What is personal information?
This document also refers to “sensitive information”. “Sensitive information” is information or an opinion about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, or health, genetic or biometric information.
Collecting personal information
We may collect the following types of personal information about you:
• Your name and the name of your employer
• Mailing or street address
• Email address
• Telephone number
• Facsimile number
• Profession, occupation or job title
• Credit card details
• Details of the products or services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services or to respond to your enquiries
• Any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence
• Information you provide to us through customer surveys or through conversations with us
• Any information that is provided to us by or that we have collected on behalf of you in the course of our provision of ongoing services to you such as software support. This may include information relating to your staff or your own clients where you operate a business.
Collecting sensitive information
We do not generally collect sensitive information. We may however do so to perform a function authorised or required by a third party organisation (where for example a software support function has been outsourced to us by a customer). We will only do so if you have given your consent either to us or the third party and it is reasonably necessary for the functions or activities of the collecting party or we are required to do so by law.
How we collect personal information
Where reasonable and practicable, we will collect personal information directly from you and inform you that this is being done. We may collect personal information in a number of ways including:
• Through your access and use of our websites
• During our conversations with you
• When you or your organisation submits to us a document containing personal information.
However, in some circumstances it is necessary for us to collect personal information from third parties including:
• From credit reporting agencies
• From law enforcement agencies and other government entities
• From agents, dealers and subcontractors that form part of our sales and/or service network
• From our customers that have outsourced a function to us (such as hosting software)
• From our related bodies corporate and service providers that collect information on our behalf.
If we receive personal information that we have not requested (unsolicited information) and we determine that we could not have collected that information under the Australian Privacy Principles if we had requested it, we will destroy or de-identify that information if it is lawful and reasonable to do so.
Purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose your personal information for the following purposes:
• To provide products and services to you and/or your organisation and to send communications requested by you or your organisation including to inform you of updates or changes to the products or services you have acquired
• To answer enquiries and provide information or advice about existing and new products and services
• To assess and improve the performance, operation and relevance of our websites, products and services
• To facilitate and process your orders and payments
• To perform functions outsourced to us (such as hosting services) which may require us to provide personal information to our related bodies corporate, contractors, service providers or other third parties
• To process and respond to any complaint made by you
• For direct marketing of promotions, products or services that we think may be of interest to you, including adding you to a database compiled by us for this purpose
• To our related bodies corporate and third party service providers for use in direct marketing of promotions, services or products that our related bodies corporate or third party service providers think may be of interest to you, including adding you to a database compiled for this purpose
• For our internal planning, including product or service development, quality control and research purposes and those of our related bodies corporate, contractors or service providers
• For internal accounting and administration purposes
• To update our records and keep your contact details up to date
• For regulatory reporting and compliance with our legal obligations
• To various regulatory bodies and law enforcement officials and agencies to protect against fraud and for related security purposes
• To facilitate product reviews and to seek your feedback in relation to particular products and services in order to improve customer satisfaction and our relationship with you.
Disclosure of personal information by us
• Customer enquiries
• Mailing operations
• Billing and debt-recovery functions
• Information technology services
• Marketing and telemarketing services
• Market research
• Website usage analysis
• Sales and support for our products and services.
In addition, we may disclose personal information to other third parties such as:
• Third party professional advisers such as accountants, solicitors, business advisers, consultants
• Credit-reporting and fraud-checking agencies
• Government and regulatory authorities and other organisations, as required or authorised by law.
We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information. Direct marketing material
We may collect, hold, use and/or disclose your personal information (other than sensitive information) to send you direct marketing communications and information about our products and services that we believe may be of interest to you. These communications may be sent in various forms including mail, SMS, fax and email, in accordance with applicable laws governing the sending of marketing materials.
At any time you may opt-out of receiving marketing communications from us, by using the opt-out facilities specified in our direct marketing communications or by using the contact details set out below under “How to contact us”. We will then ensure that your details are removed from the relevant marketing contact list you have elected to opt-out of.
Web site collection
We collect information from our web sites during the optional web site registration process and during your use of our web sites. More specifically, information is collected in the following ways:
During our one-off registration process, the following information is collected: your email address, name, organisation (if any), address, telephone number, facsimile number (optional), where you heard about our websites (optional), your ship-to number (optional), your areas of interest for our daily email alerting service (optional), the type of information to be included in those email alerts, your username and password.
When you purchase goods from us online, we (either directly or through our service providers) need to collect the following information from you: Your username, password (if you want us to automatically enter existing contact details), name, organisation, email address, telephone number, facsimile number (optional), mailing address, cardholder name, credit card type, credit card number and credit card expiry date.
Our web servers
When you browse our web sites, our web servers, which may be controlled by us directly or indirectly through our service providers, make a record of your visit and log the following information, mainly for statistical analysis or system administration purposes:
• Your Internet protocol (IP) address and/or fully qualified domain name
• The date and time of your visit to the web site
• The web pages which you accessed, the files you downloaded and the size of those pages/files
• If you followed a link to our web site, the name of the previous web page and the name of the web site you visited
• The type and version of your web browser (for example, MS Explorer, Firefox or Chrome)
• The name of your operating system (for example Windows 7 or 8, Apple or Linux)
• The protocols used (for example http, https, ftp).
Search terms that you provide when you search our web sites are collected for statistical analysis, to understand what users are looking for on our web sites and to improve the products and services which we provide.
