Privacy and Security Policy
Mill Estate Holdings Pty Ltd ACN 119 975 405, ABN 95 119 975 405 and CMSM Pty Ltd ATF the calms Hybrid Trust CAN 142 373 420, ABN 60 580 332 068 and their related entities (collectively, Harcourts Solutions, us, we, our) are committed to protecting the privacy of your personal information.
Harcourts Solutions is required to comply with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs) in Australia.
Collection of your personal information
The kinds of personal information we collect and hold about you, and our use of that information, is dependent on the products and services we provide to you.
In addition to operating a national real estate franchise, the products and services that we provide include – providing real estate agency services for the buying, selling, leasing, development and advertising of residential, commercial, business properties, training and providing services in connection with arranging utility connection, removalists, cleaners, conveyancing, financing and insurance.
Generally, this personal information may include (but is not limited to) your name, address, date of birth, telephone number, email address, details of the products or services you have enquired about, property value, rental amounts, insurance details, references (in relation to rental arrangements and job applicants) and photo identification.
Generally, we collect your personal information directly from you. From time to time, we may collect personal information about you from third parties (for example, from your representative, from publicly available sources, from your referees where you apply for a position with us).
When collecting your personal information, we will take reasonable steps to provide you with certain information as required under the APPs, including the purpose of collection, who we may disclose your personal information to, any law that requires or authorises us to collect the information and the main consequences if we do not collect all of the personal information we require. If we collect your personal information from another source, we will take reasonable steps to ensure you are aware of the fact and the circumstances of that collection.
Generally, if we are unable to collect the personal information we require we may not be able to provide you with the products and services you seek. If the information provided is incorrect or incomplete, this may also prevent, limit or otherwise affect our ability to provide products or services to you.
Purposes for which personal information is collected, held, used and disclosed
We will use and disclose your personal information for the purposes for which we collected it, and for other related purposes that you would reasonably expect. We may hold and process personal data that you provide to us in accordance with the GDPR.
Generally, these purposes include responding to your enquiries, providing you with products and services such as those set out in the section above, providing you with marketing information about our products and services, obtaining your feedback on your customer experience, conducting promotional activities and for our general business operations (for example, recruitment, maintenance of our business records, compliance with our legal and insurance obligations and statistical purposes).
By providing us with your personal information, you consent to us using your personal information for these purposes. You agree that we may send you such information by post or by electronic means such as email. You can opt-out of marketing and promotional communications at any time by contacting our Privacy Officer via the details shown below.
We may exchange your personal information within the Harcourts corporate group. We may also disclose your personal information to our franchisees, licensees, agents and contractors for the purposes set out above, and for the purposes of those parties providing services to us or performing business services or functions on our behalf.
Apart from the above instances, we may also use and disclose your personal information with your consent and as otherwise required or permitted by law.
We will only collect ‘sensitive information’ with your consent. We will assume that you have consented to us collecting all information which is provided to us by you for use in accordance with this policy, including any ‘sensitive information’, unless you tell us otherwise at the time you provide it to us.
Storage and security of your personal information
We may hold your personal information in electronic formats or in hard copy.
We take reasonable steps to securely store your personal information to ensure it is protected from unauthorised access, modification and disclosure, and from other types of misuse, interference and loss. This includes electronic and physical security measures and procedures, staff training and use of password protection software.
We will take reasonable steps to destroy or permanently de-identify your personal information when we no longer require it for any purpose for which it was collected. We may retain your personal information for as long as necessary to comply with any applicable law, for legal, insurance and corporate governance purposes, for the prevention of fraud and to resolve disputes. Your personal information may also be retained in our IT system back-up records.
The transfer of data over the Internet is inherently insecure. We cannot guarantee the security, during transmission, of any personal information provided to us via our websites. Please bear this in mind when transmitting information by this means to us.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches Scheme (NDB scheme) in Australia (to be Part IIIC of the Privacy Act 1988 on commencement). The NDB scheme sets out obligations for notifying affected individuals, and the Australian Information Commissioner (Commissioner), about a data breach which is likely to result in serious harm.
Where serious harm to affected individuals is likely, we will notify those individuals and the Commissioner in accordance with our legal obligations. You may contact our Privacy Officer via the contact details below should you require additional information.
Access and correction of your personal information
The Privacy Act, APPs and the GDPR give you the right to access information held about you by us. You may lodge a request to access and correct personal information that we hold about you if you believe it is inaccurate, incomplete, out-of-date, irrelevant or misleading by contacting our Privacy Officer via the contact details shown below.
You may request that we provide you with access to the personal information we hold about you. Generally, we will provide you with access, except in limited circumstances where the APPs permit us to deny access. Any such requests must be made in writing and directed to our Privacy Officer via the details shown below. Under the APPs, we are permitted to charge you a reasonable fee for providing access to your personal information. Please note that no fee will be incurred for requesting access, and if your request for access is accepted we will inform you of the fee (if any) that will be payable for providing access if you proceed with your request.
You may ask us to inform you of the source of any personal information about you that we have collected from a third party. We will provide this at no cost, except in limited circumstances where the APPs or other laws permit us to withhold this information.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to our Privacy Officer at the address detailed below.
Making a complaint
You may lodge a complaint with us if you believe we have handled your personal information other than in accordance with the APPs. To do so please contact our Privacy Officer via the contact details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response. We will endeavor to respond as quickly as possible, which will typically be within 14 days of receiving your complaint.
Harcourts Solutions websites
Overseas disclosure of your personal information
Generally, we will not disclose your personal information to overseas recipients, except upon your request, or if we are authorised or required to do so by law. Generally, such disclosures will be to members of our international corporate group.
If you consent to the disclosure of your personal information to an overseas entity you understand and agree that:
(a) the overseas recipient is unlikely to be required to comply with the Privacy Act and APPs;
(b) the overseas recipient may not be subject to privacy laws that are similar to the Privacy Act or APPs (and may even be compelled to make certain disclosures of your personal information under the privacy regime applicable to them, for example disclosure to the overseas government authorities);
(c) Harcourts Solutions may not take steps to ensure that the overseas recipient handles your personal information in accordance with the Privacy Act and APPs;
(d) the overseas recipient may handle your personal information other than in accordance with the Privacy Act or APPs, in which case you will not be able to seek redress for such acts or practices under the Privacy Act; and
(e) Harcourts Solutions will not be responsible for, or otherwise liable for the way in which the overseas recipient handles your personal information.
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
For the purpose of the GDPR, we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to our Privacy Officer at the contact details below.
If you would like further information about the way we manage your personal information, or if you have a privacy-related complaint, please contact our Privacy Officer by telephone 07 3505 4444, by mail at PO Box 547, Alderley QLD 4051, Australia or by email at [email protected]
Office of the Australian Information Commissioner
More information about your rights and our obligations in connection with your personal information are available from the Office of the Australian Information Commissioner at www.oaic.gov.au.