Australian Privacy Policy
Wheeler Portfolio Pty Ltd ABN 89626650191 trading as Alison Wheeler Coaching
Introduction
The Privacy Act 1988 (Cth) (Privacy Act) protects individuals’ privacy by regulating how personal information is collected, handled, disclosed, used and stored. Alison Wheeler Coaching is committed to protecting your personal information. This policy explains how we manage your personal information, your rights, and how you can contact us about privacy matters. This policy may be updated from time to time.
1. What Information We Collect and Hold
1.1 Purposes for Collection
We collect personal information necessary to perform our business activities and provide services to customers. This may include information about employees, prospective employees, contractors and customers. The specific information collected will depend on the project or service and may include:
· Name
· Address
· Email address
· Phone number
· Date of birth
· Gender
· Occupation
· Next of kin
· Pay or allowance details
· Bank account details
· Financial Information
· Usernames and internet addresses
· Sensitive personal information
1.2 How We Collect Personal Information
We usually collect personal information directly from you. We may also collect information from other parties such as contractors or customers.
1.3 Anonymity and Pseudonymity
Due to the nature of our business, it is generally impractical for us to deal with individuals anonymously or under a pseudonym.
2. Disclosure of Personal Information
2.1 Sharing Information
Depending on the project or service, we may share your information with:
· Our other customers
· Our subcontractors
· Other third party service providers
We require all customers, partners and subcontractors to comply with the Privacy Act and the Australian Privacy Principles. We do not sell, rent or otherwise disclose your personal information to third parties.
2.2 Overseas Disclosure
Your personal information may be sent overseas if:
· A customer or required third party has an email address or key system stored overseas.
· We have customers based overseas or with overseas head offices, requiring regular communication.
We take reasonable steps to ensure that any overseas recipients handle your personal information in accordance with the Privacy Act and the Australian Privacy Principles.
2.3 Marketing Communications
We may use your information for marketing purposes, including updates about our services or special offers. If you do not wish to receive marketing communications, you can opt out at any time by contacting us using the details below.
2.4 Criminal or Security Investigations
We may give your information to criminal and security investigation and enforcement bodies as required by law. In you are under investigation for any suspected unlawful activity, we may not be at liberty to advise you that your information has been provided for these purposes.
2.5 Security of Your Information
We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure. Security measures include:
· Data encryption on live systems (e.g., Hi Level, Google Work Sheets, Xero)
· Restricted access to internal files and folders
· Antivirus software
· Payment information collected by Stripe (we do not store credit card details)
· Payee information held securely in Xero
· Encrypted routers and computers
· Use of password generators, two-factor authentication (2FA), and password protectors
· Verbal checks to confirm correct payee accounts
3. Retention and Destruction of Personal Information
We retain personal information only for as long as it is required for our business functions or as required by law. When personal information is no longer needed for any purpose for which it may be used or disclosed under the Privacy Act, and we are not required by law to retain it, we will take reasonable steps to destroy the information or ensure it is de-identified.
Destruction methods may include secure deletion of electronic records and shredding of physical documents. We regularly review our data holdings to ensure compliance with this policy.
4. Access to Your Information and Your Rights
You have the right to access your personal data held by us free of charge and request corrections if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will respond within a reasonable period.
We may refuse access in certain circumstances, such as where:
· Access would pose a serious threat to health or safety
· Access would unreasonably impact others’ privacy
· The request is frivolous or vexatious
· The information relates to legal proceedings
· Access would prejudice negotiations or enforcement activities
· Access would be unlawful or denied by law/court order
· The information is connected with a commercially sensitive decision-making process
If we refuse access or correction, you may request that a statement be associated with your information noting the issue.
To request access or correction, please contact us (see below). You may be asked to provide proof of identity.
5. Complaints
If you believe we have breached your privacy rights or applicable laws, you may make a complaint in writing using the contact details below. We will respond within a reasonable period.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Website: https://www.oaic.gov.au/
6. Contact Details
Alison Wheeler
Wheeler Portfolio Pty Ltd ABN 89626650191 trading as Alison Wheeler Coaching
56 Tara Vista Boulevard
Highland Park QLD 4211
Email: hello@thealisonwheeler.com
7. Glossary
Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable.
Sensitive Information: A subset of personal information that includes information about an individual's health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, or membership of a professional association.
De-identification: The process of removing or altering personal information so that the individual cannot be identified.
Australian Privacy Principles (APPs): The principles set out in Schedule 1 of the Privacy Act 1988 (Cth) that govern standards, rights and obligations around handling, holding, accessing and correcting personal information.
Destruction: Securely deleting electronic records or physically destroying paper records so that personal information cannot be retrieved.
Overseas Recipient: A person or entity outside Australia who receives personal information from us.
Data Breach: Unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm to any individuals involved.