Our web servers generate a single cookie which is used to let us know who you are, to deliver information, publications and services to you based on your account information and to keep track of the web pages you visit while you are using our web sites. The cookie contains an organisation identity number (if any), user type, group identity number (if any), user identity number and the browser session identity number.
If you do not wish to receive cookies, you can set your browser so that your internet enabled device does not accept them. However your browser must have cookies enabled for you to be able to use our web sites.
Our Internet Service Provider (ISP) and your ISP may make a record of your visit to our web sites and collect some or all of the same or similar information as referred to above under Web site collection.
We may from time to time use third party services for the serving or targeting of advertisements, promotions or other marketing information on our web sites.
When you follow a link from our web sites to a third party web site, that web site may make a record of your visit and collect some or all of the same or similar information that we collect as referred to above under Web site collection. We are not responsible for the privacy practices or the content of any third party web sites.
Consequences if we cannot collect personal information
If you do not provide us with personal information some or all of the following may occur:
• We may not be able to provide requested products or services to you. If for instance you do not complete an on-line registration process, then you will not have access to our free Web Guide reviews and links to online information, news and events in your area(s) of interest, our opt-in daily email alerting service or a range of other free services. Where purchasing goods from us online, a failure to provide the required personal information will mean we will be unable to process your order
• We may not be able to provide you with information about products or services
• We may be unable to tailor the content of our websites to your preferences and your experience of our web sites will not be as enjoyable or useful.
Accessing and correcting personal information
If you wish to access, correct or update any personal information we may hold about you, please contact us as set out below under “How to contact us”. We may charge you for our reasonably incurred costs in providing access to this information. We will not charge you for correcting information. We may refuse access in certain instances, where for example, granting access would interfere with others’ privacy. Where we are unable to provide access to your personal information we will give you a written notice setting out:
• the reasons for the refusal (to the extent it is reasonable to do so); and
• the steps that can be taken to lodge a complaint in respect of our refusal.
Alternatively, if you have registered to use our web sites, most of the information provided during registration may be corrected by you online through your personalised Membership Services pages. The information which you can correct includes your name, street address, contact details (telephone number, facsimile number, email address), password and your daily email alerting service profile.
Disclosure of personal information to overseas recipients
Your personal information may be disclosed to organisations located outside of Australia. This may occur for example, where we have a database or server hosted outside of Australia or where your personal information is disclosed to a related body corporate. We may for instance transfer personal information to related body corporates located in the United States of America.
Your personal information may also be transferred to organisations located outside of Australia for processing, storage or support services. The countries to which we are most likely to send your personal information for these services include India, Indonesia, Malaysia, Philippines or the United States of America. These countries may have different data protection laws. By using these services you consent to the transfer of information to organisations located outside of Australia.
Prior to us disclosing your personal information overseas we will take all reasonable steps to ensure that the overseas recipient does not breach our privacy obligations relating to your personal information and that the personal information is used for the same purposes for which we are authorised to use the personal information.
Protecting the security of personal information
We may hold your personal information in either electronic or hard copy form. We have security measures in place and take all reasonable steps to ensure that your personal information is stored in a secure environment and is protected from misuse, interference, loss, unauthorised access, modification and disclosure.
Whenever you register or purchase goods or services from our web sites, we use current technology to encrypt the information and online access to your information, products and services requires you to provide a username and password. The sections of our web sites dealing with credit card information are capable of working with browsers using high-security encryption.
Where we are not required or authorised by law to retain your personal information, it will be destroyed or de-identified when it is no longer required for any purpose for which we may lawfully use or disclose it.
Notification of collection of personal information
The General Data Protection Regulation
To protect the personal data of individuals and customers in the European Union and to keep up with everchanging technology, as per the May 25, 2018 the General Data Protection Regulation (GDPR) came into effect. The GDPR impacts every organization which stores or processes personal data of individuals across the European Union. The GDPR aims to strengthen the rights of individuals over their personal data and creates a harmonized personal data protection standard.
Consistent with the Wolters Kluwer company values and business principles data privacy is also at the heart of our approach to the GDPR. We fully understand the importance of data privacy standards to our customers and we recognize the obligations that apply to managing, storing and processing personal data.
As a trusted partner to professionals, we want our customers to be confident that their personal data are protected. The Wolters Kluwer Corporate Privacy Office engaged in a cross-functional enterprise wide GDPR program. We have reviewed the data processes (policies, standards and documentation) and practices throughout our company and implemented processed to protect personal data. We trained our employees on their responsibilities and new ways of working related to GDPR; we partner with third parties and vendors to ensure their compliance; and we assessed customer contracts and continue to work with our customers to help to support them.
At Wolters Kluwer, we are committed to protecting our customers’ personal data. We deliver on this promise by striving to keep information secure and respecting the rights of individuals to protect their personal data and to support your commitments to your clients.
Complaints about a breach of privacy
We take compliance with our privacy obligations seriously. We will ensure that your complaint is registered with us and may request that you provide the complaint in writing. The Privacy Officer will ensure that the complaint is referred to the correct persons within the organisation to investigate and respond to the complaint. Any response or action will be notified to you as soon as practicable.
The Privacy Officer’s details are set out below under “How to Contact Us”.
How to contact us
Mail – The Privacy Officer, CCH Australia Limited, GPO Box 4072, Sydney, NSW 2001