This policy outlines how echorealty collects, uses, stores and discloses personal information in accordance with the Australian Privacy Principles 2014 (APPs) under the Privacy Act 1988 (Cth) (Act).
This policy applies to all individuals of who echorealty will be collecting personal information from. Individuals include, but are not limited to, tenants, applicants, residents, household members and property owners.
- Applicant – the person who makes a formal application for tenancy
- Household members – all people living in the home regardless of age or relationship
- Housing owners – the person who owns the house
- Resident – a person who lives in the property on a permanent basis
- Tenant – the person who signs the residential tenancy agreement with echorealty
4.1 Personal Information
- Profession, occupation or job title
- Email address
- Work experience
- Contact number
- Educational qualifications
- Age or date of birth
- Centrelink information
- Credit information and other financial records
- Next of kin
- Country of origin
- Public trustee details
- Religious belief
- Bank statements
- Employment history
- Criminal history
- Income details
- Tax File Number / Returns
- Proof of identity
- Past tenant ledgers
echorealty may also collect information that is not personal information because it does not identify a particular individual. For example, echorealty may collect anonymous answers / feedback to surveys or aggregated information about how users use the echorealty website.
4.2 Collecting Personal Information
echorealty collects personal information directly from the individual unless it is unreasonable or impracticable to do so. echorealty collects personal information in the following ways:
• Written forms
• Over the phone or other messaging technology
• Internet, including email or echorealty’s website
• Hardcopy documents provided by individuals
• Third party, e.g. previous landlords, personal referees etc.
4.3 Purpose of Collecting Personal Information
echorealty collects personal information to perform business activities and deliver on service requirements. echorealty will not collect information unless it is for a proper and lawful purpose.
In most situations, individuals will be advised as to why echorealty is collecting personal information and who else might receive this information. echorealty may decide not to provide this advice to individuals if:
• The individual does not want echorealty to give them this advice
• echorealty is not legally required to provide the advice
The purposes for collecting information are as follows:
• to perform business activities
• for communication purposes
• to engage in direct marketing
• to seek feedback and improve on services
• for internal administrative, marketing, planning, and research requirements
If an individual does not provide echorealty with personal information when prompted, echorealty may be unable to contact the individual or provide any services to the individual.
4.4 Unsolicited Personal Information
In the event echorealty receives unsolicited personal information, echorealty will determine whether it could have been lawful for the personal information to be collected if it had been solicited. If it is not, echorealty will destroy the information or ensure that the information is de-identified, as soon as practicable and only if it is lawful and reasonable to do so.
4.5 Disclosure of Personal Information
echorealty will only disclose personal information to a third party:
• If the disclosure is directly related to the purpose for which the information was collected and there is no reason to believe that the person concerned would object;
• If the person to whom the information relates was informed when the information was collected that it might be disclosed in this way;
• If it is reasonably believed that the disclosure is necessary to prevent or lessen a serious and imminent threat to any person’s health, safety or life;
• Where the person to whom the information relates to has provided informed consent;
• If a permitted general situation exists in relation to the use or disclosure of the information; or
echorealty and NSW police may also exchange information under the guidelines of the Record of Understanding to:
• Maintain law and order in and around echorealty properties
• Develop and implement crime prevention and community safety strategies
A deed of confidentiality may be signed by all the officers accessing the information and the signed deed placed on the tenant file, where necessary.
echorealty will provide information to police when subpoenaed, unless the information is not in the public interest – in these cases, echorealty may lodge an appeal not to provide the information.
Where information is being disclosed to a third party, echorealty ensures that the third party is also bound by the Privacy Act and has an obligation to keep personal information confidential and to take reasonable steps to keep the personal information secure from misuse, interference, loss, unauthorised access, modification or disclosure.
