Northline Partnership (ABN 18 677 809 229), Northline Pty Ltd (ABN 53 283 605 228) and Northline Service Centre Pty Ltd (ABN 73 538 961 387) (Northline, we, us or our) value the protection of privacy for every individual. This policy sets out how Northline will handle personal information in compliance with the Privacy Act 1988 (Cth) (Privacy Act) as amended and the Australian Privacy Principles (APPs).
If you are resident or present in a country in the European Union, then to the extent that the EU General Data Protection Regulation (GDPR) applies, Northline will in the management and treatment of your personal data (which is generally referred to in this policy as ‘personal information’) comply with the GDPR requirements.
This policy applies to any personal information relating to Northline employees, suppliers, contractors, customers and other individuals that is collected, recorded or stored by Northline.
Consideration of Personal Information & Definition of Terms
To enable Northline to operate as a responsible and accountable logistics provider, personal information of customers, sub-contractors and suppliers may need to be collected. Northline collects personal information fairly and lawfully and only when reasonably necessary for business operations. You are not legally required to provide personal information to Northline, but if our request is declined, we may not be able to provide our services in the most effective or efficient manner, or at all.
Personal information within this policy means any information, whether true or not, relating to an individual whose identity is apparent or can reasonably be ascertained from the information.
We also use words and expressions which are defined in or for the purposes of the Privacy Act, the APPs, or the GDPR.
Sensitive information has the same meaning as in the Privacy Act, ie. in effect a subset of an individual’s personal information which is ‘highly personal’.
Collection of Personal Information
In the course of our business operations, Northline may collect, hold, use, disclose and store personal information about a variety of individuals. This is including but not limited to:
- customers, prospective customers, and their employees;
- our competitors and their employees;
- our suppliers, business associates and their employees;
- current, former and prospective Northline employees;
- contractors to Northline; and
- other persons who may come into contact with us.
The kinds of personal information that we may collect, hold, store, use and disclose includes but is not limited to:
- contact information including names, postal and residential addresses, telephone and facsimile numbers, email addresses;
- previous logistics service information relating to Northline;
- financial information including billing and credit card information, bank account details and credit reporting information;
- employment information about your occupation and employer;
- government issued identifiers including Tax File Numbers and Australian Business Numbers (ABNs); and
- sensitive information.
We collect personal information in a number of ways including in person, in writing, via telephone or email from the relevant individual. If it is reasonable and practical to do so, we will collect personal information about you only from you.
When we collect personal information about you, we will take reasonable steps to notify you or ensure that you are otherwise aware of:
- the fact that we have collected your personal information, and whether that collection is required or authorised by law;
- the purposes of collection;
- the consequences if personal information is not collected (such as if this will affect our ability to provide products or services to you);
- the usual situations in which we disclosure personal information of the kind collected;
- whether we are likely to disclose personal information to overseas recipients, and if practicable, the relevant countries in which they are located.
In the course of operating our business it may be necessary to collect personal information from third parties, including government agencies, recruitment agencies, contractors and business partners.
If we collect personal information about you from a third party we will, where appropriate, request that the third party inform you that we are holding such information, how we will use and disclose it, and that you may contact us to gain access to and correct and update the information. We will not however make any such request to any third party in circumstances where it would not be practical to do so.
Purposes for Collecting, Holding, Using and Disclosing Personal Information
Northline uses personal information for the purpose for which it was collected, or for related purposes permitted by law.
In general, Northline will collect, hold use or disclose personal information about you:
- for the purpose of providing or offering goods and services to you and providing you with news and information about our goods and services;
- personalising your experience with our products and services, for example, via connectivity with social media services; and
- communicating with you, including by email, mail or telephone;
- for any other purpose that you may reasonably expect;
- where we are required or authorised by law to do so; or
- for any other purposes disclosed to or authorised by you.
We may disclose personal information to relevant third parties including contractors, suppliers or other related entities that require the information to ensure the provision of services to Northline.
Northline may in the course of its business use personal information for direct marketing of its products and services. You may opt out of receiving future marketing communications from Northline by contacting us directly at any time. If you are resident or present in a country in the European Union, then unless you have previously given your consent to receive marketing communications, you will need positively to consent and “opt in” to receiving such marketing communications.
