​Introduction

​

Interface Australia is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act) and to the extent applicable, the EU General Data Protection Regulation (GDPR). This Privacy Policy sets out how Interface handles personal information.

This Privacy Policy does not apply to personal information collected by Interface that is exempted under the Privacy Act, for example employee records. Interface Australia may modify this Privacy Policy from time to time to reflect its current privacy practices. In this Privacy Policy, ‘Interface’, ‘we’, ‘us’ and ‘our’ is a reference to Interface Australia and includes any entity carrying on business in Australia that is part of Interface Australia.

​

Personal Information We Collect

​

The types of personal information we collect include:

• names, job titles, contact and address details;

• information in identification documents (for example, passport, driver’s licence);

• tax file numbers and other government-issued identification numbers;

• date of birth and gender;

• bank account details, shareholdings and details of investments;

• details of superannuation and insurance arrangements;

• educational qualifications, employment history, salary and referee reports;

• visa or work permit status;

• your Internet Protocol (IP) address;

• payment details; and

• personal information about your spouse and dependants.

 

It may be necessary in some circumstances for Interface to collect sensitive information about you in order to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, ethnic origin, criminal record and health information. It is generally not practical to remain anonymous or to use a pseudonym when dealing with Interface as usually we need to use your personal information to provide specific services to you, or which relate to or involve you.

​

How We Collect and Manage Personal Information

​

How We Collect Personal Information

​

Generally we collect your personal information from you directly (for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey, when you subscribe to our publications or when you use our website or our social media). Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from your employer where they are our client, from your personal representative, or a publicly available record. We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites.

​

Where You Provide Us with Personal Information About Someone Else

​

If you provide us with someone else’s personal information, you should only do so if you have their authority or consent to provide us with their personal information. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy or any Privacy Collection Statement we give you.

​

Holding Personal Information

​

Interface holds personal information in hard copy and electronic formats. We take security measures to protect the personal information we hold including physical (for example storage of files in lockable cabinets) and technology (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates) security measures.

Purpose for Collecting, Holding, Using and Disclosing Personal Information

Interface collects, holds and uses personal information for a number of purposes including:

​

• to provide professional services;

• to provide technology services and solutions;

• to respond to requests or queries;

• to maintain contact with our clients and other contacts;

• to keep our clients and other contacts informed of our services and industry developments;

• to notify of seminars and other events;

• to verify your identity;

• for administrative purposes, including processing payment transactions;

• for recruitment purposes;

• for purposes relating to the employment of our personnel, providing internal services or benefits to our partners and staff and for matters relating to the partnership;

• when engaging service providers, contractors or suppliers relating to the operation of our business;

• to manage any conflict of interest or independence (including auditor independence) obligations or situations;

• to conduct surveys;

• for seeking your feedback;

• to meet any regulatory obligations;

• as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business or entering into an alliance, joint venture or referral arrangement;

• to perform internal statistical analysis, including of our databases and website;

• for any other business-related purposes.

 

If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing you or our clients with the services we were engaged to perform.

​

The types of third parties to whom we may disclose your personal information include:

​

• experts or other third parties contracted as part of an engagement;

• our service providers;

• our professional advisers;

• as part of an engagement, if you are a customer, an employee, a contractor or supplier of services to one of our clients, then we may disclose your personal information as part of providing services to that client;

• as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business or to enter into an alliance, joint venture or referral arrangement; or

• government or regulatory bodies or agencies, as part of an engagement or otherwise, (for example, the Australian Taxation Office).

 

We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information to them for research or promotional purposes.

​

General Data Protection Regulation (GDPR) for the European Union (EU)

​

Interface will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.

​

We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.

We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.

We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.

We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.

​

We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.

We do not collect or process any personal information from you that is considered "Sensitive Personal Information" under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.

​

You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Interface complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.

​

Except as otherwise provided in the GDPR, you have the following rights:

• to be informed how your personal information is being used;

• access your personal information (we will provide you with a free copy of it);

• to correct your personal information if it is inaccurate or incomplete;

• to delete your personal information (also known as "the right to be forgotten");

• to restrict processing of your personal information;

• to retain and reuse your personal information for your own purposes;

• to object to your personal information being used; and

• to object against automated decision making and profiling.

 

Hosting and International Data Transfers

​

Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia.

​

We and our other group companies have offices and/or facilities in Australia.

Transfers to any other countries will be protected by appropriate safeguards, these include but are not limited to the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website

The hosting facilities for our website are situated in Australia. Transfers to any other countries will be protected by appropriate safeguards, these include, but aren’t limited to the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.

Our suppliers and contractors are situated in Australia. Transfers to any other countries will be protected by appropriate safeguards, these include, but are not limited to the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.

You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others. 

​

Data Loss Prevention

​

Interface utilises Data Loss Prevention policies. A data loss prevention policy defines how organisations can share and protect data. It guides how data can be used in decision making without it being exposed to anyone who should not have access to it.

​

Data loss prevention is broadly defined as technology or processes that:

​

• Identifies confidential data.

• Tracks data usage.

• Prevents unauthorized access to data.

 

Data loss prevention tools include software products that can classify and protect data. The data loss prevention policy guides how those tools work.

​

Why We Use A Data Loss Prevention Policy

​

Much of data security involves preventing malicious attacks on an organisation’s networks. Employees have more ways to access and share organizational data than in the past due to the distributed nature of modern computing making accidental data loss a serious problem.

​

Data storage is available in the cloud and remote locations. As the number of employees working from remote locations continues to increase, so too does frequency of access to sensitive data from laptops and mobile devices that may be vulnerable.

