Arrow ECS Australia Pty Limited (ABN 70 006 687 056) and Arrow ECS New Zealand Limited its related bodies corporate (‘Arrow ECS ANZ’, ‘we’, ‘us’, ‘our’) understand the importance of protecting the privacy and the rights of individuals (‘you’, ‘your’) in relation to personal information. We respect your rights to privacy under the Privacy Act 1988 (Cth) (‘Act’) of Australia. It is our policy to comply with the requirements of the Act and the Australian Privacy Principles (‘APPs’) contained in the Act, in all activities of Arrow ECS ANZ involving the collection, management, use, storage, disclosure and handling of personal information.
When you engage us to provide you with any goods or services, apply or complete an application for commercial credit, communicate with us through email, by telephone, in writing, participate in any of our promotional activities, or use any of our other services, including our websites, you agree to the use and disclosure of your personal information in the manner described in this Policy.
Collection of personal information
Personal information means information from which your identity is reasonably identifiable. This may include information or an opinion about you, whether true or not.
The kinds of personal information we may collect and hold will depend on what type of interaction you have with us. Personal information we may collect from you includes, among other things:
- identity particulars such as your name, phone and facsimile numbers, email addresses, profession or job title;
- personal information we collect from you when assessing, processing and managing an application by you for commercial credit or in placing an order with us;
- personal information you provide to us when you participate in a promotion, competition, promotional activity, survey, market research, or subscribe to our mailing list;
- your bank, credit or debit account details when you make a purchase;
- your records of communication with us;
- if you visit our website, your website usage information such as your IP address; and
- if you are applying for a position with us, we may also collect your visa or citizenship status.
Sensitive information includes health information, criminal history and trade or professional association membership. We generally do not collect sensitive information, unless it is specifically relevant and necessary for the purpose of our business activities and functions. For example, if you are a contractor we are looking to engage to perform professional services, we may require criminal background checks of you or your staff. If we do collect and/or hold sensitive information, we will only do so with your express consent.
How do we collect personal information?
Your personal information is only collected by lawful and fair means and where practicable, only from you or from a person acting or authorised to act on your behalf, unless it is unreasonable or impracticable to do so.
When collecting personal information from you, we may collect in ways including:
- from your access and use of our websites;
- during conversations between you and our representatives where you express interest in engaging with us;
- through your use of telephone and email communication with us or our customers; and
- when you or your organisation submits a document or data containing personal information (for example, emails, contact forms, order forms, purchase orders, quotes, invoices, credit applications, proof of identification, direct debit requests, agreements, statements of work, surveys, etc).
We may also collect personal information about you from third parties including:
- our customers (resellers and vendors);
- publicly available sources;
- third party companies such as data providers and brokers, credit reporting bodies, law enforcement agencies and other government entities; and
- if you are applying for a position with us, recruitment companies, websites, other organisations and with your consent, referees.
Some of the personal information we hold or deal with is not collected by us, but by customers and partners. For example, some of our vendors require that each purchase order have end user details (i.e. a contact name and number).
In respect of personal information which is provided to us by our customers and partners, we do seek assurances that all such personal information has been collected lawfully and in compliance with the Act.
Purposes for which we collect, hold and disclose your personal information
We may collect, hold, use or disclose your personal information for the following primary purposes:
- our general business operations and functions, including providing you with our product and services;
- to provide and answer questions about products and services to you and/or your organisation and to send communications when requested;
- to conduct business processing and related functions including providing personal information to our related bodies corporate, clients, contractors, service providers or other third parties;
- for marketing (including direct marketing);
- to update our records to keep your contact details up to date;
- to process and respond to any complaint made by you;
- if you are applying for a position with us, to assess your application;
- to comply with our legal or regulatory requirements, or where required by law;
- conducting business on our website, and improving our websites; and
- for any other purpose related to or ancillary to any of the above.
We only collect commercial credit information, and do not generally collect consumer credit information. If we do collect an individual’s credit information, such as a sole trader applying for an account with us, it will always be in the context of commercial credit. Where you have applied for commercial credit account with us, we may also make enquiries in respect of commercial credit with third parties with your consent.
This could include persons nominated by you as trade references, credit reporting bodies (‘CRBs’) and your bankers.
We may also use your personal information for the other purposes related to those described above which would be reasonably expected by you.
