Last Updated: 30th May 2014
What kinds of personal information does Potentiate collect, stores, analyses and hold?
The kinds of personal information that we collect will vary depending upon our interaction with you but may include:
- Your name, address and other contact details (like your telephone number).
- Your email address.
- Your date of birth.
- Your gender.
- Geographic location.
- Any preferences or profiling information that you tell us about.
- Any other personal information which may be required in order to facilitate your dealings with us.
With your consent, Potentiate may also collect sensitive information from you. In referring to 'sensitive information' Potentiate means information relating to a person's racial or ethnic origin, membership of political bodies, religions, trade unions or other professional or trade association, sexual preferences, criminal record and health information. By way of example, some of Potentiate’s profile or survey questions relate to health information. If you decide to provide Potentiate with sensitive information, it is Potentiates’ policy that this information will be used and disclosed only for the purpose for which it was provided (which will be advised at the time of collection) or a directly related secondary purpose, unless you agree otherwise or where the use or disclosure of this information is permitted by law.
How does Potentiate collect personal information?
Generally, we collect personal information when you:
- Participate in a survey, competition, promotion or other marketing campaign that we run independently or on our client’s behalf.
- Indicate that you wish to receive news, offers or other marketing material from Potentiate.
- Make an inquiry or a complaint.
- Apply for employment at Potentiate.
- Have other dealings with us, for example, via social media or in person, over the phone or when you write to us.
Sometimes we collect personal information about you from other sources, for example: our related companies which include Sampleworx, The Number Tub, Integrated VoIP Solutions, Potentiate Malaysia & Potentiate Japan; Our business clients and their third party suppliers and contractors; and third party suppliers and contractors who assist us to operate our business.
Also, Potentiate collects personal information about individuals who are not customers. This is usually where we collect the name and business contact details of a person who is the contact in a government agency or company with whom we deal. Potentiate’s policy is to only use personal information collected from non-customers for the main business purpose for which it was collected.
How does Potentiate hold personal information?
Potentiate may hold your personal information in electronic or hard copy format or a combination of both. This personal information may be combined or linked with other information held about you, including information that we receive from third parties. We have taken a number of physical, electronic and procedural steps to protect your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.
Potentiate protects the personal information it collects in a secure database stored by our third party data storage provider.
We have security measures in place to prevent unauthorised access to our data. Some of the steps we take include:
- Our servers are housed in one of Australia’s most secure data centres where identification and access keys are required for access and where professional security staff are on site 24/7.
- We transmit our data using encryption protocols.
- Access to our services is controlled in two ways - password based authentication and network firewall settings.
- Layer controls are designed to prevent other customers from accessing data that is private.
- A limited number of staff at Potentiate are authorised to access the data.
Potentiate employees are required, as a condition of their employment, to treat personal information held by Potentiate as confidential, and to maintain the confidentiality of that personal information. They are also required to use a login and password when accessing Potentiate systems and to undertake training about how to manage personal information.
What are the purposes for which Potentiate may collect, hold, use and disclose personal information?
Generally, Potentiate only uses personal information for the primary purpose for which we have collected it, or for another closely related secondary purpose. Our potential uses of personal information which Potentiate collects (and for which you consent to us using your personal information for) may include:
- Managing your dealings with us as a member of a database/service where Potentiate host and manage.
- Receiving information on opportunities to participate in offers and surveys.
- So that we can promote our products and services to you;
- To assist in identifying ways in which we can provide you with a better service, or enhance your experience of our website or other services.
- For business research and development of new products and services.
- To facilitate the competitions, special offers and promotions that we or our partners run.
- Displaying content and advertising that are customised to your interests, preferences and experiences.
- Verifying your identity; so that we can respond to inquiries and complaint handling; and to comply with our legal and regulatory obligations and enforce our legal rights.
- To associate internet connected devices with anonymous, non-personally identifiable categories of information (audience segments) that can be used for online advertising. For example, you have a loyalty card for your favourite store. When you sign up, you agree to let the company collect data for marketing purposes. They use your shopping data and the email address you provide to associate you to various anonymous audience segments, like ‘sport enthusiast’, or ‘loves Thai food’. We work with companies to help them associate an internet connected device to those audience segments.
