JR BOON Solutions specializes in the development of high quality products and cost effective IT solutions. We are a market and technology driven company and we offer unmatched service to our clients. Our team of professionals are dedicated to provide information technology solutions & branding solutions adapted to global clients.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, via our website www.jrboonsolutions.com.au, from your website, from media and publications, from other publicly available sources, from cookiesand from third parties. We don’t guarantee website links or policy of authorised third parties.
We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Your Personal Information may be disclosed in a number of circumstances including the following:
• Third parties where you consent to the use or disclosure; and
• Where required or authorised by law.
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
JR BOON Solutions will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information, we may require identification from you before releasing the requested information.
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
This Policy may change from time to time and is available on our website.
JR BOON Solutions, 68 DOBSON STREET, FERNTREE GULLY, VICTORIA 3156. Australia
This Procedure sets out the processes to be followed by JRBS staff in the event that JRBS experiences a data breach or suspects that a data breach has occurred. A data breach involves the loss of, unauthorised access to, or unauthorised disclosure of, personal information.
This document sets out the processes to be followed by JRBS staff in the event that JRBS experiences a data breach or suspects that a data breach has occurred. A data breach involves the loss of, unauthorised access to, or unauthorised disclosure of, personal information.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Act) established a Notifiable Data Breaches (NDB) scheme requiring organisations covered by the Act to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.
Accordingly, JRBS needs to be prepared to act quickly in the event of a data breach (or suspected breach), and determine whether it is likely to result in serious harm and whether it constitutes an NDB.
Adherence to this Procedure and Response Plan will ensure that JRBS can contain, assess and respond to data breaches expeditiously and mitigate potential harm to the person(s) affected.
This Procedure and Response Plan has been informed by:
Where a privacy data breach is known to have occurred (or is suspected) any member of JRBS staff who becomes aware of this must, within 24 hours, alert a Member of the Executive in the first instance.
The Information that should be provided (if known) at this point includes:
3.2.1 Criteria for determining whether a privacy data breach has occurred
Having considered the matters in 3.2.1 and 3.2.2, the Member of the Executive must notify the Privacy Officer within 24 hours of being alerted under 126.96.36.199 Privacy Officer to issue pre-emptive instructions
On receipt of the communication by the relevant member of the Executive under 3.2, the Privacy Officer will take a preliminary view as to whether the breach (or suspected breach) may constitute an NDB. Accordingly, the Privacy Officer will issue pre-emptive instructions as to whether the data breach should be managed at the local level or escalated to the Data Breach Response Team (Response Team). This will depend on the nature and severity of the breach.
3.3.1 Data breach managed at the Directorate/Faculty/Institute level
Where the Privacy Officer instructs that the data breach is to be managed at the local level, the relevant Member of the Executive must:
The Privacy Officer will be provided with a copy of the report and will sign-off that no further action is required.
The report will be logged by the Privacy Coordinator.3.3.2 Data breach managed by the Response Team
Where the Privacy Officer instructs that the data breach must be escalated to the Response team, the Privacy Officer will convene the Response Team and notify the Management.The Response team will consist of:
There is no single method of responding to a data breach and each incident must be dealt with on a case by case basis by assessing the circumstances and associated risks to inform the appropriate course of action.
The following steps may be undertaken by the Response Team (as appropriate):
The Response Team must undertake its assessment within 48 hours of being convened. The Privacy Officer will provide periodic updates to the Vice-Chancellor as deemed appropriate.3.5 Notification
Having regard to the Response team’s recommendation in 3.4 above, the Privacy Officer will determine whether there are reasonable grounds to suspect that an NDB has occurred
If there are reasonable grounds, the Privacy Officer must prepare a prescribed statement and provide a copy to the OAIC as soon as practicable (and no later than 30 days after becoming aware of the breach or suspected breach).
Ifpracticable, JRBS must also notify each individual to whom the relevant personal information relates. Where impracticable, JRBS must take reasonable steps to publicise the statement (including publishing on the website).
The prescribed statement will be logged by the Privacy Coordinator.3.6 Secondary Role of the Response Team
Once the matters referred to in 3.4 and 3.5 have been dealt with, the Response team should turn attention to the following:
In line with the JRBS Management Policy, this procedure is scheduled for review every five years or more frequently if appropriate.
Date Major or Minor Revision Description of Revision(s)
Contact for all matters related to privacy, including complaints about breaches of privacy, should be directed as follows: Privacy Coordinator E: firstname.lastname@example.org W: www.jrboonsolutions.com.au T: 03 6111 5077 P: 68 Dobson Street, Ferntree Gully, VIC 3156.