Privacy
Policy
Definition
World Options and subsidiaries companies will hereafter be referred to as “World Options”
Introduction
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject).
World Options is pleased to provide the following Privacy Notice.
Personal Data
World Options may use the information collected from you to provide quotations, make telephone contact and email your business with the marketing information that World Options believes may be of interest. Where you are an individual we may provide you with marketing based upon your consent or on the basis of legitimate interest. You may opt out of marketing at any stage.
World Options also acts on behalf of its clients in the capacity of a data processor. When working exclusively as a data processor, World Options will be acting on the instruction of its client.
Some personal data may be collected about you from the forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to personal data like Internet Protocol (IP) addresses. World Options may from time to time use such information to identify its visitors. World Options may also collect statistics about the behaviour of visitors to its website.
World Options website uses cookies, which are strings of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. With the exception of cookies required to make the website work World Options will not use cookies without your consent Where you have given your consent we may use cookies for 3rd-party tracking for advertising, retargeting, A/B testing, session replay, behavioural advertising or other features that are enabled by the use of cookies – please see the full list of cookies [here] .
Parties involved in the process of collecting, generating, analysing or using personal data via cookies include Google, Hotjar, Hubspot, Facebook, Instagram, LinkedIn, Trustpilot and Zapier.
Any information World Options holds about you and your business encompasses all the details we hold about you and any sales transactions including any third-party information we have obtained about you from public sources and our own suppliers such as credit referencing agencies.
World Options will collect information so as to provide you with marketing and consulting services and may share that information with other members of its group and with franchisees for the purpose of providing services to you. Where World Options receives information about consumers (rather than companies) it will not market, nor allow third parties to use the information to market to you without your consent.
We may share your customer data with third parties to perform services on our behalf. Where consent is provided for such sharing, your data may be used where required by law for the purposes set out in that consent.
Legal Basis for processing any personal data
To meet World Options contractual obligations to clients, on the basis of consent and on the basis of legitimate interest in respect of the marketing of similar goods and services.
Legitimate interests pursued by World Options and/or its clients
To promote the marketing and consulting services offered by World Options and/or (with your consent or as processor for our clients) to market the services and/or products offered by World Options’ existing clients.
Consent
Where you have given consent to processing you can withdraw consent at any time by emailing au.support@worldoptions.com or writing to us, see the last section for full contact details.
Disclosure
Retention Policy
World Options will process personal data during the duration of any contract and will continue to store only the personal data needed for five years after the contract has expired to meet any legal obligations. After five years any personal data not needed will be deleted.
Data Storage
Your rights as a data subject
At any point, in respect of any personal data that World Options holds as data controller you have have the following rights (note that where World Options hold data as processor for a third party data controller your rights are as against the data controller):
Right of access –
you have the right to request a copy of the information that we hold about you.
Right of rectification –
you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten –
in certain circumstances, you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing –
where certain conditions apply you have a right to restrict the processing.
Right of portability –
you have the right to have the data we hold about you transferred to another organisation.
Right to object –
you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling –
you also have the right not to be subject to the legal effects of automated processing or profiling.
Where acting as controller, World Options at your request can confirm what information it holds about you and how it is processed
You can request the following information:
Identity and the contact details of the person or organisation (World Options) that has determined how and why to process your data.
Contact details of the Board of Directors, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of World Options or a third party such as one of its clients, information about those interests.
The categories of personal data are collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority (Data Protection Regulator).
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information on automated decision-making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what personal data is held, identification will be required.
World Options will accept the following forms of ID when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If World Options is dissatisfied with the quality, further information may be sought before personal data can be released.
All requests should be made to au.support@worldoptions.com or by phoning +61 1300 345 020 or writing to us at the address further below.
Complaints
In the event that you wish to make a complaint about how your personal data is being processed by World Options or its partners, you can choose to submit your complaint to the details below.
World Options, attention of the Managing Director
Telephone +61 1300 345 020 or email:au.support@worldoptions.com
Data Transfer Policy
Definition
World Options and subsidiaries companies will hereafter be referred to as “World Options”
Scope
This policy and procedure applies across all entities or subsidiaries owned, controlled, or operated by World Options and to all employees, including part-time, temporary, or contract employees, that handle personal data and/or personal data transfers.
