1 Definitions
1.1. Privacy Legislation Amendment Act 2022: Refers to the Australian legislation passed on November 28, 2022, which introduced significant amendments to the Privacy Act 1988 (Cth).1.2. December 2022 Changes: Pertains to the amendments brought about by the Privacy Legislation Amendment Act 2022, which came into effect on December 13, 2022.
2 Services
2.1. The Service Provider shall comply with all relevant laws and regulations, including but not limited to the Privacy Act 1988 (Cth) and its subsequent amendments, such as the Privacy Legislation Amendment Act 2022 and the December 2022 Changes.
3 Compliance
3.1. The Parties acknowledge the increased fines and enforcement activities introduced by the Privacy Legislation Amendment Act 2022, including the maximum fine for breaches of privacy law, now amounting to the greater of AUD 50 million, three times the benefits obtained from the breach, or 30% of the entity's Australian annual revenue during the breach's duration.
3.2. The Service Provider agrees to allocate sufficient resources and take proactive measures to ensure compliance with the Privacy Act 1988 (Cth) and its amendments, as well as any guidelines or directives issued by the Office of the Australian Information Commissioner (OAIC).
4 Data Protection
4.1. The Service Provider shall implement robust data protection measures to safeguard the privacy and confidentiality of personal information in accordance with the Privacy Act 1988 (Cth) and its amendments, including the Privacy Legislation Amendment Act 2022.
4.2. In the event of a data breach or eligible data breach as defined by the Privacy Act 1988 (Cth), the Service Provider shall promptly notify the Client and relevant regulatory authorities as required by law.
5 Governing Law
5.1. This Agreement shall be governed by and construed in accordance with the laws of Australia, including the Privacy Act 1988 (Cth) and its subsequent amendments.
6 Payments
6.1. The Client agrees to pay the Service Provider a subscription fee for the use of the ESG assessment platform. Payments will be made via monthly direct debit, with the subscription fee being automatically deducted from the Client's designated bank account.
7 Miscellaneous
7.1. Any disputes arising out of or in connection with this Agreement shall be resolved in accordance with the dispute resolution mechanisms outlined herein and shall be subject to the jurisdiction of the courts of Australia.
8 Data Retention
8.1. In alignment with our ESG platforms, data retention practices must adhere to the principles outlined in the Australian Privacy Principles (APPs), particularly APP 11.2. This regulation mandates the deletion or de-identification of personal information once legal requirements to maintain it in identifiable form have expired, except in cases of current or pending litigation, and after it has served its notified purpose(s) of collection. Our document retention policies will reflect these requirements, ensuring the appropriate disposal of personal information in accordance with APP 11.2. It's essential for our ESG platforms to uphold these standards, especially considering the sensitivity of the data involved and our commitment to privacy compliance.
9 Data Analytics
9.1. Given the nature of our ESG platform, which may involve data analytics for purposes such as training artificial intelligence and machine learning algorithms, it's crucial to address the challenges posed by the de-identification and deletion obligations outlined in APP 11.2. We'll implement measures to balance data analytics needs with privacy compliance, ensuring that personal information is handled appropriately and in line with regulatory requirements.
10 Special Categories of Personal Data
10.1. Given the heightened sensitivity surrounding certain types of personal information, our ESG platforms will implement additional security measures to protect such data in accordance with Australian privacy law. This includes 'sensitive information' as defined by the Privacy Act, as well as any other categories of personal data subject to more stringent requirements.
11 Controller and Processor Contracts
11.1. Although Australian privacy law doesn't differentiate between data controllers and processors, our agreements with third-party service providers will include provisions to ensure compliance with the Privacy Act and APPs, particularly when dealing with offshore processors. These agreements will outline purpose limitations, compliance requirements, and procedures for handling data breaches, aligning with our commitment to privacy and data protection.
12 Data Subject Rights
12.1. In line with the APPs, individuals using our ESG platforms will have various rights regarding their personal information:
- Right to be Informed: We will provide clear and transparent notifications to individuals regarding the collection, use, and disclosure of their personal information, as required by APP 5.2.
- Right to Access: Individuals will have the right to access the personal information held about them, as outlined in APP 12.1.
- Right to Rectification: Individuals can request correction of their personal information under APP 13.1, with corresponding notifications to third parties as required by APP 13.2.
- Right to Erasure: While there's no explicit 'right to erasure' under Australian privacy law, we will adhere to obligations regarding the deletion or de-identification of personal information once it's no longer required for its notified purpose(s), as specified in APP 11.2.
- Right to Object/Opt-out: Individuals can request to opt-out of direct marketing and have control over the use of their personal information for such purposes, as per APP 7.6.
