Your privacy is important to us. It is STASH PROPERTY UNIT TRUST’s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website,https://stashproperty.com.au, and other sites we own and operate.
Personal information is any information about you which can be used to identify you. This includes information about you as a person (such as name, address, and date of birth), your devices, payment details, and even information about how you use a website or online service.
This policy is effective as of 19 March 2021.
Last updated: 20 September 2022.
- when you submit a contact or enquiry form on our website, send us an email or otherwise contact us;
- when we discuss our services and/or fees with you;
- in the course of your access to Stash (if you are a Stash customer or an officer or employee of a Stash customer);
- when you sign up to receive updates from us via email or social media channels;
- when you enter any of our competitions, contests, sweepstakes and surveys;
- when you mention us on social media;
- in order to supply our services to our customers; or
- in connection with your application to work with us, and before, during and after your working relationship with us (if you are an employee or contractor of Stash).
1.2 You can read more about Stash, our services and fees on our website.
2. Personal Information
3. The types of personal information we collect and hold
3.1 If you subscribe to Stash, we will collect your first and last names, position, email address, phone number, mobile telephone number, address, employer/business name and the content of any contact and enquiry forms, emails or other correspondence you submit to us on our website or otherwise.
3.2 If you make any enquiry with us about any potential goods or services that you or your company may wish to acquire from us, we will collect your contact details, the content of telephone calls that we have with you and the information you include in any emails to us, or enquiry forms on our website.
3.3 If personal information about you is included in the data and services that we supply to our customers, we will collect your contact details from third party data providers and databases, for the purposes of processing and supplying it as part of the data and/or services that we supply to our customers.
3.4 If you have submitted an application to be employed by us, have submitted an expression of interest to be engaged by us, or you are currently or have previously been employed or engaged by us, we will collect your contact details and other information included in your CV and/or any expression of interest to us. We will collect any personal information that you provide to us during any meetings or interviews, or that we receive in the course of undertaking reference, background and/or criminal record checks about you. In the course of your employment or engagement with us, we may collect your tax file number, Australian Business Number, marital status and dependents, next of kin emergency contact information, bank account and superannuation details, salary, annual leave and benefits information, start date, end date, reasons for leaving, locations of employment, copy of identification, employment records (including job titles, work history, leave entitlements, working hours, holidays, training records and professional memberships), compensation history, performance information, health information, disciplinary and grievance information, CCTV footage and information about your use of our information and communications systems.
4. How we collect personal information
- Our policy is to not collect personal information by means that are unfair or unreasonably intrusive. We only collect personal information that is necessary to provide, promote and operate our business.
- We will not collect information about you from third-party sources, except as required to supply our services to our customers. The data that we obtain from third-party sources is used by us to provide the functionality of Stash. Some of the data that we obtain from third-party sources includes personal information. Some of that data that is not personal information may become personal information when combined with other data.
5. How we use personal information
We may use your personal information for the following purposes:
- to contact you when you make an enquiry about Stash or our services;
- to promote our services to you (if you are an existing or potential Stash customer);
- to setup an account for you on Stash when you subscribe to Stash;
- to provide and manage the delivery of Stash and its functionality;
- when conducting research and development of Stash;
- to carry out security audits, investigate security incidents and implement security processes and procedures that require access to the personal information that we hold about you;
- to handle complaints;
- to verify your identity when you make an enquiry with us;
- in order to operate and grow our business;
- to facilitate and process your subscription;
- to respond to your queries;
- to seek your feedback in relation to Stash functionality;
- to improve Stash and its functionality; and
- to comply with our legal and statutory obligations.
6. Disclosure of personal information
6.1 We will also use and disclose personal information that we collect to third parties as follows:
- for the purposes of third-party service providers providing contracted services to us, including research and development, IT support, sales, marketing, mailing or transmission of documentation or communication to you and third parties on your behalf electronically or physically, and for security, banking, payroll, payment processing, enforcing your compliance with contracts between you and us, criminal background checks, credit reporting and data storage;
- when providing a Stash subscriber with the functionality of Stash;
- in order to host databases that are integrated into the services, we engage reputable hosting providers who host those databases on our behalf;
- when performing contracts, we may outsource certain obligations to third-party contractors in accordance with our contractual rights (such as hosting, software development and other professional services). Services carried out by them may require access to an individual’s personal information or to our databases;
- when carrying out direct marketing calls and emails by our staff or those engaged on our behalf to market our services or to discuss your experience with us. All individuals will be given the opportunity to ‘opt out’ of any direct marketing communications;
- when providing information to our legal, accounting or financial advisors/representatives or insurers, or our debt collectors for debt collection purposes or when we need to obtain their advice, or where we require their representation in relation to a legal dispute;
- where a person provides written consent to the disclosure of their personal information;
- where it is brought to our attention that specific personal information needs to be disclosed to protect the safety or vital interests of any person;
- if we are contacted by any person, for security purposes, we will discuss the personal information that we hold about them with them after they have identified themselves accurately;
- to avoid prejudice to the maintenance of the law by any public sector agency, including the prevention, detection, investigation, prosecution, and punishment of offences;
- for the enforcement of a law imposing a pecuniary penalty;
- for the conduct of proceedings before any court or tribunal (being proceedings that have been commenced or are reasonably in contemplation);
- to perform the contract that we have entered into with you; or
- where required by law.
