Armaguard provides a range of services to its clients comprising secure currency management, cash logistics, precious cargo and ATM management services. In the course of carrying out its functions and activities in delivering the services, Armaguard collects, holds, uses and discloses personal information.
We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs) and we comply with all of the requirements in respect of the collection, management and disclosure of your personal information set out in the Act and the APPs.
2. What is your personal information?
3. What personal information do we collect and hold?
We may collect the following types of personal information about you:
- name and contact details including mailing or street address, email address and telephone or facsimile numbers;
- age or birth date;
- profession, occupation or job title;
- drivers license, passport details, visa information and firearms license details;
- bank account information including credit card and/or other banking details;
- police checks and security information from Police and other governmental departments, employment history, qualifications and resume and job references, health assessments and other health and sensitive information, as part of your job application;
- Tax File Number and superannuation account information;
- details of the services you have acquired from us or which you have enquired about, together with any additional information necessary to deliver those services and to respond to your enquiries;
- records of our communications with you, including any complaints, quote requests or claims;
- any additional information relating to you that you provide to us directly through our website or indirectly through use of our website or online presence, through our representatives or otherwise; and
- information that you provide to us through customer surveys or visits by our representatives from time to time.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
Certain personal information we collect is “sensitive information” such as information about racial or ethnic origin, political opinion, religious beliefs, sexual orientation, information about credit, information about health and safety (including workers compensation claim records and work health and safety investigation records), personnel records, criminal records, employee records, membership of a professional trade organisation or trade union.
We generally only collect sensitive information about you with your consent. However there are certain circumstances where we are authorised to collect and hold sensitive information without the consent of the individual concerned. These include where the collection:
- is required or authorised under law (such as the Work Health and Safety Act 2011 (Cth) (WHS Act) and the Safety, Rehabilitation and Compensation Act 1988 (Cth) (SRC Act) or the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act));
- will prevent or lessen a serious threat to somebody’s life or health, or assist in the location of a missing person;
- is reasonably necessary to allow us to take appropriate action when we suspect unlawful activity or misconduct of a serious nature that relates to our functions or activities;
- is reasonably necessary to establish, exercise or defend a legal or equitable claim or for the purposes of a confidential alternative dispute resolution process; and
- is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
4. How do we collect your personal information?
In the course of dealing with customers, suppliers, job applicants and services providers, Armaguard may collect personal information.
Armaguard may collect your personal information directly from you unless it is unreasonable or impracticable to do so. Armaguard may collect personal information from you when you:
- access and use of our website, including when you send us feedback or subscribe to our publications via our website;
- otherwise contact us, either online through our website, by email, mail, telephone or in person.
- request a quote or make an inquiry about our Services;
- enter into an agreement with us for the provision of our Services or for the supply of products or services to us;
- request to visit and/or visit any of our secure facilities;
- apply for a job with us, whether via online or manual recruitment services and whether directly or via external recruitment processes
- suffer an injury in connection with the delivery of our Services; or
- during conversations between you and our representatives, including making a complaint.
We may also collect personal information from third parties including:
- your current or previous employer;
- personal and professional references;
- medical professionals, including where you suffer an injury and make a claim against us and we need to assess the claim or where you are offered a job with us and we require you to undertake a medical assessment;
- cloud based services;
- web filtering services;
- from third party companies engaged to provide marketing or promotional services to Armaguard; or
- from third party companies such as credit reporting bodies, law enforcement agencies, recruitment agencies and government entities, including where you are offered a job with us and are required to undertake a police check, identity check or credit check.
5. Can you deal with us anonymously or using a pseudonym?
Where practical and lawful, you can deal with us anonymously or using a pseudonym, if you wish. However, in many instances, if you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide our services to you;
- we may not be able to provide your inquiries, including responding to requests for information about services we provide or quotes or assessing job applications;
- you may be unable to submit feedback or subscribe to our publications via our website and access to certain areas of our website may be limited or declined; or
- we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as enjoyable or useful.
6. For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can perform our business activities and functions. We collect, hold, use and disclose your personal information for the following purposes:
- to provide our services to you and to send communications requested by you;
- to answer enquiries and provide information or advice about existing and new services including providing quotes;
- to contact you regarding your feedback and to provide you with our printed materials;
- to develop new offers, products and services and to help us improve our business;
- to provide you with access to physical Armaguard sites across the business;
- to conduct recruiting activities and/or assess job applications;
- to conduct workforce planning;
- to ensure we comply with our safety obligations;
- to ensure we comply with all applicable laws;
- to ensure we comply with all our insurance obligations;
- to provide you with access to protected areas of our website;
- to assess the performance of the website and systems and to improve the operation of the website and systems;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of us and our related bodies corporate, contractors or service providers;
- to provide your updated personal information to our related bodies corporate, contractors or service providers;
- to comply with our contractual obligations to our customers, particularly those with security requirements;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority including, for example, workplace safety obligations under the WHS Act and the SRC Act; and verifying your identity as required by the AML/CTF Act.
