The policy applies to all employees, contractors, External Service Provider (ESP), consultants and IT staff employed by KISS Next Group and to others who can access information under supervision or special authorisation.
When we say “we”, “KISS Next Group” or “the company” throughout this policy we mean KISS Professional Solutions Pty Ltd (ABN 81 155 632 714) and any business names under which we trade (including KISS Professional Solutions, Next Tech Group and Next ComTech).
This policy applies to all staff members of KISS Professional Solutions who are required to remotely access business data and Office365 resources under certain conditions which are described as part of this policy document.
3.0 What is personal information
In a nutshell, “personal information” is information or an opinion about an identified individual or an individual who is reasonably identifiable. Some personal information is considered sensitive and is expected to be treated with special care. One of the most sensitive types of personal information is Health information and should be handled with extra safeguards in place. Examples of these types of information are below:
- Personal Information
- Name, address, sex, age, financial details, marital status, education or employment history
- Email addresses
- Training records
- Circumstances around any type of leave
- Sensitive Information
- Racial or ethnic origin
- Political opinions
- Membership of a political association
- Religious beliefs or affiliations
- Philosophical beliefs
- Membership of a professional or trade association
- Membership of a trade union
- Sexual preferences or practices
- Criminal record
- Health Information
- An individual’s health or disability
- An individual’s expressed wishes about the future provision of health services
- A health service provided, or to be provided, to an individual
- Organ donor details
- Genetic information in a form that may be predictive of a person’s health
4.0 Collection of personal information
The type of personal information we collect depends upon your relationship with us. When doing business with us, you may need to prove your identity and in some cases, the law requires you to do so. We may also require your contact information so that we can communicate with you directly or deliver products and services to you.
So, the information we collect for these purposes might include:
- your name, address and contact details (including email address and telephone number);
- business information (such as your ABN, business address and position within the business);
- employment information (such as your resume, qualifications, skills, education provider and history, work history and residency status); and
- in some circumstances, your driver’s licence or some other form of photo identification.
We might also collect personal information about you in connection with a commercial trading account or financing arrangement (such as bank records, credit card statements and other credit reporting information), particularly if you’re intending to enter into the arrangement in your own name or provide some form of personal security (e.g. as guarantor for your business). We may do this as the provider of credit or as agent for someone else. In either case, we’ll provide you with more detailed information about exactly how this type of information will be used and who it may be disclosed to prior to collection.
At times we may also collect personal information for training, quality and improvement purposes, such as voice recordings made to our call centre and customer satisfaction surveys.
Whenever it’s appropriate, we’ll offer you the opportunity to interact with us anonymously or by a different name. Commonly this option will be provided to you when making a general enquiry about our products and services or requesting information about a job opportunity.
If we are unable to collect the personal information we require, or the information provided is incorrect or incomplete, this may affect our ability to provide products or services to you.
5.0 Handling of personal information
We’ll do our utmost to ensure that your personal information is only used and/or disclosed for the purpose it was collected, or a related purpose that’s within your reasonable expectations.
Generally, these purposes include responding to your enquiries, providing you with products and services, handling payments and refunds, providing you with marketing information or special offers for our products and services, obtaining your feedback on your customer experience, improving our services, conducting market research, conducting marketing and other promotional activities and for our general business operations (for example, maintenance of our business records, compliance with our legal and insurance obligations and statistical purposes).
From time to time we may need to disclose personal information to, or collect information from various third parties, including:
- other companies within the KISS Next Group of companies
- dealers, authorised re-sellers and accredited representatives
- credit providers (disclosed and undisclosed)
- information technology providers
- data processing and payment providers
- financial services and banking providers
- security services providers
- administrative or business management service providers
- consultancy firms and independent contractors
- auditors, lawyers and other professional service firms
- marketing agencies and other marketing services providers
- print/mail/digital/imaging/document management service providers
- customer, product, business or strategic research and development organisations
- data partners and analytics consultants
- publicly available sources of information
- other entities, as required or authorised by law
And to help safeguard your privacy, we’ll usually impose requirements on these entities for handing personal information. We’ll also do our best to inform you at or before the time of collection, about the types of organisations we may be disclosing your personal information to.
In addition to the above, personal information may be provided to other parties where you specifically consent.
