HKV logo with tag line

PRIVACY POLICY

1. PURPOSE
This policy seeks to ensure that personal information managed by the HKV is handled in a way that is compliant, ethical and adheres to industry best practice.
Personal information is in general terms, any information that can be used to personally identify an individual.

2. SCOPE
This standard applies to all users of HKV and a business as a whole. Where local legislation, regulations or governing authorities differ in the application and or interpretation of privacy requirements, those rulings shall supersede ones in this policy.

3. THE TYPE OF PERSONAL INFORMATION WE COLLECT
The information collected by the HKV will depend on the products, services or information you ask us to provide to you, and the nature of the dealings you have with us.
This will include information to confirm your identity and contact details such as your physical address, mailing address, email and contact phone numbers.

4. HOW WE COLLECT PERSONAL INFORMATION
Information is collected in several ways including but not limited to:
•  When you make an enquiry, complete an application or request an order.
•  Through your communication with us, which may include emails, letters, phone conversations, meetings, or other correspondence between you and our representatives.
•  Through other interactions with our websites, social media or direct marketing material.
•  Where required, we also collect information from third parties where we have your consent, a legal requirement or a permissible business requirement to do so. Examples of third parties include credit reporting agencies, law enforcement agencies and other government entities.

5. HOW WE HOLD AND MANAGE PERSONAL INFORMATION
We keep your hard copy or electronic records on our premises and systems or offsite using trusted third parties.
Our security safeguards include:
Staff Education
•  We train and remind our staff of their obligations with regard to your information. Taking precautions with overseas transfers and third parties.
•  When we send information overseas or use third parties that handle or store data, we ensure that appropriate data handling and security arrangements are in place.
System Security
•  When you transact with us on the internet via our website or mobile apps, we encrypt data sent from your computer to our systems. We have firewalls, intrusion detection systems and virus scanning tools to protect against unauthorised persons and viruses accessing our systems. We limit access by requiring use of passwords.
Destroying data when no longer required
•  Where practical, we keep information only for as long as required (for example, to meet legal requirements or our internal needs).

6. ACCESS TO PERSONAL INFORMATION
If you wish to seek access to the personal information, we may hold about you, please contact our Privacy Officer using the contact details set out below. Where we hold information that you are entitled to access, we will try to provide you with a suitable and secure means of accessing the data. Where we are not able to provide you with the details you have requested, for example if it would breach or have the potential to breach another individual’s privacy rights, we will provide a reason for the refusal. If you believe that the personal information, we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. Depending on the nature of the changes requested, we may ask for further confirmation of identity and/or that the request is submitted in writing for audit and compliance purposes.

7. COOKIE COLLECTION
Cookies are small text files that can be placed on your computer or mobile device to identify your web browser and track activities on our website and other sites. Page tags, also known as web beacons or gif tags, help track website or email usage information. We use cookies to personalise your experience, assist in using our services, monitor usage statistics, improve our offerings, and target relevant advertisements. By combining cookies and page tags, we enhance our services, measure advertising effectiveness, and improve user experience.

YOUR CHOICE TO ACCEPT OR REJECT COOKIES:
You can use the browser settings to accept/ reject cookies. However, rejecting cookies may affect the functionality and experience of our website. You can change your browser settings to receive cookie notifications or reject cookies.

8. COMPLAINTS PROCESS
If you believe that we have breached or potentially breached our privacy obligations, please contact the Privacy Officer in the first instance using the contact details set out below. Depending on the nature of the breach or potential breach, we may ask for further confirmation of identity, details of the complaint and/or that the request is submitted in writing for audit and compliance purposes.

9. DISCLOSURE TO THIRD PARTIES
We may exchange your information with third parties where this is permitted by law or for any of the purposes mentioned in section 4.
Third parties include:
•  Those to whom we outsource certain functions.
•  Transactional processing (e.g. online bank payments)
•  Auditors and compliance regulators.

10. LINKS TO OTHER WEBSITES
Our Sites may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. Third parties are under no obligation to comply with this Privacy Policy with respect to Personal Data that you provide directly to those third parties or that those third parties collect for themselves. We do not control the third-party sites that may be accessible through our Services. Thus, this Privacy Policy does not apply to information you provide to third-party sites or gathered by the third parties that operate them.

11. CONTACT US
If anyone wishes to access, amend or delete their personal information, or withdraw consent for a specific use or disclosure of their personal information, they should contact the following:
HKV Office Email: ITpolicy@HKV.com.au

12. CHANGES TO THIS POLICY
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. If we make any material changes to the Policy, we will notify you via email, through a notification posted on the Services, or as required by applicable law. You can see when the Policy Was last updated by checking the date at the bottom of this page. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective from when they are posted on this page.

13. ANNUAL REVIEW
The ISMS-related documents shall be reviewed once every year, or whenever the ISMS is updated. Internal Audit for the Information Security Management System based on the ISO standard(s) covered in the scop shall be carried out at least once a year, and a report shall be submitted to the ITC (Information Technology Committee). All the processes and procedures shall be reviewed at least annually to ensure compliance with the current changes and practices.

14. RELATED REFERENCE(S)
Related Standard(s) – ISO/IEC 27001:2013
Detailed Reference(s) – A.18 Compliance