The Hyne Group, including Hyne & Son Pty Ltd, and XLam Australia Pty Ltd is committed to observing the Australian Privacy Principles for the fair handling of personal information. These principles regulate the collection, use, disclosure and storage of the personal information that we collect. They also contain rights in relation to access and correction of personal information by individuals.
Scope
Our respect for your rights to the privacy of your personal information is paramount. All personal information, no matter how or where it is obtained, is handled sensitively, securely and in accordance with the Australian Privacy Principles. This Privacy Policy sets out our practices in relation to personal information having regard to the Australian Privacy Principles and how you may exercise rights that you may have in relation to the personal information that we hold about you.
This policy applies only to personal information. Personal information is information about an individual in which the individual is reasonably identifiable. It includes opinions. It also includes information whether true or not, and information stored in either a material form or in other non-material forms such as in an electronic form.
Collecting personal information
We only collect personal information relevant to our relationship with you.
Customers
To provide you with goods and services and in some cases to provide you with credit, we collect:
- contact and delivery details
- names and details of directors and guarantors
- financial information
Suppliers and consultants
For due diligence before purchasing goods and services from you, we collect:
- contact details
- names and details of directors and guarantors
- financial information
- details of trade references and qualifications
- public records (e.g., licenses, and insolvency information)
Potential employees
To assess your suitability for employment with us, we collect:
- contact details
- details of references and qualifications
- public records (e.g., licenses, social media profile)
Employees
For communicating with, managing safety, and paying our employees, we collect:
- contact details
- emergency contact details
- financial and taxation information
- health information
- biometric data
Potential customers
For communicating with potential customers about events, products and services, we collect:
- contact details
- Visitors to our sites
- For safety and security we collect:
- contact details
- location, video and sound information (e.g., CCTV, drones, radio recordings, vehicle locations)
*NB there will usually be signs indicating CCTV
We collect this personal information directly from you where it is practicable and reasonable for us to do so. Sometimes we may collect information about you from third parties. We obtain your consent to collect information about you as required by law.
We may collect personal information about you to assist us to manage a request that you make to us for access or correction in accordance with this policy or to investigate or respond to a complaint.
We do not usually collect sensitive information except:
- In circumstances where it is reasonably necessary to do so; or
- Where there are other specific reasons for us to do so. For example, we may collect health information about contractors or prospective employees where we consider that information to be reasonably required to assist in the safe management of our workplace or if we need to do so to manage an emergency.
We will usually try to collect sensitive information from you directly or to seek your consent to the collection of sensitive from third parties.
Security
To protect the personal information that we store:
- We will take such steps as are reasonable in the circumstances to protect the personal information that we hold from misuse, interference and loss. We will also take reasonable steps to protect the information from unauthorised access, modification or disclosure. This generally involves both physical and electronic security as appropriate.
- We manage our security risks by using up-to-date techniques and processes that meet current industry standards to ensure that your personal information is kept secure.
- We also take measures to destroy or permanently de-identify personal information when it is no longer required. Sometimes we may need to keep records after the conclusion of transactions with you for legal or taxation reasons.
- We may from time to time adopt third party or cloud-based data storage solutions. We will only select a service provider that we consider to be reputable, who in our view has adopted appropriate security measures and whose terms and conditions we consider include satisfactory undertakings to protect the security and integrity of the information that we are storing.
Sharing personal information
We disclose information to:
- Software companies that provide services including storing personal information for our business;
- Contractors such as printers and transport companies;
- Our professional advisers such as auditors and solicitors;
- Credit reporters. (We may publish an additional statement from time to time in relation to our particular practices in respect of credit information and credit eligibility information. Elements of that policy may have more specific comments on matters like access, correction and dealing with complaints);
- To persons to whom you have requested or given your consent to us to disclose information to (for example to other organisations where you have asked us to act as a trade referee). We may include specific consents or disclosures in application forms or consents from time to time;
- To persons that you have nominated to us as your personal referees or trade referees;
- Law enforcement authorities or government agencies where we are authorised or required by law to do so (e.g., in relation to investigation of a crime or an incident occurring in our workplace); and
- Emergency services where there is a threat to the health or safety of any person or the public or to other people and agencies where the law allows us to make a disclosure.
- We do not normally disclose personal information to overseas recipients or sell customer lists to entities that buy and sell marketing lists.
Your rights and choices
What happens if you do not want to disclose personal information?
You have no obligation to provide any personal information requested by us, but if you choose to withhold personal information, we may not be able to perform certain tasks. In some cases, this may mean we cannot do business with you.
How can you access your personal information?
- You have a right to access the personal information we hold about you, subject to some exceptions allowed by law, by calling or writing to us (see contact details below). We will give you reasons for refusing a request for access unless doing so is unreasonable in the circumstances.
- For security reasons, we will ask you to properly identify yourself to verify your right to receive the personal information requested.
- We may charge a reasonable fee for granting you access or providing access in a particular form if your request for access requires a substantial effort or cost on our part. However, we will not charge you a fee for your initial request and we will tell you in advance if we propose to charge you a fee for providing access.
- We recommend that, to ensure the accuracy of the personal information we hold, you keep us up to date with any changes in your personal information.
How to request correction of personal information?
- If you believe that personal information that we hold about you is inaccurate, out of date, incomplete or misleading (having regard to the purpose for which it is held) then you may make a request to us to correct that information.
- We will respond to such a request within a reasonable time; (generally this will be within 30 days of receiving your request. If we do not agree to make a correction, then we will tell you why (unless in the circumstances it is unreasonable for us to do so). Our response will advise you of how you may make a complaint and will include any other information that we are required by law to include in our response.
- If we refuse a request for correction, we will comply with any obligations that we may have under the Australian Privacy Principles to associate a statement to the relevant personal information that it is inaccurate, out of date, misleading or irrelevant. We will associate this statement in a way that is apparent to the users of that personal information. We may have regard to what steps are reasonable in the circumstances when considering our response to associate a statement with the relevant person information.
- We will not charge you a fee for making a request to correct information or a request to associate a statement.
How to make a complaint
If you consider that we have breached our obligations under the Privacy Act 1988 and the associated Australian Privacy Principles, then you may do so by contacting us. We recommend that you make your complaint in writing so that we can properly assess the complaint.
We will consider your complaint and respond to you within a reasonable time. Generally, we will respond to you within 30 days of you making the complaint.
If you are still not satisfied with our response, then you may consider further options in relation to taking your complaint further. See our separate statement in relation to credit information and credit eligibility information for specific dispute resolution options that may be available for those categories of personal information.
The Privacy Act 1988 also sets out procedures under which you may make a complaint to the body that regulates privacy in relation to personal information. You should contact the Office of the Australian Information Commissioner (OAIC) for details about how to make a complaint. Contact details are set out at the end of this policy.
Contact details
If you have any questions or would like to request a copy of this policy in a different format, please contact us
By phone: +61 7 4121 1211 (during business hours), or
By email: [email protected]
By post:
Company Secretary
Hyne Timber
PO Box 106
Maryborough QLD 4650
Australia
About this policy
We may make changes to this policy from time to time including reflecting any changes in our business, our information handling practices and the law.
The date of this version of the Hyne Group Privacy Policy is 22 March 2024.
For more information about privacy law and the Australian Privacy Principles, visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.