Privacy Policy and GDPR Statement

Updated August 2018

 

Protecting your privacy is important to Platters Plus Catering Pty Ltd. We are committed to maintaining the security of personal information that you provide to us. This Privacy Policy details how we collect, use and manage your personal information and outlines our complaints handling process.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) and to the extent applicable, the EU General Data Protection Regulation (GDPR).

“Personal information” is information we hold which is identifiable as being about you. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.

 

Providing Personal Information

At times we may ask you to voluntarily provide us with personal information, such as your name, email address, mobile number and preferred means of communication.

When you register on our website or place an order with us, we will collect personal information from you, such as your name, email address, telephone number, address, financial information (such as credit card details and billing address) as well as your order details and order history. This information may be collected electronically, over the phone or in a paper based form.  We will obtain and use this information for the purpose of ordering and processing orders within Platters Plus Catering Pty Ltdor with a client or for any purpose reasonably related to this.

We use and keep financial information (such as credit card details) so that we can process payments for orders. No order is considered to be submitted unless the transaction is approved. The credit card details are only used for that particular transaction and are not kept on file by Platters Plus Catering unless the client has expressly provided consent for Platters Plus Catering to do so for the purposes of repeat order.  We keep this information stored in our secure, encrypted systems and the information is only used for the authorised transaction to which the order relates. If we have your credit card details on file, we can use these to process future orders with your consent. You may choose to delete your financial information from our system at any time by contacting accounts@platters.com.au.

By providing us with personal information, you consent to the supply of that information subject to the terms of this Privacy Policy.

 

Use of your Personal Information

We may use personal information collected from you to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.

We will use personal information only for the purposes that you consent to. This may include to:

  • provide you with products and services during the usual course of our business activities
  • administer our business activities;
  • manage, research and develop our products and services;
  • provide you with information about our products and services;
  • communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
  • investigate any complaints.

If you withhold your personal information, it may not be possible for us to provide you with our products and services or for you to fully access our website.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

 

Disclosure of Information

We may disclose information that we hold to our external advisors, to suppliers of IT services, to third parties engaged by us to provide services to us. We do not disclose any personal information to any overseas companies – where this is required we will contact you to obtain your consent before disclosing this information.

We will not use or disclose personal information other than for the purpose for which it was collected or for a purpose reasonably related to it, except when required by law to do so.

We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

If we do disclose your personal information to a third party, we will protect it in accordance with this privacy policy.

 

General Data Protection Regulation (GDPR) for the European Union (EU)

We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.  We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

 

Your rights under the GDPR

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used.

We will comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

Except as otherwise provided in the GDPR, you have the following rights:

  • to be informed how your personal information is being used;
  • access your personal information (we will provide you with a free copy of it);
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as “the right to be forgotten”);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy.

We may ask you to verify your identity before acting on any of your requests.

 

Hosting and International Data Transfers 

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. We will update this Privacy Policy accordingly when this occurs (currently everything is kept within Australia).

The hosting facilities for our website are situated in Melbourne, Australia. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.

Currently, all our Suppliers and Contractorsare situated in Australia. In the event that we use any suppliers or contractors overseas, any transfer of information to these suppliers or contractors will be in accordance with this Privacy Policy. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

 

Security of Information

We take our obligation to protect information that we hold about you seriously.  We will take reasonable security measures to keep information secure from misuse or inappropriate disclosure or inappropriate modification.

Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the GDPR and that have adequate technical measures in place to protect personal information against unauthorised use, loss and theft.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us.  Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

 

If we experience a Data Breach

If Platters Plus experiences a cybersecurity attack or a data breach, it will:

  • immediately initiate its Data Breach Response Plan;
  • take steps to protect your personal information from further disclosure;
  • notify you of thebreach as soon as practicable; and
  • notify the Office of the Australian Information Commissionerwhere required by law.

 

Access to Personal Information and Updating Information

It is important that the information we hold about you is correct and up to date.  We encourage you to contact us at any time to update or correct information we hold about you.

You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the EU GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please send a request to our Privacy Officer in writing or by email to the contact details listed in this Policy.

We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law.

If you are a candidate for employment, shareholder or client we will normally provide you with access to this information, provided that the disclosure falls within the disclosure requirements of the Privacy Act, your request is reasonable and appropriate notice has been provided to us. We may require you to pay any archiving or retrieval costs associated with this prior to providing that information to you.

 

We will not disclose commercially sensitive Information to you.

Employment records fall outside the disclosure requirements of the Privacy Act.  If you are or were an employee, we will generally provide you with access to information that you have provided to us.  Information obtained from third parties or produced by us would be excluded from disclosure.

We will respond by email or letter to you in relation to your request for information and if reasonable, will provide access in the manner you have requested, or in an alternative manner, provided it is practicable for us to do so. If it is not reasonable or practicable to do so, we will let you know.

If we refuse to provide access to information or to update information, we will provide you with the reasons.

 

Privacy Officer

Any queries or complaints in relation to this Policy should be directed to:

The Privacy Officer
Platters Plus Catering Pty Ltd
20a Maple Ave
Forrestville SA 5035
Email:        accounts@platters.com.au

 

Complaints about Privacy

If you have any complaints about our privacy practices, please feel free to send in details of your complaints to the Privacy Officer. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.

 

Changes to Privacy Policy

Please be aware that we may change this Privacy Policy in the future. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our website or notice board. Please check back from time to time to review our Privacy Policy.

 

Website

When you visit our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.

 

Google Analytics

We use Google Analytics to measure and analyse its internet usage to ensure the site meets business objectives with advertisers and users. Individual privacy is protected but we gain insights on how to make the site more useful for advertisers as well as our users.

Data collected from this analysis include:

  • the number of page views (or page impressions) that occur on our sites;
  • the number of unique visitors;
  • how long these unique visitors (on average) spend on our sites;
  • common entry and exit points to our sites;
  • files downloaded from the site; and
  • forms filled in on the site.

 

Cookies

We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website.

Our website may from time to time use cookies to analyse website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Ads. These ads may appear on this website or other websites you visit.

 

Third party sites

Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that we are not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.