We acknowledge the importance of information security and the protection of privacy;
We adhere to the principles of privacy by design and privacy by default;
We have implemented an information security and privacy management system (ISPM) to meet the ISO 27001 & 27701 standards;
To demonstrate compliance to the latest regulations, such as GDPR we continually seek improvement via the ISPM.
A risk assessment has shown how your data is being used in our processes;
We have implemented measures to ensure adequate protection of data, both in transit and at rest;
Processes have been adjusted to make sure data is never stored longer than necessary to perform our services;
If you want to find out which measures and security controls have been implemented, we have prepared an Assurance statement which is available upon request.
Lumify Work commitment to continual improvement is demonstrated through our Risk assessment and treatment process and Incident management process which includes the assessment of privacy practices and management of Personally Identifiable Information (PII).
To provide, improve and properly manage our products and services we continually improve by developing new products, responding to requests or queries, verifying your identity, conduct surveys and seek your feedback.
1. PRIVACY AT LUMIFY WORK
2. WHAT IS PERSONAL INFORMATION?
3. WHAT PERSONAL INFORMATION DO WE COLLECT?
We collect personal information in order to provide our training services, to conduct our business and to improve customer service. The types of personal information we collect will depend on how you interact with us.
Typically, we collect the following personal information:
title or position
Information you provide to us through customer surveys, evaluation forms and when you register for Lumify Work events and seminars
We do not normally collect sensitive information about you such as information relating to your health, religion, political beliefs, date of birth or race. If we do collect sensitive information which is reasonably necessary for the operation of our business functions or activities, we will obtain your consent to do so.
If your organisation is a Lumify Work client and you do not agree to provide us with your personal information, this may limit our ability to provide our services to your organisation. When PII is collected backups will capture this information and procedure is in place to responsibility restore the recent changes to maintain PII data accuracy. Backups are retained for a period of 28 days and two weeks would be required for restoration of systems including PII.
4. HOW DO WE COLLECT PERSONAL INFORMATION?
We collect personal information directly from you unless it is unreasonable or impracticable to do so. We may collect your personal information in the following ways:
when you purchase our services
when we respond to your inquiries and requests
during conversations or email exchanges between you and our representatives
when we obtain feedback from you about our services including through student evaluation forms
when we conduct our administrative and business functions
when you register for our events or subscribe to our mailing lists and newsletters
when we market our services to you
through your access and use of our websites
Personal information may be obtained directly from you, through another contact in your company if you are a corporate client, or through a third party by who we have been informed that your details may be provided to us.
We may at times obtain personal information that relates to you through third parties. Where we do so, we will ask any third parties to confirm in writing that they have legally obtained your personal information and that we have the right to acquire it from them and to use it.
5. FOR WHAT PURPOSES DO WE COLLECT, HOLD, USE AND DISCLOSE PERSONAL INFORMATION?
We collect, hold, use and disclose personal information for the following purposes:
to send communications
to manage and maintain our business relationships
to respond to inquiries and requests
to improve the services we provide
to inform you about our services
to obtain feedback from you on our services
to organise training certification exams
to provide access to online portals
to provide you with a more personalised experience when you interact with us
to conduct administrative and business functions
to provide our services
to update our records and keep contact details up to date
to enable you to subscribe to our website, newsletters and mailing lists and to register for Lumify Work events
to assess the performance of our website and to improve its operation
to process and respond to privacy complaints
to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country
6. TO WHOM DO WE DISCLOSE PERSONAL INFORMATION?
We may disclose your personal information to our employees and related bodies corporate for the purposes set out in clause 5 above. We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.
We may also disclose your personal information to:
contractors, suppliers, vendors, partners, and other third parties with whom we have a commercial relationship for business, marketing, and related purposes
any organisation for any authorised purpose with your express consent
Except as set out above, Lumify Work will only disclose personal information if this is required by law or a court/tribunal order or otherwise permitted under the Privacy Act.
7. DO WE DISCLOSE PERSONAL INFORMATION TO ANYONE OUTSIDE AUSTRALIA?
We may disclose your personal information to service providers located outside Australia such as the United Kingdom, the United States of America, Singapore and the Netherlands for some of the purposes set out in clause 5 above. We will take steps to contractually ensure that overseas recipients of your personal information provide a level of protection for your personal information which is equivalent to the APPs.
8. HOW DO WE STORE AND SECURE PERSONAL INFORMATION?
We store personal information to ensure that we can manage and maintain communications with organisations with whom we do business. Contact may be verbal, electronic or written. We will only store your personal information if it is relevant to your organisation conducting business with us. We do not normally store information that is sensitive information.
We take all reasonable precautions to ensure that personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure using a combination of physical, administrative and technical safeguards. We hold personal information in either paper-based records in secure access controlled premises or in electronic form in databases and email files which require logins and passwords. Lumify Work personnel are also contractually bound by confidentiality obligations.
Lumify Work’ website is linked to the internet, and as the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
If your personal information is no longer needed, we will take reasonable steps to either delete it from our systems or de-identify it, except where Lumify Work is required by law or a court/tribunal order to retain the information.
9. DIRECT MARKETING
We may send you direct marketing communications and information about our services that we consider may be of interest to you. We may send communications in various forms, SMS and email, in accordance with applicable laws, such as the Spam Act 2003 (Cth). You consent to us sending you those communications by any of those methods. If you indicate a preference for a method of communication, we will use reasonable endeavours to use that method whenever practical to do so.
We do not provide your personal information to other organisations for the purposes of direct marketing.
10. HOW CAN YOU ACCESS AND CORRECT PERSONAL INFORMATION?
We will take all reasonable steps to ensure that the personal information we hold about you is accurate, up to date and complete. You may request access at any time to personal information that we hold about you and we will give you access in the manner that you request where it is reasonable and practicable to do so, except where we deny access as permitted by the Privacy Act. For example, we may need to refuse access if granting access would interfere with the privacy of others, is unlawful or would result in a breach of confidentiality. You may also request that we correct your personal information when it is inaccurate, incomplete or out of date.
If you wish to access or correct your personal information, please send a written request to our Privacy Officer using the contact details set out below or by using the customer portal services. Our Privacy Officer will respond to your request within 30 days after you make the request. If we deny your request for access to or correction of your personal information, we will provide you with written reasons for refusing your request and the mechanisms available to you to complain about our refusal.
11. HOW CAN YOU COMPLAIN ABOUT A BREACH OF YOUR PRIVACY?
If you have concerns about how your personal information is being handled by Lumify Work or you wish to make a complaint about a breach of the APPs by Lumify Work, please send your complaint in writing to the Privacy Officer using the contact details set out below. The Privacy Officer will respond to you in writing within 30 days of receiving your complaint, setting out what action Lumify Work will take as a result of your complaint or alternatively providing an explanation to you if there has been no breach of the law.
12. USING OUR WEBSITE
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website.
14. CONSENT WITHDRAWAL
You may request for your personally identifiable information consent withdrawal at any time by contacting Lumify Work using the channels below. We may require the request to be in writing depending on the data being withdrawn as well as proof of identity. Click for more information on your Personal Information Rights.
15. CONTACTING US
Email: [email protected]
Phone: 1800 U LEARN (853 276)
Post: Data Protection Officer, Lumify Work, PO Box K975, Haymarket NSW 1240