Comval Visitors Privacy Notice
This privacy notice describes what personal information we collect about our visitors and third parties. Download a copy of the Comval Visitors Privacy Notice.
Comval Employee Privacy Notice
This privacy notice describes what personal information we collect about our employees, workers and contractors, and potential employees. Download a copy of the Comval Employee Privacy Notice.
Comval Website Users Privacy Notice
This document sets out the policy of Comval relating to the collection, holding, use and disclosure of personal information, as well as the way in which Comval responds to requests for access to information and for correction, and to complaints about its privacy practices. Comval is committed to complying with all of its legal obligations relating to personal information, including (a) the Privacy Act 1988 of Australia (in relation to its operations in Australia) and(b) the Privacy Act 2020 of New Zealand (in relation to its operations in New Zealand).
This policy relates to Comval Group Australia Pty Ltd, Comval Group NZ Ltd and each of their related bodies corporate (collectively the “Comval Group”). If you are in Australia, references in this policy to “Comval” are to Comval Group Australia Pty Ltd and its related bodies corporate. If you are in New Zealand, such references are to Comval Group NZ Ltd and its related bodies corporate.
- What is personal information
This policy frequently refers to the term “personal information”, which has specific legal definitions depending on where you are located.
In Australia, “personal information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. To put it more simply, if the information or opinion reasonably allows someone to be identified, this would be considered personal information. For example, an individual’s name, address or e-mail address, together with records about Comval’s dealings with that individual.
Personal information also includes “sensitive information” which includes more delicate categories of information about an individual, such as health information, racial and ethnic origin, and religious or philosophical affiliations or beliefs.
In New Zealand, “personal information” also means information about an identifiable individual, but does not include an express sub-category of “sensitive information”. Nevertheless, the sensitive nature of any personal information will be relevant to the issue of notifiable privacy breaches – see below).
In either case, if an individual cannot be identified from the personal information held by Comval (for example, when it has been aggregated and anonymised) then this policy does not apply.
- Collection of personal information
Comval only collects personal information if it is reasonably necessary for its business operations and other related purposes.
Comval collects personal information in a number of ways, including when it:
Provides goods and services and related information to customers, and administers customer accounts;
Engages with suppliers, contractors, professional advisors and other business associates;
Engages with and assesses prospective employees; and
Conducts trade or marketing promotions.
Comval, where reasonable and practicable to do so, only collects personal information from the individual after it has informed that individual that the information will be or is being collected. This does not apply where the individual has consented to collection of the information by Comval from someone else, or Comval is required or authorised by law to collect the information from someone else.
The kind of personal information collected and held by Comval includes:
Applications for employment, and deliberations about applications, including work and criminal records checks where necessary;
Contact details of suppliers, contractors, professional advisors and other business associates, and other information relevant to the business relationship;
Where necessary to provide a service to individual clients of a business customer of Comval, details about those clients.
- Comval’ purposes for handling personal information
The purposes for Comval collecting, holding, using or disclosure of personal information include:
Processing of applications for employment;
Delivering Comval’ services;
Conducting relationships with Comval’s suppliers, contractors, professional advisors and other business associates; and
Running Comval’ business, including any auditing of our services and business.
Sending or showing you (a) promotional messages, marketing, advertising, and other information about Comval’ services and (b) third-party promotional messages, marketing, advertising (including on-site display advertising), and other information that may be of interest to you (including information about our business partners), in each case with your consent.
Comval may disclose personal information to other related companies in the Comval Group overseas, including New Zealand and the United Kingdom who will only use the information for the same purpose for which the Comval disclosing company was authorised to use it and only for so long as is required for the purposes for which it was collected. Comval may also use overseas cloud storage platforms to store, access, process and modify personal information. It is not possible to identify all such foreign jurisdictions, but they may include the United States of America, Germany, the United Kingdom, and New Zealand.
In relation to personal information collected in New Zealand, Comval may only use an overseas cloud storage platform in limited circumstances, including where Comval reasonably believes that the platform is subject to privacy laws that, overall, provide comparable safeguards to those in New Zealand’s Privacy Act 2020. You authorise Comval to transfer, store, and process your personal information in New Zealand and other countries, provided that the storage platform provider complies with New Zealand’s privacy obligations. You may request more information about the safeguards that Comval has put in place in respect of transfers of personal information to jurisdictions outside of New Zealand by contacting our data privacy officer.
- Security of personal information
Personal information is held by Comval in a number of ways, including in electronic databases (including cloud servers), email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored in an offsite secure facility.
Comval seeks to:
Ensure that the personal information collected is up to date, accurate and complete;
Ensure that the personal information used and disclosed is accurate, up to date, complete and relevant (having regard for the purpose of use or disclosure);
Protect the personal information held from misuse, interference and loss; and
Protect the personal information held from unauthorised access, modification or disclosure.
Comval follows generally accepted industry standards to protect the personal information collected by or submitted to us, both during transmission and once we receive it. Comval continuously implements and updates its administrative, technical, and physical security measures to help protect personal information against unauthorised access, loss, destruction, or alteration. However, despite all of our measures we cannot 100% guarantee the security of the transmission or storage of your personal information.
- Accessing and correcting personal information
Personal information can be accessed by an individual by contacting the Privacy Officer as detailed below. Access will be granted subject to some exceptions permitted by law (under which your request for access to your personal information may be denied) and is provided in the manner requested by an individual subject to it being reasonable and practical for Comval to do so. Comval may charge a fee to cover reasonable costs of locating and providing the information.
If an individual believes the information held by Comval is inaccurate, out of date, or incomplete, the individual can request that the information be corrected by writing to the Privacy Officer. Comval will take reasonable steps to correct the information to ensure that, having regard for the purpose for which the information is held, that the information is accurate, up to date, complete, relevant and not misleading.
If corrected information was previously disclosed to a third party or overseas related entity, Comval will take reasonable steps to notify the other party of the correction.
Comval may in some circumstances refuse to correct personal information and if this is the case Comval will provide written notice to the individual that details:
The reason for the refusal (except to the extent it would be unreasonable to do so); and
How the individual may make a complaint about the refusal.
In circumstances where Comval refuses to correct personal information, an individual may make a request in writing to the Privacy Officer for Comval to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading. Comval will take reasonable steps to ensure it associates the statement in such a way that is apparent to users of the information.
The Comval Privacy Officer deals with any complaints and will respond to the individual within a reasonable timeframe. In New Zealand, once we receive an individual’s complaint we will usually respond to your complaint within 20 working days. Comval takes all complaints seriously and any further action after the initial response will vary depending on the nature of the complaint. Please note that we may keep a record of your communications to help us resolve any issues that you raise.