Vocus Group Limited ABN 96 084 115 499 (Vocus, we, us, our) is a public company listed on the Australian Securities Exchange. Ordinary securities in Vocus trade under ASX code “VOC”. Vocus is the parent company of subsidiaries which supply telecommunications products and services, supply energy (retailer of gas and electricity) and insurance products. Our group of companies includes companies trading under the names Vocus Communications, Dodo, iPrimus, Commander and Engin, and any related companies based in Australia.
Vocus provides data network, internet, data centre, cloud and voice products and services to corporate, government and residential customers. We recognise the importance of protecting the privacy and personal information on our customers and shareholders and this policy outlines how we do this.
Privacy laws that apply to our business
We are bound by the Australian Privacy Principles (the APPs) under the Privacy Act 1988 (Cth) (Privacy Act) when collecting, using, disclosing, handling and accessing your personal information. The APPs establish minimum standards for the collection, use, disclosure and handling of personal information. They apply to personal information in any form, including electronic and digital form. The APPs can be accessed at the website of the office of the Australian Information Commissioner, www.privacy.gov.au.
Other Australian laws protecting personal information that we need to comply with include the Telecommunications Act 1997 (Cth), Spam Act 2010 (Cth), Do Not Call Register Act 2006 (Cth), data retention laws and state legislation relating to health records.
Personal information and sensitive information
When ‘personal information’ is used in this policy it refers to information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Personal information also includes sensitive information. Sensitive information includes information about your political opinions or memberships, religious beliefs, sexual preferences or practices, ethnic origins, medical records or criminal records.
In the event that we collect sensitive information we will only collect this information with your consent and use it for the purposes you have provided it to us.
Why we collect personal information
We only collect personal information where it is reasonably necessary for our functions or activities or as required by law. These include:
- providing services to our customers;
- administering and managing our relationships with suppliers, customers and shareholders, including for billing, credit control and investor purposes;
- marketing and promotional activities to grow and promote our business;
- undertaking research and development to improve our services;
- obtaining services from other businesses;
- employing staff; and
- complying with our legal and regulatory obligations.
- The type of personal information that we collect will depend on your interaction with us. If we can’t collect the personal information that we need we may not be able to provide services or meet the expectations of customers or shareholders.
How we collect personal information
We receive personal information through a variety of sources. These include telephone, face to face communications, shareholder registrations, digital and online sources, email, hard copy communications or competitions. We also collect information directly and indirectly from our contractors, suppliers or agents such as:
- social media platforms like Twitter and Facebook;
- marketing lists, databases and data aggregation services;
- websites or websites hosted or operated by our contractors, suppliers or agents;
- credit reporting agencies if you become our customer.
- Personal information that we may collect
The type of personal information we may collect about you depends on the transactions you undertake with us but we need to collect basic identifying information from customers or prospective customers. Basic identifying information includes name, residential address, email address, telephone number and date of birth. Additionally for corporate customers, we may collect the job title and business address.
To manage our relationships with customers, shareholders and suppliers we may also collect (which is not an exhaustive list):
- financial or credit information including credit history or bankruptcy, bank account or credit card information, details about assets or income, employment history or concessional entitlements;
- proof of identity such as driver’s license or passport number;
- telephone service number (including unlisted numbers) and other public number customer details to provide it to the operator of the integrated public number database. Information in this database is used by emergency assistance organisations such as ambulance or fire brigade services; or
- details of property including ownership or leasing arrangements.
To improve our services or products we may collect information about how these are used, including:
- faults or complaints;
- usage of the product or service (call or internet usage); or
- responses to promotions.
For the purpose managing our staff we also collect information about our employees and prospective employees.
Our share registry provider may also collect the following information for the purposes of maintaining shareholder information in accordance with ASX requirements:
- Full name of the individual shareholder and if applicable, of the trustee;
- Information relating to any Power of Attorney, including the name, address, telephone number(s), residential address, occupation and date of birth of the attorney;
- Bank account details if you have elected to receive your dividends paid into your bank account; or
- Your SRN or HIN.
Personal information collected from you for the purpose of establishing you as a shareholder may be used and disclosed for related purposes such as identity verification, providing you with shareholder services, dispatching correspondence and documents to you which are related to your shareholding and responding to complaints or inquiries.
Personal information collected for the purpose of establishing you as a shareholder may also be used for the purpose marketing of products and services of Vocus’ subsidiaries, such as exclusive shareholder offers.
Dealing with us without providing personal information
In some instances, when you interact with us you may choose to act anonymously or provide a pseudonym where it is practical to do so. For example, if you have a general enquiry about us or our services, we will answer your enquiry without collecting any personal information from you. Please note that if you don’t wish to be identified we may not be able assist you or provide the information you need.
Personal information collected online
Personal information provided to us via email, through our website or social media sites is also governed by this policy.
We may have commercial relationships with third parties allowing visitors to our website to link directly to websites operated by those parties. These websites may collect personal information from you which would be shared with us. Any personal information we obtain will be handled in accordance with this policy.
We aren’t responsible for the content or practises of websites operated by third parties that may be linked to our website. Such links are for your convenience and don’t constitute sponsorship, endorsement or approval of the content, policies and practises of those sites.
