Wine Matchmaker is a business name held by Frisky Corp Pty Ltd and is subject to the Privacy Act 1988 (‘the Act’). The Act regulates how we collect, uses, stores and discloses Personal Information. In this regard, we are committed to protecting the privacy of its clients, maintaining the confidentiality of their Personal Information and applying the Australian Privacy Principles (‘APP’).
1. Personal and Sensitive Information
We may at times collect personal and sometimes sensitive information e.g. names, email addresses, about you in order to provide you services. We are also committed to only collecting Personal Information which is necessary for the provision of its services and our operations.
The provision of Personal Information by you is optional. However, our ability to provide services to you may be limited should you choose not to provide the required Personal Information. If that occurs, we may need to end our engagement with you.
We will only collect Personal Information by lawful and fair means, and which is relevant to the scope of services required. If the need arises, further Personal Information may need to be collected from you in the future. We will not collect Personal Information unless the information is reasonably necessary for us provide services to you.
When we collect Personal Information about you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as:
- our identity;
- the fact that the information has been collected;
- whether the information was required under an Australian law,
- the purposes for which information is collected;
- the main consequences (if any) of not collecting the information;
- the organisations (or types of organisations) to which we would normally disclose information of that kind;
- the fact that you is able to access the information;
- how to complain about a breach of an APP; and
- whether the information is likely to be disclosed to overseas
3. Sensitive Information
We will not collect Sensitive Information unless:
- the information is reasonably necessary for us to conduct the matter or;
- the collection of the information is required or authorised by or under an Australian law.
You agree we can disclose Personal Information to third party’s e.g. event booking sites, CRM and hosting companies, if it is required as part of providing our services. You will, if you requests us in writing, be provided with details of the recipient. We will use its best efforts to provide our services without the need to disclose Personal Information and will obtain consent from you should the need for disclosure other than in the ordinary course of the provision of its services arise, except where the information must be provided under:
- an Australian law; or
- a court/tribunal order; or
- other legal proceedings.
5. Disclosure for a secondary purpose
We will not use or disclose Personal Information for a secondary purpose unless:
- it has obtained consent to do so,
- you would reasonably expect us to use or disclose the information for the secondary purpose which is directly related to the primary purpose;
- it is required or authorised under an Australian law;
- we believes it reasonably necessary for one or more enforcement activities by, or on behalf of an enforcement
Where we have used or disclosed information under (b) – (f) above, we will take steps as are reasonable to ensure the information is de-identified before being used or disclosed.
6. Transfer of Personal Information overseas
If we are required to transfer any Personal Information outside Australia, we will comply with the provisions of the Act which apply to cross border data flows. We will only transfer Personal Information overseas where the context of the matter requires it. We will first take reasonable steps to ensure the recipient does not breach the APPs in relation to the information, except where:
- we believe the recipient is subject to a scheme offering the same protection as the APPs, and there are mechanisms for you to enforce that protection;
- after being told that if you consent to the disclosure, we are not required to ensure that the recipient conforms to the APP, and you consents regardless;
- the disclosure is required or authorised under an Australian law or court/tribunal order.
Where possible, and if directed by you, you will not be required to identify yourself when dealing with us in relation to a particular matter. You will be required to identify themselves however where:
- we are required or authorised under an Australian law or a court/tribunal order to deal only with clients who have identified themselves; or
- it is impractical for us to deal with someone who has not identified
Generally, you will be required to identify yourself when they are a client of us. However, we will not disclose your identity to a third party unless the matter necessitates it, or as directed by you. We will not adopt a government related identifier for you (including those assigned by a state or territory) as its own.
8. Unsolicited Personal Information
If we receive unsolicited Personal Information, we will determine as soon as possible, whether the information is required for our purposes in serving you. If the information is not required, provided it is lawful and reasonable to do so, we will either destroy the information, or ensure that it is made known to you.
We will use all prudent methods to keep all Personal Information safe and secure from unauthorised access through the use of firewalls, anti-virus software and secure filing systems. Where the Personal Information is no longer required for the purpose for which it was disclosed, and it is not required by law to retain it, we will take reasonable steps to destroy the information.
10. Data Breach Response
We will continue to comply with our ongoing obligations under the Act to take reasonable steps to protect Personal Information from misuse, interference and loss and from unauthorised access, modification and disclosure. In the event that a data breach is detected and is determined to likely result in serious harm to a client, we will take all reasonable steps to contain the suspected or actual breach and will notify the Office of the Australian Information Commissioner as well as you in accordance with the Act. A formal review will be conducted by us following any data breach in order to investigate the cause and develop an action plan.
11. Access to Personal Information
You are entitled to access your Personal Information held by us, provided that one of the following exceptions does not apply:
- we reasonably believe that giving access would pose a serious threat to the life, health or safety of you, or to public safety;
- giving access would in the our opinion, have an unreasonable impact on the privacy of other individuals / clients;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between us, and would not be accessible through the process of discovery in those proceedings;
- giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- both of the following apply:
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in;
- giving access would be likely to prejudice the taking of appropriate action against you
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated within connection with a commercially sensitive decision-making
Upon request by a client for access to Personal Information, we will respond and provide access within a reasonable time, if it is reasonable and practical to do so. If we refuses to give you access to the Personal Information for a reason detailed above, we must:
- endeavour to take reasonable steps to give access in a way that meets the needs of us and you; or
- provide a written notice to you that sets out:
- the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
- the mechanisms available to complain about the refusal; and
We may charge a reasonable fee to you for costs incurred in providing the information to you.
12. Information Integrity
We wish to maintain the integrity of the Personal Information that we hold by updating our databases as required. You are encouraged to notify us immediately if there is a change to their Personal Information by contacting our Privacy Officer on 1300 132 768.
If we are satisfied that Personal Information about you held by us, having regard to the reason the Personal Information is held, is inaccurate, out of date, incomplete, irrelevant or misleading, or you request us to update or correct the Personal Information, then we will take all reasonable steps to correct the information. You may request that we update the Personal Information provided by us to any other entity on behalf of you.
Even if requested to do so, we may refuse to correct Personal Information, in which case we will give you a written notice setting out:
- the reasons for the refusal to correct the Personal Information (except where it would be unreasonable to provide those reasons);
- mechanisms available to you to complain about the refusal; and
- any other matter prescribed by
Where we have refused to correct the Personal Information of a client, you may request that we associate a statement with the Personal Information that the Personal Information is inaccurate, out of date, incomplete, irrelevant or misleading. The statement will be made apparent to users of the Personal Information.
Where a request is made by you to update or attach a statement to the information, we will respond within a reasonable period after the request is made.
13. Credit Card Information
Credit card information may be obtained for payment processing only. Credit card information is not stored in our database but may be stored by our partner services providers including our online store and online booking site assuming you have consented to it. You should read their privacy statements as well
14. Names and addresses
We will promptly correct any error about your Personal Information as soon as it is brought to our attention. Information on accessing Personal Information records may be obtained by contacting our Privacy Officer on 1300 132 768.
Clients may contact our Privacy Officer on 1300 132 768 if you have any concerns or complaints about the manner in which Personal Information has been collected or handled by us.