacy laws include the EU General Data Protection Regulation and the UK General Data Protection Regulation respectively.

Collecting personal information

How we collect personal information

Personal Information is information or an opinion that identifies an individual. This can include names, addresses, email addresses, phone and phone numbers.

Sensitive information is a type of personal information that includes information about an individual’s racial or ethnic origin, professional, political or religious affiliations or memberships, sexual orientation or practices, criminal record, health, genetics and/or biometrics.

At all times we try to collect directly from you only the personal information we reasonably need for the particular function or activity we are carrying out. This can include when you visit our website, contact us, make a booking with us, submit a booking enquiry to us, raise a query or complaint with us, sign up to one of our mailing lists, apply for a job with us (as further described below), contract with us or otherwise interact with us.

We may also collect your personal information (including sensitive information) that we reasonably need from third parties, including government agencies, regulators, commercial counterparties and third party service providers (including credit reporting, recruitment or information agencies), and from publicly available records when handling or resolving a complaint, investigation (including investigating a data breach), conducting recruitment processes or otherwise performing any particular function or activity we are carrying out.

The types of personal information we collect

Depending on the nature of our relationship and interactions with you, we may collect a range of personal information. This includes your name, contact details (including your address, email address and phone number), date of birth, gender, nationality, organisation and IP address. If you attend one of our events, we may also take audio or visual recordings which identify you.

On occasion, we may collect information about you of a sensitive nature (such as information about your health). However, we will only do this with your consent or otherwise in accordance with applicable laws.

If you apply for a career with us

We also collect personal information when recruiting people to work with us. This may include the types of information listed above, along with your qualifications, work history and reference details. Before offering you a position, we may collect additional details such as your tax file number, superannuation information and other background check information (such as police clearances and working with children checks, to the extent required or permitted by applicable laws).

Generally, we will collect this information directly from you. We may also collect this information from third parties (such as recruitment agencies, background check agencies or your referees).

Why we collect personal information

The purposes for which we collect your personal information depend on the nature of our relationship and interactions with you. These purposes may include:

  • providing services to you or facilitating the provision of services to you by others;
  • responding to your requests for information, complaints and other enquiries;
  • marketing, including by informing you of activities, events and developments (as further described below);
  • complying with our contractual, legal or regulatory obligations or exercising our legal rights;
  • monitoring, analysing or improving our business, services or website;
  • facilitating our recruitment processes; and
  • managing our relationship or interactions with you.

Legal bases for processing personal information if resident in the EEA or UK

We process your personal information where it is in our legitimate interests to do so. We believe that our use of your personal information is within a number of our legitimate interests, including the purposes listed above under the heading ‘why we collect personal information’.

We may also process your sensitive personal information where it is in the course of our activities as a not-for-profit body, or where processing your sensitive personal information is necessary for us to exercise our rights or carry out our employment and social security law obligations.

Cookies and analytics

We use cookies and analytics (including Google tools) in relation to your use of our websites. Please refer to our website terms for more information in relation to this, including in relation to the personal information that we may collect by using such cookies and analytics.

Anonymous dealings

You may choose to remain anonymous or use a pseudonym in your communications with us where it is lawful and practicable. However, if you choose to do so, please note that we may not be able to provide you with information or goods and services, or effectively manage our relationship with you.

Storing personal information

We endeavour to take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure. We also endeavour to take reasonable steps to destroy or de-identify personal information that we no longer require.

We maintain physical security over paper and electronic data stores, including through the use of locks and security systems at our premises. We also maintain computer and network security such as firewalls to protect your personal information and to control access to our computer systems.

We secure communications between your browser and this website with encryption technology wherever possible. We also encourage you to exercise care in sending personal information via the internet.