7. Our website
As our website is linked to the internet, and the internet is inherently insecure, whilst we take reasonable steps to protect any information provided on and through our website, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
8. Who do we disclose your information to?
We may disclose your personal information to the third parties listed below for one or more of the purposes described above, some of whom may be located overseas:
- our employees, related bodies corporate, contractors or service providers (some of whom are located overseas including New Zealand, the United Arab Emirates and the Asia-Pacific region) for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
- our customers, particularly those with security requirements;
- other third parties appointed by Armaguard (for example, the distributors of our printed materials) who may require access to personal information in order to perform our services and our business operations;
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes;
- the Office of the Australian Information Commissioner (OAIC) for the purposes of compliance with our obligations under the Act;
- AUSTRAC for the purposes of compliance with our obligations under the AML/CTF Act;
- police and other law enforcement bodies where relevant to their enforcement related activities;
- our insurers in relation to claims and to meet the requirements of our insurance policies; and
- any organisation for any authorised purpose with your express consent.
We may combine or share any information that we collect from you with information collected by any of our related bodies corporate (within Australia).
9. Direct marketing materials
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
10. Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- our related bodies corporate, located across the Asia-Pacific region;
- our data hosting and other IT service providers, located in various locations throughout the world; and
- other third parties located throughout the world.
11. Security of personal information and data quality
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
We may hold your information in either electronic or hard copy form. Personal information is stored securely and is subject to restricted staff access, personal logins, IT and security policies, secure archiving and document management controls.
We have a Data Breach Response Plan in place to assist us in responding quickly to suspected data breaches. We also have dedicated internal resources to assist us in managing a “eligible data breach” under the Act, which occurs where:
- there has been unauthorised access to or unauthorised disclosure of the information; or
- the information is lost in circumstances where unauthorised access to or unauthorised disclosure of the information is likely to occur,
and a reasonable person concludes that such access or disclosure, or loss of information would be likely to result in “serious harm” (such as serious physical, psychological, emotional, economic, reputational or financial harm) to any of the individuals to whom the information relates.
If we suspect an eligible data breach has occurred but do not have reasonable grounds to believe there has in fact been a breach, we will carry out a reasonable and expeditious assessment as soon as possible and in any event, within 30 days of suspecting a breach, to determine whether there are reasonable grounds to believe that there has in fact been an eligible data breach.
If we have reasonable grounds to believe that there has been an eligible data breach, we will, as soon as practicable, provide a statement to the OAIC setting out the details of the breach in a form required by the OAIC (Notification Statement). If practicable, we will take reasonable steps to notify the contents of the Notification Statement to each individual to whom the relevant information relates, or to each individuals who may be at risk of serious harm from the eligible data breach. If neither of these two options are practicable, we will publish a copy of the Notification Statement on our website, and take reasonable steps to publicise the contents of the Notification Statement. In providing the contents of the Notification Statement, we will inform you of our recommendation of steps that individuals can take to protect themselves from such data breach.
We take reasonable steps to destroy or permanently de-identify and archive any personal information when it is no longer needed or when we are no longer required by law to retain it (whichever is the later).
12. How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us using the contact information below.
We will need to verify your identity before giving you access. We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal and details of how you can complain if you are not satisfied with our decision.
We will take reasonable steps to ensure that the information we collect, store, use or disclose about you is accurate, complete and up-to-date, and relevant for any purpose for which it is used or disclosed. However, if you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may ask us to update or correct it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
13. What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, or if you have any questions about your privacy, please contact us using the contact information below and provide details of the incident so that we can investigate it. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the Act, if applicable).
14. Contacting us
You can contact our Privacy Officer via:
Privacy Officer Linfox Armaguard Pty Ltd
37 Vaughan Street
ESSENDON FIELDS VIC 3041 Australia
+61 3 8378 3700
17. List of included companies
- Linfox Armaguard Pty Ltd
- Integrated Technology Services Pty Ltd
- Point 2 Point Secure Pty Ltd
- ACM Holdings (NZ) Limited
- Armaguard Valuables Management LLC
- Global Integrated Solutions Pty Ltd
- Integrated Technology Solutions Ltd
- ACM New Zealand Limited
- ITS NZ Ltd
- Global Integrated Solutions Limited