6.0 Sending personal information overseas
Occasionally we may send your personal information off-shore, including to other companies within the KISS Next Group group of companies or partners and other service providers that may be located overseas or have overseas operations. If we do send personal information overseas either directly or via a third party, it will only be for the purposes detailed above. And will ensure the organisations concerned will protect your personal information with the same or similar standard of care we use to protect it in Australia.
We don’t sell or trade your personal information to anyone else. Every now and again you may be contacted by mail, SMS, telephone, email or online so that we can inform you about new products and services, promotions, offers, newsletters, customer surveys competitions and the like. We may also engage third parties to do this on our behalf. In so far as the law allows us to, we are likely to market to you unless you tell us otherwise. Equally, we’ll always give you the opportunity to “optout” of direct marketing communications. If you don’t want to be contacted for marketing purposes, you don’t have to wait to be contacted. Simply advise us in any one of the methods set out below and we will make every effort to meet your request at the earliest opportunity. By providing us with your personal information, you consent to us using your personal information for direct marketing purposes.
8.0 Sensitive Information
9.0 Security of personal information
Once we have collected your personal information, we’ll take reasonable steps to ensure it is protected against misuse, loss, interference, unauthorised access, modification and disclosure. We do this in a variety of ways, including maintaining physical security of paper and electronic data stores (such as locks, security systems) and appropriate computer and network security (such as firewalls, user identification policies, encryption, password controls).
However, the transfer of data over the internet is inherently insecure. We cannot guarantee the security, during transmission, of any personal information provided to us via our website or email. Please bear this in mind when transmitting information by this means to us.
If there is a breach, we will follow the Privacy Act 1988 guidance if personal information is compromised. The following process should be followed:
- Preparation- Complete an assessment, react immediately and engage appropriate stakeholders for an effective response within 30 days for (a Notifiable Data Breach).
- Identification-Identifying the cause of the breach and if it is likely to result in real risk of serious harm (a Notifiable Data Breach).
- If we have reasonable grounds to believe that the breach is (a Notifiable Data Breach), we will notify the Office of the Australian Information Commissioner (OAIC) and all affected individuals immediately by email or by publishing the statement of breach on our website and in the media within 30 days.
- Containment-Management of the breach which involves limiting the scope and magnitude of an incident.
- Eradication-Removing the cause of the incident by following the practices below:
- Determine the Cause and Symptoms
- Improve Defences
- Perform Vulnerability Analysis
10.0 Destruction of personal information
We’ll destroy or de-identify personal information that is no longer needed, provided there is no law requiring us to retain it.
11.0 Access to and correction of personal information
You may lodge a request to correct personal information that we hold about you if you believe it is inaccurate, incomplete, out-of-date, irrelevant or misleading, in which case please contact our Privacy Officer via the contact details shown below.
You may request that we provide you with access to the personal information we hold about you. Generally, we will provide you with access, except in limited circumstances where the law permits us to deny access. Any such requests must be made in writing to us via the details shown below. No fee will be incurred for requesting access, but if your request for access is accepted we will inform you of the fee (if any) that will be payable for providing access if you proceed with your request.
If you have a complaint about the way in which we handle your personal information please contact on the details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response, which generally will be within 14 days of receiving your complaint.
14.0 Contact Us
For more information about our privacy practices, make a complaint or lodge a request under this policy, please contact the Group General Manager at email@example.com.
15.0 KISS Next Group User Responsibilities
Users have a responsibility to ensure that information is protected and maintained in an appropriate manner. User responsibilities include but not limited to the following:
- Maintain the confidentiality of our organisation’s information;
- Be accountable for any use of equipment and actions performed using your user ID;
- Never use other staff members’ user IDs and passwords;
- Never give your user ID and password to anyone within or outside of our organisation;
- Report any suspicious emails or activity;
- Report any loss, compromise or possible compromise of information security to your Manager immediately.
16.0 Disciplinary Action
KISS Next Group Users must comply with the requirements of this policy. Breach of this policy may result in disciplinary action, including:
- suspension or permanent disconnection to all or part of the company’s IT systems
- formal warning
- termination of employment or contracting arrangements
- recovery of costs incurred by the company as a result of non-compliance with this policy