Personal information is information or an opinion about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. HeloPaul.com may also collect any personal information necessary for the purposes of complying with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, where applicable. The information we collect from you will depend on what services we provide to you and may include the following:
Open and transparent management of personal information
Collection of personal information
This policy details how HeloPaul.com adheres to the Australian Privacy Principles regarding the collection of solicited personal information. HeloPaul.com only collects personal information directly from individuals, which is reasonably necessary for the provision of our services, and only by lawful and fair means. Information is generally sought through our account application forms, in which the purpose is articulated. Accordingly, we will always ensure you are apprised of our purpose in collecting information, and your right to gain access to such information. If you do not provide the information requested, we may be unable to provide you with our services. Please note that generally we will only use the personal information we collect for the main purposes disclosed at the time of collection such as to provide walking tours or related services. Where possible we will collect the information directly from you via our online registration. When you visit our web site our web server collects the following types of information for statistical purposes:
No attempt is made to identify individual users from this information. The HeloPaul.com web site may contain links to the web sites of third parties. If you access those third-party web sites, they may collect information about you. HeloPaul.com does not collect information about you from the third parties. You will need to contact them to ascertain their privacy standards.
We may share Web site usage information about visitors to the Web site with reputable advertising companies for targeting our Internet banner advertisements on this site and other sites. For this purpose, pixel tags (also called clear gifs or web beacons) may be used to note the pages you have visited. The information collected by the advertising company through the use of these pixel tags is not personally identifiable.
If you provide us with your e-mail address during a visit to our web site it will only be used for the purpose for which you provided it to us. It will not be added to a mailing list without your consent unless the mailing list is related to the purpose for which you provided your e-mail address to us. We may use your e-mail address, for example, to provide you with information about a particular service or respond to a message you have sent to us. If you use one of our services and provide your e-mail address to us so that we may communicate with you through e-mail, we may also use your e-mail address to advise you of upgrades and changes to those services.
Unsolicited personal information
Where we receive personal information about an individual which is unsolicited by us and not required for the provision of our services, we will destroy the information (provided it is lawful and reasonable for us to do so).
Notification of the collection of personal information
When we obtain personal information about you, we ensure that you have our contact details and that you are aware of the collection of information and our purposes for doing so. As per above, we are unable to provide certain services if the requested information is not provided. We do not disclose your information to third parties, unless they are related entities or services providers, in which case they are required to conform to our procedures.
Use and disclosure of personal information
HeloPaul.com collects and holds personal information about an individual for the purpose of providing services. We collect this information with your consent as per our online registration process or other documentation, for the primary purpose disclosed to you at the time of collection.
We may disclose your personal information where it is required or authorised by law.
We may use your personal information to:
We may disclose your personal information to:
HeloPaul.com will only use personal information obtained for the provision of our services, for the secondary purpose of direct marketing where:
1. HeloPaul.com collected the personal information from the individual; and The individual would reasonably expect HeloPaul.com to use or disclose the information for the purpose of direct marketing; and
2. HeloPaul.com provides a simple means through which an individual can request to not receive marketing communications; and 3. The individual has NOT requested such communications cease.
Often the law requires us to advise you of certain changes to products/ services or regulations. You will continue to receive this information from us even if you choose not to receive direct marketing information from us. We will not disclose your information to any outside parties for the purpose of allowing them to directly market to you. Cross border disclosure/Sensitive information/Use of government identifiers/Anonymity & Pseudonymity
HeloPaul.com, for the purposes of the Privacy Act, does not collect sensitive information. Wherever lawful and practicable, individuals may deal anonymously with HeloPaul.com but given the nature of our services, that will not always be a viable option. HeloPaul.com does not use official identifiers (e.g. tax file numbers) to identify individuals. An individual’s name or Australian Business Number is not an identifier for the purposes of the Privacy Act and hence may be used to identify individuals.
HeloPaul.com may disclose personal information to third party tour guides and operators in other jurisdictions for the sole purpose of providing you with our services in those locations. HeloPaul.com requires any party that has access to personal information to conform to our privacy standards.
Quality of personal information
HeloPaul.com takes all reasonable steps to ensure the personal information held about individuals is accurate, up-to-date and complete. We verify personal information at the point of collection.
HeloPaul.com encourage you to help us by telling us immediately if you change your contact details or if any of your details need to be corrected or updated. A person wishing to update their personal information may contact our staff or the Privacy Officer on the contact details shown within this document.
Access to personal information
Where a person requests access to their personal information, our policy is, subject to certain conditions (as outlined below) to permit access. HeloPaul.com will correct personal information where that information is found to be inaccurate, incomplete or out of date. We will not charge you a fee for your access request but may charge you the reasonable cost of processing your request.