7. How we hold and secure personal information
7.1 We hold and store personal information that we collect in our offices, computer systems and third-party owned and operated hosting facilities.
7.2 In particular:
- we engage hosting facilities operated by reputable hosting providers;
- personal information that is provided to us via email is held on our servers or those of our cloud-based email providers which have restricted access security protocols;
- we use third-party owned cloud-based customer relationship management (CRM) and marketing platform providers to hold personal information;
- personal information is held on computers and other electronic devices in our offices and at the premises of our personnel; and
- we hold personal information that is provided to us in hard copy in files and folders in secure locations.
7.3 We take reasonable steps to protect the personal information that we hold using such security safeguards as are reasonable in the circumstances.
7.4 We have implemented and administer appropriate internal processes and management to protect personal information from loss, misuse or interference from unauthorised access, modification or destruction, which includes, but is not limited to:
- only using reputable hosting providers to host personal information;
- implementing security systems;
- implementing computer and network security measures such as passwords in our computer systems;
- maintaining physical security measures on our premises such as door locks;
- requiring our employees, agents and contractors to comply with privacy and confidentiality provisions in their employment and subcontractor agreements that we enter into with them; and
- destroying and/or de-identifying personal information where we deem your personal information is no longer necessary or where we are otherwise required to do so under applicable law.
7.5 While we will take all reasonable precautions to protect your personal information, transmission of your personal information online, including via email, is not always secure. As a result, if you are concerned about the security of the contents of your email or the online transmission of your personal information, you are more than welcome to contact us by telephone or in person.
8. Third-party websites
8.1 Stash may include links to third-party websites which are owned or operated by other parties. Our linking to those websites does not mean that we endorse or recommend them. We do not warrant or represent that any third-party website operator complies with applicable data protection laws. You should consider the privacy policies of any relevant third-party website prior to sending personal information to them.
9. Interacting with us without disclosing personal information
9.2 You have the option of not identifying yourself or using a pseudonym when contacting us to enquire about our services, but not if you wish to actually become a Stash subscriber or apply for a job with us. It is not practical for us to supply you with our services if you refuse to provide us with your personal information.
10. Offshore disclosure
10.1 We may transfer personal information to our contractors and service providers who assist us with the supply and provision of Stash and/or our website, and to assist us with the operation of our business generally, where we consider it necessary for them to provide that assistance. We will take reasonable steps to ensure that such recipients do not breach the APPs in relation to personal information or other relevant State and Territory laws (as applicable). At present we transfer your personal information to our interstate contractors and service providers within Australia but we do not currently use offshore contractors or service providers.
11. How to access and correct personal information held by us
11.1 Please contact us if you wish to access and correct personal information that we hold about you.
11.2 It is our policy to retain personal information in a form that permits identification of any person only as long as is necessary for the purposes for which the personal data was collected; and for any other related, directly related or compatible purposes if and where permitted by applicable law.
11.3 As an alternative to deleting personal information, we may elect to de-identify it where permissible by law.
11.4 We will handle all requests for access to personal information in accordance with our statutory obligations. We may require payment of a reasonable fee by any person who requires access to their personal information that we hold, except where such a fee would be contrary to applicable law. We will not charge you for the making of any such request. We will endeavour to provide a response to any request for access to personal information within 72 hours from the time a request is made.
12. Our contact details
12.1 Any person who wishes to contact us for any reason regarding our privacy practices or the personal information that we hold about them, or make a privacy complaint, may contact us as follows:
Contact: Privacy Officer
12.2 We will endeavour to resolve any privacy complaint with the complainant within a reasonable time frame given the circumstances. This may include working with the complainant on a collaborative basis or otherwise resolving the complaint.
13. Privacy Complaints
13.1 If you are not satisfied with the outcome of a complaint or wish to make a complaint about a breach of the Australian Privacy Principles, you may refer the complaint to the Office of the Australian Information Commissioner, who can be contacted using the following details:
Telephone: 1300 363 992
Address: GPO Box 5218, Sydney NSW 2001