AirTrunk Operating Pty Ltd ACN 612 044 283 and its related entities (we, our, us) recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our privacy policy (Policy) and it tells you how we collect, use, manage and disclose your personal information.

This Policy applies to any individual (you) whose personal information we may collect, use, manage and disclose, including our employees, agents, contractors, external consultants, third-party representatives, suppliers, business partners, customers, visitors to our premises and any individual who may use our products or services or interact with us.

We respect your rights to privacy under the Privacy Act 1988 (Cth), the Hong Kong Personal Data (Privacy) Ordinance and the relevant data protection legislation as set out in the applicable country-specific addendum to this document (Data Protection Legislation), and we comply with all of the Data Protection Legislation’s requirements in respect of the collection, use, management and disclosure of your personal information.

Depending on the country in which your personal information is being collected, used, disclosed or processed by us, different country-specific addendum may apply. If your personal information has been collected, used or disclosed by us in a particular country, you should check if there is a country-specific addendum applicable to you and the terms of the collection, use, disclosure and processing of your personal information. The terms set out in these addenda are in addition to the terms set out in this Policy and form an integral part of this Policy.

What is your personal information?

When used in this Policy, the term “personal information” or “personal data” has the meaning given to it in the Data Protection Legislation. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

What personal information do we collect and hold?

We may collect the following types of personal information:

  • name;
  • mailing or street address;
  • email address;
  • telephone number;
  • facsimile number;
  • age or birth date;
  • profession, occupation or job title;
  • biometric data such as fingerprints;
  • facial images and movement data;
  • health and safety information including vaccination status and other COVID-19 related information such as negative COVID-19 test;
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or otherwise; and
  • information you provide to us through our service centre, customer surveys or visits by our representatives from time to time.

Some of the above information may be sensitive personal data relating to racial, or ethnic origin, political opinions, or affiliations, religious or philosophical beliefs, sexual orientation or preferences, criminal records, health information or, in some cases biometric data. We may collect sensitive personal data only if required or permitted by law.

How do we collect your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:

  • through your access and use of our website;
  • during conversations between you and our representatives;
  • through any visits you make to our premises; or
  • when you complete an application or purchase order.

We may also collect personal information from third parties including:

  • credit reporting agencies, law enforcement agencies and other industrial or government entities;
  • advertisers, mailing lists, recruitment agencies, background check service providers, contractors and business

Cookies

In some cases, we may also collect your personal information through the use of cookies. When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of products or services you view so that, if you consent, we can send you news about those products or services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online products and services. If you do not wish to receive cookies, you can amend the settings of your browser so that your computer does not accept them.

We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users’ movements, and gather broad demographic information.

Why do we collect, hold, use and disclose your personal information?

We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service.

We collect, hold, use and disclose your personal information for the following purposes:

  • to provide products and services to you and to send communications requested by you (including via email, mail, SMS or telephone) and to update you with news, information or advice about our existing and potential new products and services;
  • to answer enquiries and provide information or advice about existing and new products or services;
  • to permit access to any of our premises as part of our security and health and safety measures;
  • to provide you with access to protected areas of our website;
  • to assess the performance of the website and to improve the operation of the website;
  • to conduct business processing functions including providing personal information to our related entities, contractors, service providers or other third parties as permitted by applicable law;
  • for our administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes, or those of our contractors or external service providers;
  • to provide your updated personal information to our contractors or external service providers as permitted by applicable law;
  • to update our records and keep your contact details up to date;
  • to analyse our services and customer needs with a view to improving our services and developing new services;
  • to process and respond to any complaint made about, or by, you or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are, or have been, engaged in any unlawful activity; and
  • to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any

Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, depending on the context in which the personal information is being collected:

  • we may not be able to provide you with the requested information, products or services;
  • we may not be able to progress our business relationship with you or make payments to you (as the context may require);
  • we may not be able to give you access to our premises; or
  • we may be unable to tailor the content of our websites to your preferences and to help you efficiently navigate and use our website.

To whom may we disclose your information?

We may disclose your personal information to:

  • our employees, related bodies corporate and other related entities, contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
  • suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes;
  • any organisation for any authorised purpose with your express consent;
  • the police, any relevant authority or enforcement body, your internet service provider or network administrator, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary or required or permitted by any law.

We may combine or share any information that we collect from you with information collected by any of our related bodies corporate or other related entities (inside or outside Australia).

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, to the extent permitted by applicable law, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

We do not provide your personal information to other organisations for the purposes of direct marketing unless expressly consented by you.

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality, as permitted by applicable law. If that happens, we will give you written reasons for any refusal.

If you believe that personal information that we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then, as permitted by applicable law, we will add a note to the personal information stating that you disagree with it. Where required by applicable law, we will give you written reasons for any refusal to comply with such request.

What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it.

We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

Do we disclose your personal information to anyone outside Australia?

We may disclose personal information to our related entities and third party suppliers and service providers located overseas for some of the purposes listed above.

We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations and applicable law relating to your personal information.