- To protect against or identify possible fraudulent transactions and login violation (e.g. password sharing, portal access from suspicious location and many more).
From time to time, there may be other purposes for which we collect, hold, use and disclose your personal information. We will tell you about these at the point of collection.
Our company uses the information we collect from research participants for research purposes only. This means that we use it to investigate the behaviour, needs, attitudes, opinions, motivations or other characteristics of people like you. We do this in order to provide information to our clients, government, commercial and not-for-profit organisations, that will assist them in making decisions about their products and services. Your input into these decisions is important, and the more people that participate, the more the results we obtain truly reflect the spectrum of Australian society.
If you participate in our research, we may ask for your name and contact details so that we can contact you about the research. However, our researchers are generally interested in the responses of large groups of people, rather than individuals. We typically combine the information collected from all the research participants to get an overall picture. This overall picture is then reported to our clients. Details that identify you are removed from your responses to the research once they are no longer needed for the research. However, while your information remains identifiable, you have the right to request access to, and/or correction or deletion of, any information about you held by our company. Potentiate uses aggregated data for research purposes and may share the data with third parties.
Who might Potentiate disclose my personal information to?
Potentiate may disclose personal information it collects about you for a variety of purposes in connection with Potentiate providing its products, services and offers to you (including to our agents, contractors, to a related company of Potentiate or direct marketing agencies). Potentiate may provide your personal information to:
- Organisations who are involved with or participating in an offer (for example, our client who is making the offer available via Potentiate) or providing a Reward (including Merchants).
- Other companies or individuals Potentiate engages to perform functions on behalf of Potentiate such as for production functions, mailing of information or Rewards or other gifts/ offers/ prizes, printing functions, data analysis, data washing, telemarketing, research, and advertising.
- To other Potentiate companies and their contractors (such as data management providers). Potentiate companies include Sampleworx, The Number Tub, Integrated VoIP Solutions, Potentiate Japan, Potentiate Malaysia and any entities that may in future become part of the Potentiate group of companies or in which Potentiate may have an interest.
- Potentiate may disclose your personal information to these entities for the purposes of, for example, ensuring that information collected is accurate, complete and up-to-date, producing anonymised and aggregated information for the benefit of other Potentiate companies, and enabling us and other Potentiate companies to better understand and meet your needs and interests.
Otherwise, Potentiate will only disclose your personal information:
- Where we are required to do so by law.
- If the disclosure is permitted under the Privacy Act 1988 (Cth) or
- If you have consented to the disclosure.
Does Potentiate disclose personal information to overseas recipients?
Some of the recipients to whom we may disclose personal information may be located overseas, most likely in Japan, Malaysia and New Zealand. For example, from time to time we disclose personal information to our related company, Potentiate Japan and Potentiate Malaysia.
What happens if Potentiate does not collect my personal information?
Potentiate will not make it mandatory for you to provide personal information to us unless such personal information is necessary in order for Potentiate to provide a product/service or otherwise achieve the desired outcome. Potentiate may however request that you provide personal information voluntarily to Potentiate (for example, as part of a competition or questionnaire).
Potentiate will allow you to deal with it anonymously or using a pseudonym wherever that is reasonable and practicable.
WHAT ARE COOKIES AND OTHER TRACKING TECHNOLOGIES AND HOW DO WE USE THEM?
The Potentiate group websites (potentiateglobal.com, sampleworx.com.au, thennumbertub.com.au, integratedvoip.com.au, logineye.com.au) may use various tracking technologies, including without limitation cookies, embedded scripts, e-tags/cache browsers, web beacons, tokens, device fingerprinting, web analytics and other clickstream technology.
We may use tracking technologies for a variety of purposes, including:
Analytics and Performance-Related
- To determine the number of visitors to our website and to identify how visitors move around the site and, in particular, which pages they visit. This allows us to improve our website and our services.
- To determine from where in the world our website is being visited so that we can ensure sufficient coverage.