How Information is Stored, Managed and Protected
Personal Information is either stored in facilities that Northline owns and manages or those that are owned and operated by our service providers.
Northline takes reasonable steps to maintain the security and protect all personal information in our care. These may include; restricting electronic and physical access to personal information; having in place information back up and standby systems to deal with major business interruptions; maintaining technology security products; requiring any third party providers to have acceptable security measures to keep information secure, including confidentiality arrangements; destroying or de-identifying personal information pursuant to the appropriate laws.
Northline ensure that the appropriate electronic and physical safeguards are employed to protect the personal information that it possesses. Personal information held by Northline is generally stored in physical records or in digital form and hosted on third party servers located in Australia.
All reasonable steps to ensure the security of personal information are taken by Northline in accordance with the law. Any personal information no longer needed for Northline’s business purposes will be destroyed or de-identified in accordance with the law.
Northline websites uses ‘cookies’. A cookie is a piece of data that is stored on a computer or device which allows us to enhance your online experience with us.
When one of our websites is visited, records of visits may be logged for statistical, maintenance or improvement purposes. The service or internet provider address is collected and cannot be traced to an individual user. We do not identify the browsing history of our website users and visitors. The only exception to this is where a law enforcement agency lawfully requires us to, or we are required to do so under local law.
If you do not wish to accept cookies, you can set your browser to refuse them.
Cross Border Disclosures
We only send your personal information to overseas recipients if you engage us to provide global freight services. The countries in which the overseas recipients will be located will be the countries nominated by you in accordance with your global freight request.
We will take reasonable steps to ensure that the overseas recipient complies with Australian privacy laws. By providing your personal information to us, you consent to the disclosure of your personal information to overseas entities when required for the provision of Northline services to you or as authorised by law. For the avoidance of doubt, in the event that such an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
Some of these countries may not be located in the European Union or European Economic Area (EEA). While countries outside the EEA do not always have strong data protection laws, we will require all service providers which process your information to do so in a secure manner and in accordance with Australian privacy laws and the GDPR. We will use standard means under EU law to legitimise data transfers outside the EEA.
Access and Correction of Personal Information
Under certain circumstances, by law you have the right to:
- Request information about whether we hold personal information about you, and, if so, what that information is and why we are holding/using it.
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see e. below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Object to automated decision-making including profiling, that is not to be subject of any automated decision-making by us using your personal information or profiling of you.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request transfer of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes to which you originally agreed, unless we have another proper and legitimate basis for doing so.
Exercise of your rights
If you want to exercise any of the above rights, please contact our privacy officer at the contact address below.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly completely unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If you have any complaints in respect of our handling of your personal information, you should contact us by email or post at the details listed below, providing as much detail as you can about the particular information you have a question or concern about.
Northline will within 14 days of receiving any complaint, provide you with a written response acknowledging receipt of the complaint and set out how we propose to deal with it. We will then investigate the complaint and within 30 days of the date of your complaint or such longer period as agreed by you in writing, provide you with the outcome of our investigation in writing. In some circumstances, we may not be able to provide you with access to your information – for example where giving access would have an unreasonable impact upon the privacy of others, where it relates to legal proceedings, where it would be prejudicial to negotiations we are holding with you, where we are required by law to withhold the information, or where it would reveal information relating to our commercially sensitive decision making processes.
If we are unable to provide you with access to your information, or make any amendments which you have requested, we will provide you with reasons for our refusal.
Our privacy officer can be contacted as follows:
Mail: C/- Privacy Officer, Northline, PO Box 860, Kent Town SA 5071
Telephone: Customer Service – 1300 722 534
Email: [email protected]
We take all complaints seriously, and will respond to your complaint within a reasonable period.
If you are not satisfied with Northline’s response to your request for access or correction to your personal information, you may make a complaint at any time to a supervisory authority. The data protection supervisory authority for you depends upon the country or geographical area in which you are located, but in Australia is the Office of the Australian Information Commissioner, contact by mail at GPO Box 5218, Sydney NSW 2001, by telephone on 1300 363 992, or via email at [email protected].
- Further Information