Privacy policy

Privacy Act

Risk It For the Wristlet (RIFTW) is bound by the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP). We are an APP entity as defined in s 6(1) of the Act. 

We collect and hold personal information relating to you and to other people and entities associated with you as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, tax file numbers, addresses, telephone numbers, social media details, email addresses, occupations, wage records, bank account details, asset and investment details, financial planning records, taxation records, medical records and relationship details. 

Personal information is collected from you in the following ways: 

  • by providing it to us directly; 
  • by authorising third parties to provide it to us; 
  • by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf. 

How is personal information received and held? 

Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email. 

We collect personal information from you in a variety of ways, including when you interact with us electronically or in person, when you access our website and when we provide our services to you. We may receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy.

We are committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.




For what purpose is personal information collected, held, used and disclosed? 

All data is processed by us on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are: 

  • to offer our products and services to you. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent; 
  • to facilitate our internal and external administrative processes including financial and business operations and reporting requirements; 
  • to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; 
  • to comply with applicable laws;
  • to provide you with information, updates and our products and services. We may also make you aware of new and additional products, services and opportunities available to you. We may use your personal information to improve our products and services and better understand your needs; 
  • to contact you by a variety of measures including, but not limited to telephone, email, sms or mail.
  • to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Policy. Personal information is only supplied to a third party when it is required for the delivery of our products and services;
  • from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request;
  • use your personal information to protect the copyright, trademarks, legal rights, property or safety of RIFTW, its customers or third parties;
  • from time to time be stored, processed in or transferred between parties located in countries outside of Australia. These may include, but are not limited to Australia, Canada and New Zealand;
  • if there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.

By providing us with personal information, you consent to the terms of this Privacy Policy and the types of disclosure covered by this Policy. Where we disclose your personal information to third parties, we will request that the third party follow this Policy regarding handling your personal information.

How can personal information be accessed or corrected? 

You may access their personal information and seek correction of it at any time by applying to our office in person or in writing. 


You will be formally identified before releasing or amending any personal information. 


Websites

When you visit our website

When you come to our website (www.riftw.com.au) we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our website, such that we can improve our products and service.

Cookies

We may from time to time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website. Our website may from time to time use cookies to analyses website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google Adwords. These ads may appear on this website or other websites you visit.

Third party sites

Our website may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Grow Laser Cap is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.


Is personal information disclosed outside of Australia? 

Where necessary we will disclose personal information to overseas recipients, including a related body corporate. 


What is the complaints process relating to personal information? 

If there is a breach of this privacy policy, either of the Act or the Australian Privacy Principles (APP), a complaint may be made by you to: 

  • our customer services team; or
  • the Office of the Australian Privacy Commissioner. 

Data breaches 

All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible. 


What is an eligible data breach? 

An eligible data breach, defined in s 26WE(2) of the Act, is when: 


  • both of the following conditions are satisfied: 
    •
  • there is unauthorised access to, or unauthorised disclosure of, the information;
    •
  • a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or 

  • the information is lost in circumstances where: 
    •
  • unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
    •
  • assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;… 

    • If there is a suspicion of a breach

    If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days. 


    If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:

    • the business’s details; 
    • a description of the breach;
    • the kind or kinds of information concerned; and
    • recommendations about the steps that we will take in response to it. 

    If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method. 


    The statement will be submitted to the Privacy Commissioner. 


    Exception to reporting 

    Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.