- To collect information, where available, about your computer or mobile device for system administration purposes, such as your IP address, operating system and browser type.
We may use tracking technologies to tell us, for example, whether you have visited the website before or if you are a new visitor and to help us identify the features in which you may have the greatest interest.
To the extent that the Potentiate group websites contain links to sites operated by third parties and not related to Potentiate products, services or events (Linked Websites), the Linked Websites are not controlled by Potentiate.
We may collect personal information from the Potentiate group websites and Linked Websites. However, we are not responsible for the privacy practices of those companies. Before disclosing your personal information to Linked Websites, we advise you to examine their privacy policies.
YOUR COOKIE CHOICES AND HOW TO OPT-OUT
Even though we take your privacy seriously, we understand that you may still prefer to opt-out. To opt-out, please refer to the below opt-out instructions.
- Most browsers are initially set up to accept HTTP cookies. The “help” feature of the menu bar on most browsers will tell you how to stop accepting new cookies, how to receive notification of new cookies, and how to disable existing cookies. For more information about HTTP cookies and how to disable them, you can consult the information available here.
- Controlling the HTML5 local storage on your browser depends on which browser you use. For more information regarding your specific browser please consult the browser’s website (often in the Help section).
- For more information about Flash “cookies” or local storage objects or LSOs, and how to disable them, you can consult the information provided here.
- Please note, however, that without HTTP cookies and HTML5 and Flash local storage, you may not be able to take full advantage of all our online services features and some parts of the online services may not function properly.
Regular cookies may generally be disabled or removed by tools that are available as part of most commercial browsers, and in some but not all instances can be blocked in the future by selecting certain settings. Please be aware that if you disable or remove cookies or HTML5 cookies on your device, some parts of our online services may not function properly, and that when you revisit our online service your ability to limit cookies is subject to your browser settings and limitations.
Web beacons or similar technologies may be used for a number of purposes, including to count visitors to the online service, to monitor how users navigate the online services, to count how many e-mails we sent that were actually opened, or to count how many particular articles or links were actually viewed. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies. In contrast to HTTP cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence.
An embedded script is programming code that is designed to collect information about your interactions with the online service, such as the links you click on. The code is temporarily downloaded onto your device from our web server or a third-party service provider, is active only while you are connected to the online service, and is deactivated or deleted thereafter.
ETag, or entity tag
A feature of the cache in browsers, an ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. Used in this manner ETags are a form of device identifier. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and/or HTML5 cookies.
Device fingerprinting is a process by which a fingerprint of a connected device (desktop, tablet, smartphone, game console, etc) is captured when visiting a website.
This technology gathers a large number of data points from a respondent’s computer, such as operating system version, browser version, plug-in, etc. and assigns a relative weight to each data point. The data gathered is put through deterministic algorithms to create a unique digital fingerprint of each computer.
Device fingerprinting is mainly used for fighting fraud on website. It allows the service to recognize and flag a fraudster’s device when the name has been changed, cookies deleted and a proxy server used to hide the real location of the visitor.
Access and Correction
Under the Australian Privacy Principles, you have a right to request access to the personal information that Potentiate holds about you and seek its correction. You can request access by contacting our Privacy Officer.
Please include your contact details such as email address and telephone number and enclose a copy of a form of identification such as a current driver's licence or passport. We will not charge you for making such a request but will let you know if there is a cost for supplying you with access to or correcting the personal information. We aim to respond to requests for access or correction within 30 days. There are certain situations under the Australian Privacy Principles where we may refuse to provide you with access to or correct your personal information but we will always let you know in writing if this is the case.
Complaints and how to contact our Privacy Officer
Our Privacy Officer can be contacted by:
- E-mail at firstname.lastname@example.org
- Facsimile on (02) 9437 4499
- Letter to 347 Pacific Highway Artarmon NSW 2064
We will always endeavour to investigate your complaint and respond to you as soon as practicable after receipt, generally within 30 days. If you are not satisfied with our response, you may refer the matter to the Office of the Australian Information Commissioner.