4.6 Storage of Personal Information
echorealty is committed to protecting personal information and takes reasonable steps to ensure personal information is protected from misuse, interference, loss, and unauthorised access, modification or disclosure. Some of the security measures include:
• Physical, electronic, and procedural safeguards in line with industry standards (such as passwords and physical locks on cabinets)
• Secure server and closed network environments
• Limited access to personal information (e.g. only relevant employees who require an individual’s personal information to carry out his / her normal line of duties are allowed access)
• Management of access privileges, and regular review of the privileges
• Destroying or de-identifying personal information pursuant to the law and record retention policies
4.7 Sensitive Information
Sensitive information’ is a subset of personal information and is defined as:
• information or an opinion (that is also personal information) about an individual’s:
o racial or ethnic origin
o political opinions
o membership of a political association
o religious beliefs or affiliations
o philosophical beliefs
o membership of a professional or trade association
o membership of a trade union
o sexual orientation or practices, or
o criminal record
• health information about an individual
• genetic information (that is not otherwise health information)
• biometric information that is to be used for the purpose of automated biometric verification or biometric identification, or
• biometric templates
echorealty recognises that sensitive information is generally afforded a higher level of privacy protection under the APPs than other personal information. echorealty recognises that inappropriate handling of sensitive information can have adverse consequences for an individual or those associated with the individual, including discrimination, mistreatment, humiliation, embarrassment and the undermining of an individual’s dignity.
echorealty may collect sensitive information about an individual where the individual has provided consent and where the information is relevant to the services provided by echorealty.
4.8 Access and Correction of Information
Individuals have the right to request access to the personal information echorealty holds about them, and request for correction of any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information. It is the individual’s responsibility to inform echorealty of any corrections or changes to personal information. If an individual would like to request access to, or correction of the personal information held by echorealty, please contact echorealty using the details provided in Section 4.10 below.
If an individual is concerned that echorealty has not complied with applicable privacy laws, the individual may raise a complaint internally through echorealty’s complaints process. The process is as follows:
Step 1: Let echorealty know
If you would like to make a complaint, you should let us know by contacting out Privacy Officer using the details provided in Section 4.10 below. A response will be provided as soon as practicable.
Step 2: Investigation of Complaint
Your complaint will be investigated by our Privacy Officer. A response to your complaint will be provided in writing within a reasonable period.
Step 3: We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:
Office of the Australian Information Commissioner (OAIC)
GPO Box 5218
Sydney NSW 2001
Note: Complaints must be made in writing
4.10 Contacting echorealty about Privacy
Individuals may contact echorealty with regards to the following matters:
Matter Contact Details and Options
• Access, update or correct personal information
• Opt out of receiving newsletters or echorealty related direct marketing material Telephone: 1800 MY ECHO (1800 69 3246)
Address: Henry Dodd House ,9-13 Argyle Street Parramatta NSW 2150
• Seek more information about anything contained in this policy
• Make a privacy related complaint or feedback Telephone: 1800 MY ECHO (1800 69 3246)
Address: Privacy Officer, Henry Dodd House ,9-13 Argyle Street Parramatta NSW 2150
This policy is subject to change from time to time at the discretion of echorealty. Where an individual is observed to not be working within the scope of this policy, the breach will be addressed by a team leader.
It is the responsibility of the:
- Chief Executive Officer to ensure this policy and associated procedures are applied and committed to by the Business Leadership Team.
- Team Leaders to ensure familiarity with this policy and related procedures, to commit to following them accordingly and where relevant, promote the policy to their team.
- Employees to ensure they comply with this policy, be responsible for their own behaviour and if required, attend relevant training as provided by the company from time to time.
- Privacy Officer to ensure staff training are conducted, keeping echorealty up to date with regards to privacy related matters, responding to individuals in relation to privacy related matters and dealing with privacy related complaints.
- Australian Privacy Principles 2014
- Privacy Act 1988 (Cth)
- Privacy Amendment (Enhancing Privacy Protection) Act 2012
- Office of the Australian Information Commissioner