- Right to Data Portability: Although not a general right under Australian privacy law, individuals may have data portability rights under certain circumstances, such as those outlined in the Consumer Data Right (CDR) regime.
- Right not to be Subject to Automated Decision-making: While not explicitly provided under Australian privacy law, individuals have recourse if automated decision-making leads to discrimination, under other relevant legislation.
13 Use of Your Personal Data
13.1 The Company may utilise Personal Data for various purposes, including:
- Service Provision and Maintenance: This encompasses monitoring service usage and managing user accounts to ensure a seamless experience.
- Account Management: Personal Data provided during registration grants access to various service functionalities tailored to registered users.
- Contractual Obligations: Personal Data aids in the development, compliance, and execution of purchase contracts or other agreements made through the Service.
- Communication: Contact may be established via email, telephone calls, SMS, or similar electronic means for updates, informative communications, or security-related notifications.
- Marketing and Information Sharing: Personal Data may be used to provide news, special offers, and general information about products, services, and events similar to those previously engaged with, unless opted out.
- Request Management: Efficient handling of user requests submitted to the Company.
- Business Operations: Personal Data may be utilised for various business purposes, including data analysis, trend identification, and evaluating the effectiveness of promotional campaigns to enhance overall service, product, and marketing experiences.
14 Sharing of Personal Information
14.1 Your personal information may be shared under the following circumstances:
- With Service Providers: Sharing personal information with service providers aids in monitoring and analysing service usage and facilitates communication with users.
- Business Transfers: During mergers, acquisitions, or asset transfers, personal information may be shared or transferred as part of the transition process.
- With Affiliates: Information may be shared with affiliates under the condition that they adhere to the Privacy Policy.
- With Business Partners: Personal information may be shared with business partners to offer specific products, services, or promotions.
- With Other Users: Information shared in public areas may be viewed by all users and publicly distributed.
- With Consent: Personal information may be disclosed for other purposes with the user's consent.
15 Retention of Your Personal Data
15. 1 The Company retains Personal Data only as long as necessary for the outlined purposes in the Privacy Policy. Usage Data may also be retained for internal analysis purposes, with strict adherence to legal obligations and data retention principles.
16 Transfer of Your Personal Data
16.1 Your information, including Personal Data, may be processed at the Company’s offices and other locations involved in processing. By submitting your information, you consent to such transfers and agree to ensure adequate data security measures are in place.
17 Disclosure of Your Personal Data
17.1 Personal Data may be disclosed in the following circumstances:
- Business Transactions: In the event of a merger, acquisition, or asset sale, Personal Data may be transferred, with prior notice provided to affected users.
- Law Enforcement: Disclosure may be necessary to comply with legal obligations or valid requests from public authorities.
- Other Legal Requirements: Disclosure may occur in good faith to comply with legal obligations, protect company rights or property, prevent wrongdoing, safeguard user safety, or protect against legal liability.
18 Security of Your Personal Data
18.1 While the Company endeavours to use commercially acceptable means to protect Personal Data, absolute security cannot be guaranteed. Various security measures are implemented to safeguard Personal Data, but users should be aware of the inherent risks associated with transmitting data over the Internet.
19 Children’s Privacy
19.1 The Service is not directed at individuals under the age of 13, and the Company does not knowingly collect personally identifiable information from them. Parental consent may be required in certain jurisdictions before collecting and using information from minors.
20 Links to Other Websites
20.1 The Service may contain links to third-party websites, for which the Company assumes no responsibility for content, privacy policies, or practices. Users are encouraged to review the privacy policies of linked websites.
21 Changes to this Privacy Policy
21.1 The Company reserves the right to update the Privacy Policy periodically, with notifications provided via email or prominent notices on the Service. Users are advised to review the Privacy Policy periodically for any changes, with updates becoming effective upon posting.
22 Your Personal Information
22.1 When applying for FN - ESG services, personal information is collected for account setup and professional support. This includes but is not limited to name, date of birth, address, contact details, and payment information.
23 Why and How We Use Your Personal Information
23.1 Information collected aids in processing inquiries, registrations, and payments, and may be used for communication, event notifications, service improvement, and marketing purposes, unless opted out.
24 Disclosure of Your Personal Information
24.1 Personal information may be disclosed to authorized representatives, external parties assisting in account management, or as required by law.
25 Handling of Credit Information
25.1 FN - ESG adheres to PCI regulations for storing credit card information, ensuring data security and compliance with industry standards.
26 Your Personal Information Storage and Security
26.1 FN - ESG employs robust data security measures, including encryption, network protection, anti-virus software, and SSL certificates.