 

Data collection and use are coming under increased regulatory scrutiny. There are three main reasons for establishing a data loss prevention policy:

​

• Compliance: Governments have various levels of regulation of how organisations collect and secure personally identifiable information. A data loss prevention policy is an important part of complying with data regulation and reporting information in compliance audits.

• Intellectual property: Proprietary information and trade secrets are the types of information that needs to be protected from unauthorised access.

• Data visibility: Organizations can gain valuable insights by monitoring how stakeholders’ access and interact with data.

 

Our Practices for Establishing A Data Loss Prevention Policy

​

Data loss prevention policies help us prevent unauthorised data access and protect us from the potential damage. While no protection will be bulletproof, we use the following practices that can help us implement successful data protection policies:

​

• Identify the data that the policy is primarily meant to protect. Most often data is classified according to its vulnerability and risk factors. Taking the time to understand data and classify it can lead to greater insights for us.

• Establish criteria for evaluating data loss prevention vendors. Creating an evaluation framework with the right questions can help lead to an educated purchasing decision.

• Clearly define the roles of people who will be involved with data loss prevention. This is not just about who will monitor data usage and make the rules. Segregating responsibilities helps prevent misuse.

• Keeping it simple at the beginning.  The goal is to secure the most critical data and get a measurable win early, then build upon that.

• Each area of Interface has a role in shaping a data loss prevention policy that aligns with corporate culture. This is a strategy that affects all departments and functions.

• Educating everyone in Interface about how and why the data loss prevention policy is in place.

• Document the data loss prevention processes carefully. A written policy should focus on the data being protected.

• Setting and sharing metrics for success.

• Anticipate workarounds to limits (e.g. If email rules prevent large files from being attached, employees find other ways to transfer files). We examine workflows to make sure data loss prevention policies does not get in the way of us doing our jobs.

• Assess how much data is needed (what kind of data is needed and why). Do not save unnecessary data.

• Monitor data usage before blocking it. Set up data loss prevention tools to report sensitive data loss first.

 

Using Data Loss Prevention Policy Templates

​

We craft our data loss prevention policies based on our unique security environment and communicate it across the company.

​

There are a number of data privacy laws already in effect, not to mention the host of pending legal requirements and potential laws being penned across the globe. Our data loss prevention policy contains three elements:

​

• Location: Where the policy will be enforced.

• Condition: The parameters the policy searches for to prevent data loss.

• Action: If a situation meets the set conditions, an action is taken to prevent loss.

​

Direct Marketing

​

Interface may also use your personal information for the purpose of marketing its services. If you do not want to receive marketing material from us, you can contact us as detailed below:

• for electronic communications, you can click on the unsubscribe function in the communication (if available); or

• for hard copy communications, you can email info@interfaceaus.com; or

• through our contact details below.

 

Privacy on Our Websites

​

Cookies and Web Beacons

​

Cookies and web beacons are used on the Interface website, primarily used to enhance your online experience and to make our sites more useful and attractive to you. Cookies are small text files placed on your computer when you first visit the site. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. A web beacon is a clear picture file that is placed on a website or in an email that is used to monitor the behaviour of a user visiting the website or sending an email. When the HTML code for the web beacon points to a site to retrieve the image, at the same time it can pass along information such as an IP address of the computer that retrieved the image, the time the web beacon was viewed and for how long, the type of browser that retrieved the image and previously set cookie values

​

Your Choices

​

You have several choices regarding your use of Interface’s website(s). In general, you are not required to provide personal information when you visit our websites. However, if you apply to receive information about our services, events and industry updates or wish to apply for a job, provision of certain personal information will generally be required.

​

Links to Third Party Websites

​

Interface’s website(s) may contain links to third parties’ websites. Those other websites are not subject to our privacy policy and procedures. You will need to review those websites to view a copy of their privacy policy. Interface also does not endorse, approve or recommend the services or products provided on third party websites.

Children

​

We understand the importance of protecting children’s privacy, especially in an online environment. In particular, our websites are not intentionally designed for or directed at children under the age of 13. It is our policy to never knowingly collect or maintain information about anyone under the age of 13, except as part of a specific engagement to provide professional services which necessitates such personal information be collected or for the purposes of ensuring compliance with our auditor independence policies.

​

Gaining Access to Personal Information We Hold

​

You can request access to your personal information, subject to some limited exceptions permitted or required by law. Such request must be made in writing to account. Please see the ‘How to contact us’ section for details. Interface may charge reasonable costs for providing you access to your personal information.

​

Keeping Personal Information Current

​

If you believe that any personal information Interface has collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request correction. To do so, please contact info@interfaceaus.com and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act. Please see the ‘Contact us’ section for details as to how to contact us.

​

​

Complaints

​

If you wish to make a complaint to Interface about our handling of your personal information, you can contact info@interfaceaus.com as set out in the ‘Contact us’ section. You will be asked to set out the details of your complaint in writing in a form provided. Interface will endeavour to reply to you within 30 days of receipt of the completed complaint form and, where appropriate, will advise you of the general reasons for the outcome of the complaint. In some circumstances, we may decline to investigate the complaint, for example if the complaint relates to an act or practice that is not an interference of the privacy of the person making the complaint. If you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner.

​

Contact Us

​

If you have a query in relation to this Privacy Policy or to exercise your rights under the GDPR at the contact details in this Privacy Policy Please contact us. If you would like to notify Interface that you no longer wish to receive marketing material from us, access or correct your personal information or to make a complaint about Interface’s handling of your personal information, please contact us as follows:

​

Interface Team

​

Level 1

1 Breakfast Creek Road

NEWSTEAD  QLD  4006

T:(07) 3230 5222

F:  (07) 3252 1355

E: info@interfaceaus.com

Note: We may ask you to verify your identity before acting on any of your requests.