Phantm Pty Ltd – Privacy Policy

Introduction to the policy

Welcome to www.phantm.com (the Site). The Site is owned and operated by Phantm Pty Ltd (Phantm) ABN 67 639 719 976.

By using the Site or any facilities or services made available through or on it, you warrant that you have read, understood and agree to be bound by this Privacy Policy and approve of the collection and use by Phantm Pty Ltd of your Personal Information according to the terms below. We are bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Privacy Act).

Where the requirements under the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016”, known as the EU General Data Protection Regulation (GDPR), or the Personal Information Protection and Electronic Documents Act (PIPEDA) apply to the way we handle the Personal Information of our customers, suppliers and website visitors, we will comply with our obligations under the GDPR and PIPEDA.

This Privacy Policy describes the manner in which we collect, hold and use information that is covered by the Privacy Act and/or GDPR and PIPEDA. It is not intended to cover categories of information that are not covered by the Privacy Act, GDPR and PIPEDA. If you wish to make any inquiries regarding this Privacy Policy, you should contact us in any of the ways specified at the end of this policy.

References in this Privacy Policy to “you” are references to you as an individual and/or as a company, organisation or trust as applicable.

We may, from time to time, review and update this Privacy Policy including to take into account new laws, regulations and technology. All Personal Information held by us will be governed by our most recent Privacy Policy, posted on our website www.phantm.com. Our most recent Privacy Policy will apply to our collection, use and disclosure of Personal Information.

Purpose

Our Privacy Policy exists to:

  • govern how Phantm collects, manages, uses, discloses and protects all Personal Information in accordance with the Australian Privacy Principles and relevant local and international laws.

Who is this for?

All people connected to Phantm - prospective, current and past visitors, customers, employees, contractors and other stakeholders.

Phantm’s Policy

Phantm respects your right to privacy and is committed to safeguarding the privacy of our customers and website visitors. We adhere to the Australian Privacy Principles contained in Schedule 1 to the Privacy Act 1988 (Cth) (“Privacy Act”).

Where the requirements under the “Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016”, known as the EU General Data Protection Regulation (GDPR), or the Personal Information Protection and Electronic Documents Act (PIPEDA) apply to the way we handle the Personal Information of our customers, suppliers and website visitors, we will comply with our obligations under the GDPR and PIPEDA.

Procedures

There are six elements of our privacy procedures:

  1. Collection of Personal Information
  2. Use and disclosure of Personal Information
  3. Security of Personal Information
  4. Access and correction to your Personal Information
  5. Making a complaint
  6. Website privacy procedures

1. Collection of Personal Information

How do we collect personal information from you?

Phantm collects Personal Information from you when you:

  • interact with us via our website,
  • communicate with us through email,
  • at an event or in person,
  • when we provide services or products to you,
  • or you become an employee of Phantm.

We may receive Personal Information from third parties including from our suppliers, partners, through events or online marketing. If we do, we will deal with that Personal Information as set out in this Privacy Policy.

We will only collect Personal Information from you to the extent that this is reasonably necessary for our functions, as outlined in this Privacy Policy.

What personal information do we collect?

Depending on the purpose for which the information is being collected, we may ask for your:

  • Name,
  • Email address,
  • business information,
  • employment information,
  • physical address, and
  • phone number.

We will provide you with the option of using a pseudonym or otherwise not identifying yourself, where this is not impracticable or unlawful in the circumstances.

We may collect additional information at other times, including but not limited to, when you provide feedback, change your content or email preference, respond to surveys and/or promotions.

Sensitive Information

We normally do not collect Sensitive Information. Sensitive Information includes health information, genetic information, biometric information or templates, or Personal Information that is also information or an opinion about an individual’s race or ethnicity, their religious, political or philosophical beliefs, opinions or affiliations, their sexual orientation or criminal record.

We will only collect Sensitive Information where this is reasonably necessary for our functions or activities, and the Sensitive Information is provided with your consent or the collection of the Sensitive Information by us is permitted or required by law, or where this is otherwise permitted by the Australian Privacy Principles.

If you are based in Europe

If you are based in Europe and/or the GDPR or PIPEDA applies to how we collect, use or disclose your Personal Information (including Sensitive Information or special category data), we will request that you provide us with your consent to collect, use or disclose your Personal Information, and explicit consent (on an opt in basis) where this Personal Information is Sensitive Information or special category data. You may withdraw your consent any time in the same manner in which you gave consent or by contacting us in any of the ways set out below.

2 Use and disclosure of Personal Information

When you provide us with Personal Information, you agree that we may use Personal Information for the purpose for which it was collected (the primary purpose) or where you would reasonably expect us to disclose the information, and in accordance with the Privacy Act.

Why do we collect, use and disclose personal information?

The primary purpose that we use or disclose Personal Information for typically relates to one or more of our business functions or activities:

  • to deliver our technology services and products to our customers (in some cases with support from third party providers);
  • to market and sell our products and services;
  • to improve our products, our marketing and to better understand your needs,
  • to provide you with information and updates including to make you aware of new and additional services and opportunities available to you, and
  • to conduct employee-related activities.

If we use or disclose your Personal Information for a purpose other than the primary purpose of collection, to the extent required by the Privacy Act, we will ensure that:

  • the secondary purpose is related to the primary purpose (and directly related in the case of Sensitive Information) and you would reasonably expect that we would use or disclose your information in that way;
  • the use or disclosure is required or authorised by or under law; or
  • the use or disclosure is otherwise permitted by the Privacy Act.