Personal information and metadata
As a telecommunications service provider we are required under the Telecommunications (Interception and Access) Act 1979 (Cth) to collect personal information about the identity of a subscriber (or customer) to a communications service (such as internet services), the source of the communication, the destination of the communication, the date, time and duration of the communication, the type of the communication and the location of the equipment used in the communication.
All personal information collected will be handled in accordance with this policy.
How we use and disclose personal information
We are permitted to use or disclose personal information for the purpose for which it was collected as well as related purposes (but for sensitive information only purposes directly related to the primary purpose and consented to by you). For example, when setting up an account the personal information we collect may be used or disclosed for related purposes like credit checks, installing a service, investigating and resolving complaints or marketing other Vocus products or services.
For direct marketing activities, when using personal information (but not sensitive information), we or third parties acting on our behalf, may promote our or other organisation’s products or services to you using email, telephone, social media sites, post or other means. You are able to opt out of receiving direct marketing.
The Privacy Act and APPs also allows us to use and disclose personal information if required or authorised under an Australian law or a court or tribunal order, if a permitted general or health situation exists as defined in the Privacy Act or we believe the use or disclosure of the personal information is reasonably necessary for activities conducted by a law enforcement agency. In these instances we do not need consent to disclose personal information.
For our contractors, suppliers, affiliates or agents, we use and disclose personal information in order to manage our relationship with them.
Personal information may be disclosed to credit reporting or credit collection agencies in accordance with the requirements in the Privacy Act.
We use third parties to assist us to provide products and services and administer our relationships with our customers and shareholders. We may disclose personal information about our customers or shareholders to a range of third parties, including:
- legal, accounting, insurance or advisory consultants;
- sales agents and representatives, contractors or suppliers;
- companies within the Vocus Communications group;
- complaint handling bodies, Government or regulatory bodies;
- printers, mail distributors, couriers and dispatch centres; and
- IT service providers and data managers.
- Being a telecommunications service provider means that personal information that we collect when providing telecommunications services may be disclosed in connection with directory assistance activities for emergency assistance organisations or other urgent services, security purposes or activities carried out by law enforcement agencies, the operator of the integrated public number database or in accordance with other relevant codes or Australian laws applicable to our industry.
Personal information disclosed outside Australia
Some personal information we collect may be disclosed to persons or our contractors, suppliers, affiliates or agents that are outside Australia. Our:
- Customer service and marketing call centre operations are based in Manila, Philippines, and may access your personal information for the purposes of sales and marketing, customer service, provisioning, fault management, billing or technical support;
- webhosting, database and document storage services involve personal information being transferred to IT service providers based in Philippines, Ireland, Singapore, New Zealand, Canada, United Kingdom and the United States of America;
- survey tools used for customer or Vocus staff satisfaction surveys involve personal information being transferred to IT providers in Singapore, New Zealand, Canada, Kingdom and the United States of America;
Protection of your personal information
Protecting your personal information and ensuring that it is complete, accurate, up-to-date and relevant is important to us.
We will take reasonable steps to ensure that your personal information is protected from misuse, loss and from unauthorised access, modification or disclosure. Our staff are trained to treat shareholder and other customer information with the utmost confidentiality. Our contractors, suppliers, affiliates or agents have contractual arrangements in place with us that require them to comply with applicable privacy laws and our policies. If a contractor, supplier, affiliate or agent is based outside Australia, our contractual arrangements also oblige them to treat personal information transferred to them with the same level of protection as would apply to the information in Australia.
For personal information that is stored in hardcopy or electronically, we have processes in place to ensure that our information systems and files are kept secure from unauthorised access and interference.
Dealing with Vocus online
Correcting or accessing your personal information and complaints
If we hold personal information you are able to access that information. For complex requests, a cost may be charged to you to provide the information, particularly if the information is archived or is of significant size and it will take time to locate the information and provide it to you in an appropriate form.
You are able to ask us to correct the information that we hold about you if you believe that it’s incorrect.
We don’t need to give you access to your personal information where we think access may:
- be against the law;
- be prejudicial to us in negotiations or legal proceedings with you;
- be prejudicial to law enforcement activities;
- unreasonably impact the privacy of others;
- present a serious threat to health or safety; or
- expose commercially sensitive information relevant for a decision-making process.
You can call or write to us to access your personal information.
Australia: 1800 030 057
International: +61 2 8999 8999
452 Flinders Street
Melbourne, VIC 3000 Australia
If you believe that we have acted in a manner that breaches the APPs or the Privacy Act we recommend that you contact us first. The Privacy Officer will investigate your complaint and notify you of the outcome. If you are dissatisfied with the outcome of your complaint, or you do not receive a response to your complaint within 30 days, you may make a complaint to the Office of the Australian Information Commissioner (OAIC). Complaints to the OAIC must be made in writing.
If your complaint relates to our handling of personal information in relation to your telephone or Internet service, the Telecommunications Industry Ombudsman whose details can be found at www.tio.com.au.
If this policy does not provide the information you require about how we deal with personal information or you have any questions or comments, please feel free to contact us.
Updated: November 2017