If a person wishes to access their personal information or correct it, they should contact the Privacy Officer, and we will seek to provide such information within a reasonable period of time, and in the manner so requested (where reasonable to do so).
HeloPaul.com may not always be able to give you access to all the personal information we hold about you. If this is the case, we will provide a written explanation of the reasons for our refusal, together with details of our complaints process for if you wish to challenge the decision. We may not be able to give you access to information in the following circumstances:
Where we reasonably believe this may pose a serious threat to the life, health of safety of any individual or to public health/safety;
1. Which would unreasonably impact the privacy of another individual;
2. Where such request is reasonably considered to be frivolous or vexatious;
4. Which relates to existing or anticipated legal proceedings which would otherwise not be accessible in the discovery process relating to such proceedings;
5. Which would reveal our intentions and thereby prejudice our negotiations with you; f. Which would be unlawful;
g. Which is prohibited by law or a court/tribunal order; Which relates to suspected unlawful activity or serious misconduct, where access would likely prejudice the taking of appropriate action in relation thereto; Where enforcement activities conducted by or on behalf of an
enforcement body may be prejudiced; or
Where access would reveal details regarding a commercially sensitive decision-making process.
Correction of personal information
Where HeloPaul.com believes information we hold about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, OR an individual requests us to correct information held about them, HeloPaul.com will take all reasonable steps to correct such information in a reasonable time frame. No fees are payable for such requests. If you request us to similarly advise a relevant third party of such correction, we will facilitate that notification unless impracticable or unlawful for us to do so.
If HeloPaul.com intends to refuse to comply with your correction request, we will notify you in writing of our reasons for such refusal, and the complaints process you may HeloPaul.com if you wish to challenge that decision. You may also request that we associate the personal information we hold with a statement regarding your view of its inaccuracy. Notifiable Data Breaches Scheme
We will report ‘eligible data breaches’ to the affected individual(s) and the Australian Information Commissioner in relation to the (including suspected) unauthorised access or disclosure of personal information held, which is likely to result in serious harm to the relevant individual(s), and where we have been unable to prevent the likely risk of serious harm with remedial action.
We will formulate a data breach response plan, to limit any negative consequences of such a breach. An effective response involves a process to contain, assess, notify and review.
Security of personal information
We take reasonable steps and precautions to keep personal information secure from loss, misuse, and interference, and from unauthorised access, modification or disclosure
If you use the Internet to communicate with us, you should be aware that there are inherent risks in transmitting information over the Internet. HeloPaul.com does not have control over
information while in transit over the Internet and we cannot guarantee its security. Where information is no longer required to be held or retained by HeloPaul.com for any purpose or legal obligation, we will take all reasonable steps to destroy or de-identify the information accordingly.
EU General Data Protection Regulation
In accordance with the data protection requirements in the European Union General Data Protection Regulation (EU GDPR), we provide the following additional measures which we have adopted in relation to all EU clients and third parties:
1. We will limit the processing, collection and retention of data to the extent legally possible and practically viable.
2. We will not request or collect data that is not required for the purpose of providing our services or meeting our legal obligations.
3. We will delete your information, and acknowledge your right of erasure or to be forgotten, as soon as we are legally able and subject to our other legal and regulatory obligations regarding record-keeping.
4. You may advise us at any time that you withdraw any consent previously given to us, and require us to stop processing your data. 5. You may object to any decision based on automated processing, and you may request a manual review.
6. You have the right to request a transfer of your personal information, which will be provided in a machine-readable electronic format.
7. Where we intend to process/utilise your personal data beyond the disclosed legitimate purpose for which it was collected, we will obtain a clear and explicit consent from you (which can be withdrawn at any time).
8. We will maintain a Personal Data Breach Register, and notify the relevant regulator in a timely manner as required.
9. We ensure that organisational and technical mechanisms are utilised to protect personal data when we are designing new systems and processes. 10. We will conduct Data Protection Impact Assessments when initiating a new project/change/product which involves significant changes to the processing of personal information.
11. We ensure our representatives are regularly trained regarding our obligations and their responsibilities under applicable privacy/data protection regulations.
If you have a complaint relating to our compliance with privacy laws or our treatment of your personal information, please contact our Privacy Officer at the contact details above. We will investigate your complaint and endeavour to resolve the issue to your satisfaction. If you are not satisfied with the outcome of your complaint, you have the right to lodge a complaint with the Office of the Australian Information Commissioner by telephoning 1300 363 992 or visiting their website at www.oaic.gov.au