- We may disclose your personal information collected from you:
- to our employees, related bodies corporate, vendors, resellers, contractors or service providers in order to provide products and services to you and our clients;
- to third party services such as web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, debt collectors, and professional advisors such as accountants, solicitors and consultants;
- for direct marketing, but giving you the opportunity to opt out of such direct marketing and we will include our contact details in any direct marketing;
- to relevant Federal, State, Territory medical, health and safety authorities (as required);
- where the law requires or authorises us to do so;
- to others that you have been informed of at the time any personal information is collected from you; and
- to any organisation for any authorised purpose with your express consent.
We may combine or share any information that we collect from you with information collected by any of our related bodies corporate.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information for the purposes described above, some or all of the following may happen:
- we may not be able to provide the requested products or services to you, either to the same standard, or at all;
- we may not be able to provide you with information about products and services that you may want, including discounts or promotions; and
- we may be unable to tailor the content of our websites to your preferences.
Using our website
- to store your preferences and tailor our websites to you;
- marketing purposes;
- statistical purposes;
- to identify if you have accessed a third party website; and
- security purposes.
Our web server may collect the IP address of your computer when you visit our websites.
Security and storage of personal information
We take all reasonable steps to ensure your personal information is protected from misuse, loss and unauthorised access. Some of the measures we take include installing security and access requirements for all our IT systems, encrypting data and having physical and procedural safeguards. We may hold your information in either electronic or hardcopy form, and will take all reasonable steps to ensure personal information is destroyed or de-identified when no longer needed.
If a substantial data breach has or may have occurred (for example, your personal information was shared with unauthorised persons) we will notify you as soon as is practicable.
We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by law. We will take appropriate measures to destroy or permanently de-identify your personal information if we no longer need to retain it. These measures may vary depending on the type of information concerned, the way it was collected and how it was stored.
Disclosure of personal information outside Australia
Your personal information may also be processed by, or disclosed to our employees, representatives, or other third parties operating outside of Australia who work for, or are engaged by us in other countries.
For example, we may disclose your personal information overseas to entities such as:
- our related bodies corporate located in New Zealand, Europe and the United States of America;
- our vendors based overseas, such as in the United States of America and Europe, where you have placed a purchase order for their products; and
- our cloud storage providers, who have servers in locations including Singapore and the United States of America.
We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
Direct marketing and opt-in
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. You may opt-out of receiving marketing communications by contacting us or by using opt-out facilities if sent by email, and we will then ensure that your name is removed from our mailing list.
We will only offer you products or services where we reasonably believe that they could be of interest or benefit to you.
We do not provide your personal information to other organisations for the purposes of direct marketing.
Accurate and up-to-date information
We take reasonable steps to ensure your personal information is accurate, up-to-date and not misleading by updating our records whenever true and correct changes to the data come to our attention.
If you believe your information is incorrect, incomplete or not current, you can request that we update this information by contacting our Privacy Officer (details below).
We will correct information we hold about you if we discover, or you are able to show to a reasonable standard that the information is incorrect. If you seek correction and we disagree that the information is incorrect, we will provide you with our reasons for taking that view.
We disregard information that seems likely to be inaccurate or out-of-date by reason of the time that has elapsed since it was collected or by reason of any other information in our possession.
Accessing and correcting personal information
We acknowledge that you have a general right of access to information concerning you, and to have inaccurate information corrected. You are able to access the personal information we hold about you by contacting our Privacy Officer. If access is refused to your personal information for reasons permitted by the Privacy Act (e.g. access would interfere with the privacy of others, or if it would result in a breach of confidentiality), we will give you a notice explaining our decision and your options.
If you make an access request, we may ask you to verify your identity and put your request in writing for security reasons. We may charge a reasonable administration fee to cover the costs of meeting your request. We will reply to your request for access within 30 days of notification by you.
We do not use or adopt government identifiers (e.g. tax file numbers or Medicare numbers) to identify individuals.
We take our compliance with the General Data Protection Regulation (GDPR) of the European Union seriously. If you have any questions as to how your personal data is being handled by us under the GDPR, please contact firstname.lastname@example.org or contact our Privacy Officer using the details below.
Complaints and disputes
We will ensure your complaint is handled by our Privacy Officer in an appropriate and reasonable manner. Where necessary we may consult with our related entities and partners in order to deal with your complaint. A written notice of our decision regarding your complaint will be provided to you. If you are not satisfied with the outcome, then you may contact the Office of the Australian Privacy Commissioner:
Phone: 1300 363 992
The Privacy Officer
Arrow ECS Australia
Unit 6, 39 Herbert St
St Leonards, NSW 2065, Australia
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint, to discuss your concerns and outline options regarding how they may be resolved.
Last updated: 22 May 2018