Using and disclosing personal information

General use and disclosure

We may use and disclose your personal information for our legitimate business purposes, including for the purposes set out above in relation to our collection of personal information. For example, we may disclose your personal information to:

  • our internal divisions, business units, departments, related entities or affiliates;
  • third parties who work with us (including those who assist us in providing goods and services to you on our behalf);
  • our representatives, agents or contractors who assist us in administering our business (including for data storage or processing, printing, mailing, marketing, planning and goods or services development) or provide services to us;
  • our advisors (including lawyers and accountants), insurers, auditors and financiers;
  • other parties when required by law, such as law enforcement entities or regulators;
  • potential investors in, or purchasers of, any part of our business; and
  • Recruitment firms and recruitment service providers

We do not share your personal information except in accordance with this privacy policy or as permitted by the Privacy Act or other applicable privacy laws.

To additional protect your personal information when disclosing it to third parties, we also include special privacy provisions in our contracts and engagements.

Marketing

We may use the personal information you provide to us to send information to you, including promotional material about us (and our various entities, goods and services) and the goods and services of relevant third parties. We may send you such information by direct mail, telemarketing, email, SMS, MMS or other similar means.

If you do not want to receive marketing from us, you can unsubscribe by emailing us (see email contact below) or by clicking on the “unsubscribe” link in an automated mailout that you have received from us.

Overseas disclosures

We may disclose, transfer, store, process or use your personal information outside of your country of residence (or where you are resident in the European Economic Area (EEA), outside of the EEA). This may happen if our related entities, employees, contractors or third parties we engage with are located overseas, including in the United States of America and the United Kingdom.

For residents in the EEA and United Kingdom (UK), we may transfer your personal information outside of the EEA and UK provided that the means of transfer provides adequate safeguards in relation to your data, including in accordance with any applicable laws.

Accessing and correction of personal information

If you would like to access any of the personal information we hold about you, please email us (see email contact below). We will endeavour to provide access promptly and free of charge. However, we may refuse to provide access, or may charge a fee for compiling the requested information, if it is lawful for us to do so. If we refuse a request for information, or decide to charge such a fee, we will provide you with a reason for our decision as required by applicable privacy laws.

Please let us know if there are any errors or discrepancies in the personal information we hold about you or if your details have changed. We will take reasonable steps to correct, update and/or delete this information in accordance with applicable privacy laws following your request. Please note, if you choose to update and/or delete the personal information we hold about you, we may not be able to provide you with requested information, products or services, or to effectively conduct our relationship with you.

If you are resident in the EEA or the UK

In addition to the above right of access and right of rectification, you may also have other rights in relation to the personal information we hold about you. These include the right to object to, or restrict our processing of, your personal information, the right to request that we erase your personal information, and the right to transfer your personal information between service providers.

However, please note that some of these rights may not always apply to the personal information we hold about you as there are sometimes requirements and exemptions which mean we need to keep the personal information, or other times when the rights may not apply at all.

How long do we keep your personal information?

When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information (including sensitive information). When determining the appropriate retention period, we consider the risks of the processing, our contractual, legal and regulatory obligations, and our legitimate interests as described in this privacy policy.

Enquiries and complaints

You can contact us at any time if you have any questions or concerns about this privacy policy or the way in which your personal information has been handled, or if you have a privacy complaint, by emailing us at info@harvestroad.com.

We will consider your questions, concerns and complaints to work out what steps can be taken in response. If you make a complaint which requires detailed consideration or investigation, we may ask you to give us more information about your complaint and the outcome you are seeking. We may need to gather relevant facts, locate and review relevant documents and speak with other people involved. In any event, we will endeavour to provide you with a response within 30 days.

If you are not satisfied with an outcome following the above process, you may wish to contact the Office of the Australian Information Commissioner at:

  • oaic.gov.au/
  • 1300 363 992

If you are resident in the EEA or UK

You have the right to make a complaint to your local data protection authority, which in the UK is the Information Commissioner’s Office (www.ico.org.uk). The authorities for EU Member States are listed (along with contact details) on the European Commission website here.

Updates to this privacy policy

We may amend this privacy policy from time to time, with or without notice to you. We recommend that you check this page regularly and each time you visit this website.

This privacy policy was last updated in February 2023 (V2023-02).