11 October 2022
SAS Group is bound by the Privacy Act 1988 (Cth) (Privacy Act) as amended, including the Australian Privacy Principles (APPs). The APPs are designed to protect the confidentiality of information and the privacy of individuals by regulating the way personal information is collected, used, disclosed and managed. Personal information is, generally speaking, information or an opinion relating to an identified, or reasonably identifiable, individual, whether the information is true or not and whether the information is recorded in a material form or not.
Why do we collect personal information?
We collect personal information for a number of purposes connected with our activities and operations, including to develop, provide and improve our services, for verification purposes, to understand and meet the needs and requests of individuals we engage with and to meet our legal obligations.
What personal information do we collect and how do we collect it?
The type of personal information we collect may include contact information (eg name, email address, postal address, company information, and other profile information), comments, preferences, feedback, device identifiers and user data (see Cookies, Analytics and Advertising).
We collect personal information in a number of ways, including directly from you, and when you provide it to us or our agents, contractors or distributors. For example, we will collect your personal information if you:
- use our services,
- provide feedback to us,
- submit an enquiry,
- respond to a promotion by submitting your details,
- participate in a survey or competition,
- apply for employment with us,
- participate in our governance activities,
- provide services to us,
- use our website, or
- otherwise engage with SAS Group.
Personal information may be collected by way of:
- phone conversations,
- forms filled out by individuals (including via online forms),
- support requests,
- surveys, competitions,
- online user-generated content,
- market research,
- video conferencing,
- face-to-face meetings and
We may supplement the information we receive from you with information from third party sources such as our distributors, licensees and service providers.
Sometimes our activities require us to collect sensitive information. For more details, see the section ‘Sensitive information is subject to greater restrictions’, below.
Cookies, Analytics and Advertising
A ‘cookie’ is a small file which contains a piece of text identifying your browser to our site.
In addition, SAS Group uses the Google AMP Client ID API to consolidate information on each unique visitor to their many interactions with our website. This consolidated information provides a more accurate picture of visitor journeys and use of our website. The Google AMP Client ID API assigns a unique randomly generated identifier to each visitor and uses this identifier to link all activity associated with that particular visitor.
You can find out more information on how Google uses data when you use SAS Group’s site at www.google.com/policies/privacy/partners/.
The unique device identifiers, web and mobile analytics data and cookies do not to collect or contain personally identifiable information such as your name, email address or phone number. However, we may collect information about the devices you use, including, hardware model, operating system, version and internet protocol (IP) address. In some circumstances an IP address could be linked to an individual. Your IP addresses, device identifiers and cookies may be collected or accessed by our third-party service providers.
You can manage how your browser and mobile device use data by adjusting your privacy and security settings in your browser and mobile device.
How might SAS Group use and disclose your personal information?
Generally, SAS Group may use and disclose your personal information for a range of purposes, including to:
- provide you and any of your Authorised User(s) with our services that you have requested;
- respond to your queries or feedback or provide client support;
- analyse and improve all aspects of our business including, but not limited to, our services and applications, our business systems, processes, outcomes, communication, website, engagement, advertising and performance;
- authenticate users to enable access to SAS Group’s systems;
- facilitate your participation in forums, social events and educational events; and
- consider employment or other engagement applications.
Your personal information may also be used so we can:
- provide you with any communications or publications in which we think you might be interested; and
- let you know about developments in our procedures, services, activities and programs that might be useful to you, by way of direct mail or telemarketing and (where you have opted in) by email, SMS or MMS. Recipients who no longer wish to receive such communications can request to be removed from the distribution list by following the unsubscribe instructions in the relevant email, SMS or MMS.
Disclosure of personal information to other parties
SAS Group may disclose your personal information to third parties such as external service providers (ie providers of services including website and data hosting, cloud storage, CRM, IT support, distribution of promotional and transactional communications, standards and other publications, surveys and feedback, market research and promotional activities, analytics and advertising, training, operational, organisational and management services), and government, statutory or regulatory bodies.
We do not sell or license your personal information to third parties.
Security and management of personal information
SAS Group will take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. The ways we do this include:
- limiting physical access to our premises;
- limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access);
- using a payment gateway for secure handling of your billing information;
- requiring any third-party providers to have acceptable security measures to keep personal information secure; and
- putting in place physical, electronic, and procedural safeguards in line with industry standards.
If we no longer require your personal information and are not legally required to retain it, SAS Group will take reasonable steps to destroy or permanently de-identify the personal information.
Accessing the information we hold about you
Under the APPs, you may be able to obtain a copy of the personal information that we hold about you. The APPs provide some exceptions to your rights in this regard. To make a request to access this information, please contact us in writing at the address listed below. We will require you to verify your identity and specify what information you require.
Updating your personal information
We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact SAS Group at the contact address set out below if you believe that the information we hold about you requires correction or is out-of-date.
Updates to this Policy
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may bring a complaint internally through our complaints process or you may decide to make a formal complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au) (which is the regulator responsible for privacy in Australia).
We will deal with complaints as follows:
Step 1: let us know
- If you would like to make a complaint, you should let us know by contacting our Managing Director (see below for contact details).
Step 2: investigation of complaint
- Your complaint will be investigated.
- A response to your complaint will be provided in writing within a reasonable period.
Step 3: contact OAIC
- We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:
|Office of the Australian Information Commissioner (OAIC)|
|Complaints must be made in writing.|
|1300 363 992|
|Director of Compliance |
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
SAS Consulting Group Pty Ltd
GPO Box 10605, Brisbane, QLD, 4000
Attention: The Managing Director
We will endeavour to respond to all complaints and correspondence promptly.