If you are based in Europe and/or the GDPR applies to how we collect, use or disclose your Personal Information, we will consider the factors outlined in Article 6(4) of the GDPR in order to conclude whether the use or disclosure of your Personal Information is compatible with the purposes for which the Personal Information was initially collected.

We may disclose your Personal Information to our employees, professional advisers, suppliers or contractors for use in related to the primary or secondary purposes set out in this Policy. Where required by the Privacy Act, PIPEDA or the GDPR, we will seek your consent to the processing of your Personal Information for specific purposes or your explicit consent when processing Sensitive Information or special category data (if applicable).

Use or disclosure of Personal Information for direct marketing purposes

Where we use or disclose Personal Information about you for the purpose of direct marketing, we will provide you with a simple means by which you can request to opt-out of receiving direct marketing communications, and we will comply with that request within a reasonable time. We will not use or disclose your Personal Information for the purpose of direct marketing where you have previously requested to opt-out of receiving direct marketing communications.

Disclosure of Personal Information outside Australia

We may disclose Personal Information outside of Australia to cloud services providers, partners or other third party service providers (Overseas Entities). These providers are likely to be located in North America and Europe, where we have current technology partnerships.

It is possible that the Overseas Entities may be subject to foreign laws that do not provide the same level of protection of information as in Australia or that provide a greater level of protection than in Australia. We take reasonable steps to ensure that these overseas entities do not breach the Australian Privacy Principles and that they are obliged to protect the privacy and security of your Personal Information and use it only for the purpose for which it is disclosed.

3. Security of your Personal Information

We may hold your Personal Information in either electronic or hard copy form and your Personal Information may be stored on behalf of third- party service providers. We take reasonable steps to protect your Personal Information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your Personal Information.

Measures we take to protect your Personal Information include:

  • using appropriate information technology and processes;
  • restricting access to your Personal Information to our employees and those who perform services for us who need your Personal Information to do what we have engaged them to do;
  • using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files;
  • requesting certain Personal Information from you when you wish to discuss any issues relating to the products and services we provide to you.

We will take reasonable steps to dispose of Personal Information where it is no longer necessary to fulfil the purposes for which the information was collected or as required by Australian law.

4. Access and correction to your Personal Information

Subject to some exceptions that are set out in the Australian Privacy Principles, you may access any Personal Information we have about you. To do so, please contact us and we will respond to your request in a timely manner. An administration fee may be payable so that we can obtain the information you require. If your request is refused, we will provide you with written reasons for the refusal.

If you believe that your Personal Information is inaccurate, incomplete or out of date, please contact us and we will take reasonable steps to ensure that it is corrected.

If you are based in Europe and you provide us with your Personal Information, or your Personal Information is disclosed to us or processed by us, you may have additional rights under the GDPR, including but not limited to the right to access your Personal Information, to rectify your Personal Information, to erase your Personal Information (the ‘right to be forgotten’), to restrict processing of your Personal Information and the right to receive your Personal Information (the ‘right of portability’). If the GDPR applies we will comply with our obligations in relation to the exercise of your rights under the GDPR. If you are based in Europe, we will not charge you for information we provide to you in accordance with GDPR Article 12(5).

5. Making a complaint

If you have any queries or complaints regarding our handling of your Personal Information, please contact us using the details at the bottom of this policy.

Your query or complaint will be investigated as soon as possible and you will be provided with a written response.

Alternatively, you may make a complaint to the Office of the Australian Information Commissioner. The Commissioner may decline to hear the complaint if you have not first made a complaint to us directly.

6. Website privacy procedures

Website terms of use

This Privacy Policy governs how we use, collect or disclose Personal Information provided on our Website. By using the Website you agree to the terms and conditions contained in this Privacy Policy.

We will not collect any Personal Information about users of our Website except when they knowingly provide it (including where the collection of this Personal Information is disclosed in our Privacy Policy).

When you visit the Site, cookies and other similar tracking technologies allow us to identify your movements around the Site. This information provides us with constructive feedback about the Site so that we can identify the most effective areas and improve the less popular ones for statistical, reporting and maintenance purposes. These technologies cannot determine the identity of individual users and are only used in aggregate. Cookies are a feature of your internet browser which you can disable at any time.

Links to external websites

Our site has links to other websites not owned or controlled by us. Linked websites are responsible for their own privacy practices and you should check those websites for their respective privacy statements.

Corrective Action

We take privacy of information seriously. The Notifiable Data Breaches Scheme (NDB scheme) in Part IIIC of the Privacy Act sets out obligations for notifying affected individuals, and the Office of the Australian Information Commissioner (Commissioner), about an “eligible data breach” (as defined in the Privacy Act) which is likely to result in serious harm.

Where a data breach occurs and serious harm to affected individuals is likely, Phantm will notify those individuals and the Commissioner in accordance with our legal obligations.

If you are based in Europe and you provide us with your Personal Information, or your Personal Information is disclosed to us or processed by us, you may have additional rights under the GDPR relating to security and protection of data, notification of “personal data breaches” (as defined in the GDPR), and a right to compensation for damage arising from a personal data breach. If the GDPR applies we will comply with our legal obligations.

Employees or contractors who willingly or neglectfully breach this policy and procedure will be subject to disciplinary action.

Document Control

This policy will remain in effect from 1 November 2021.

It supersedes the previous version effective 1 May 2020.

Changes to Privacy Policy

The changes to the privacy policy were major revisions to improve plain English and align our privacy procedures with best practice for both Australian and global visitors.

Contacting us

If you have any questions about our Privacy Policy, please contact our Officer responsible for privacy at privacy@phantm.com