Policy Statement
The World Options services/entities may transfer personal data to internal or third-party recipients located in another country where that country is recognised as having an adequate level of legal protection for the rights and freedoms of the relevant data subjects. Where transfers need to be made to countries lacking an adequate level of legal protection (i.e. third countries), they must be made in compliance with an approved transfer mechanism. The World Options services/entities may only transfer personal data where one of the transfer scenarios listed below applies:
The data subject has given consent to the proposed transfer.
The transfer is necessary for the performance of a contract with the data subject
The transfer is necessary for the implementation of pre-contractual measures taken in response to the data subject’s request.
The transfer is necessary for the conclusion or performance of a contract concluded with a third party in the interest of the data subject.
The transfer is legally required on important public interest grounds.
The transfer is necessary for the establishment, exercise or defence of legal claims.
The transfer is necessary in order to protect the vital interests of the data subject
Transfers between World Options services/entities
In order for World Options to carry out its operations effectively across its various services/entities, there may be occasions when it is necessary to transfer personal data internally from one Entity to another or to allow access to the personal data from an overseas location. Should this occur, the World Options service/entity sending the personal data remains responsible for ensuring protection for that personal data.
From time to time, World Options handles the transfer of personal data between World Options services/entities, where the location of the recipient entity is a third country. World Options only transfer the minimum amount of personal data necessary for the particular purpose of the transfer (for example, to fulfil a transaction or carry out a particular service). We ensure adequate security measures are used to protect the personal data during the transfer (including password-protection and encryption, where necessary).
Transfers to Third Parties
Each World Options service/entity will only transfer personal data to, or allow access by, third parties when it is assured that the information will be processed legitimately and protected appropriately by the recipient. Where third party processing takes place, each World Options service/entity will first identify if, under applicable law, the third party is considered a data controller, or a data processor of the personal data being transferred.
Where the third party is deemed to be a data controller, the World Options service/entity will enter into, in cooperation with the Board of Directors, an appropriate agreement with the controller to clarify each party’s responsibilities in respect to the personal data transferred. Where the third party is deemed to be a data processor, the World Options service/entity will enter into, in cooperation with the Board of Directors, an adequate processing agreement with the data processor. The agreement must require the data processor to protect the personal data from further disclosure and to only process personal data in compliance with the World Options instructions. In addition, the agreement will require the data processor to implement appropriate technical and organisational measures to protect personal data as well as procedures for providing notification of personal data breaches.
The World Options have a ‘Standard Data Processing Agreement’ document that, should be used as a baseline template. When a World Options service/entity is outsourcing services to a third party (including cloud computing services), they will identify whether the third party will process personal data on its behalf and whether the outsourcing will entail any third country transfers of personal data. In either case, it will make sure to include, in cooperation with the World Options Board of Directors, adequate provisions in the outsourcing agreement for such processing and third-country transfers.
Responsibility
Compliance, monitoring and review
The overall responsibility for ensuring compliance with the requirements of the related legislation in relation to performing data transfers activities at World Options rests with the Board of Directors.
All operating units’ staff that deal with personal data are responsible for processing this data in full compliance with the relevant World Options policies and procedures.
Terms and Definitions
Office of the Australian Information Commissioner (OAIC):
The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
The Privacy Act includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. Such organisations and agencies are collectively known as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.
Data Controller:
the entity that determines the purposes, conditions and means of the processing of personal data
Data Processor:
the entity that processes data on behalf of the Data Controller
Data Protection Authority in Australia: national authorities tasked with the protection of data and privacy as well as monitoring and privacy as well as monitoring and enforcement of the data protection regulations within the Union
Personal Data:
any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person
Privacy Impact Assessment:
a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data
Processing:
any automated processing of personal data intended to evaluate, analyse, or predict data subject behaviour
Regulation:
a binding legislative act that must be applied in its entirety across the Union
Subject Access Right:
also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them
For more information
Contact our Data Protection Officers who are the World Options Board of Directors by emailing: au.support@worldoptions.com