We may disclose your personal information to entities located outside of Australia, including the following:

  • our related entities, located in Singapore, Hong Kong, Japan and any other location listed on our website from time to time;
  • our data hosting and other IT service providers, located in Singapore, Hong Kong, Japan, Amsterdam and United States; and
  • our third parties service providers located in Singapore, Hong Kong, United States of America, United Kingdom, India, South Korea, Japan, Canada and Ireland.

Security

We take reasonable steps to ensure your personal information is protected from misuse, loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed.

As our website is linked to the internet, and the internet has inherent security risk exposures, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.

Contacting us

If you have any questions about this Policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please use the contact link on our website or the details set out below.

We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your requests or complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in timely and appropriate manner.

Please contact our Privacy Officer at:

NamePositionContact details
Lisa ChengChief Legal OfficerAddress: Suite 2, Level 11, 1 Pacific Highway North Sydney NSW 2060

Email: legal@airtrunk.com

 

Changes to our Policy 

We may update this Policy from time to time. Any updated versions of this Policy will be posted on our website. Please review it regularly.

This Policy was last updated on 26 October 2021.

Singapore Addendum

This addendum to the AirTrunk Privacy Policy applies to you if your personal data is being collected, used, disclosed or processed by us in Singapore. The terms set out in this Singapore Addendum are in addition to the terms set out in the AirTrunk Privacy Policy and form an integral part of the AirTrunk Privacy Policy.  In the event of any conflict or inconsistency between the AirTrunk Privacy Policy and the terms of this Singapore Addendum, this Singapore Addendum shall govern and prevail.

We respect your rights to privacy under the Personal Data Protection Act 2012 (No. 26 of 2012) (the PDPA) and we comply with all of the PDPA’s requirements in respect of the collection, use, and disclosure of your Personal Data.

Definitions

For the purposes of this Singapore Addendum:

  • Personal Data” means data, whether true or not, about an individual who can be identified: (1) from that data; or (2) from that data and other information to which the organisation has or is likely to have access; and
  • process”, “processed” and “processing” means the carrying out of any operation or set of operations (whether or not by automatic means) in relation to Personal Data and includes collection, generation, creation, recording, organization, storage, adaption or alternation, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Direct marketing materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Control Act (Cap 331A of Singapore). We will obtain your express consent for the purpose of sending you those direct marketing communications by any of those methods.

We do not provide your personal information to other organisations for the purposes of direct marketing unless expressly authorised by you.

Do we disclose your Personal Data to anyone outside Singapore?

We may disclose Personal Data to our related entities and third party suppliers and service providers located outside Singapore for one or more of the purposes set out in the AirTrunk Privacy Policy above.

We will only transfer your Personal Data to an overseas party, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any Personal Data being processed and will ensure that overseas recipients of your personal data are legally bound to provide a standard of protection for your personal data comparable to the protection under the PDPA.

Data retention

We will cease to retain your Personal Data when the purposes for which we collected your Personal Data have ceased and/or when we are no longer required to continue retaining your Personal Data for any legal or business purposes.

Withdrawal of consent

You can withdraw your consent at any time by contacting our Data Protection Officer at the contact details set out under the section “Contacting Us” above. The withdrawal of consent may result in the consequences set out under the section “What happens if we can’t collect your personal information?” in the AirTrunk Privacy Policy above.

Japan Addendum

This addendum to the AirTrunk Privacy Policy applies to you if your personal data is being collected, used, disclosed or processed by us in Japan. The terms set out in this Japan Addendum are in addition to the terms set out in the AirTrunk Privacy Policy and form an integral part of the AirTrunk Privacy Policy.  In the event of any conflict or inconsistency between the AirTrunk Privacy Policy and the terms of this Japan Addendum, this Japan Addendum shall govern and prevail.

Data transfers

A. Sensitive Information

We will only collect and/or transfer your sensitive personal information with your specific prior consent.

B. Transfers within Japan

If you object to our transfer of your personal information to third parties in Japan as outlined in the AirTrunk Privacy Policy above, please notify us promptly in writing to the Privacy Officer; in the absence of such objection you will be deemed to have consented to any such transfer.

C. Offshore Transfers

We will only transfer your personal information to an entity out of Japan:

  • with your consent and after providing you with information to make an informed decision; or
  • without your consent to an entity either (i) in a country which has been approved by the Personal Information Protection Commission as having data protection regulations equivalent to Japan’s or (ii) which has implemented equivalent data protection standards to those in Japan; we will provide you with information on the equivalent data protection standards if you request and monitor the third party’s compliance with them.

Your rights

On your request we will:

  • disclose to you any of your personal information we hold;
  • revise, correct, amend or delete any such personal information;
  • cease to use the personal information if it is used for a purpose other than the one originally notified to you; and
  • provide you with access to our records of the transfer of your personal information to third parties.

Please note that the rights above do not apply in certain circumstances, for example:

  • the information would be deleted within 6 months of collection;
  • the request is unreasonable or costly or difficult to comply with; and
  • it would cause a material interference with our business.

If we are unable to comply with a proper request from you, we will notify you and provide the reasons why we can’t comply.