Privacy Policy

Purpose

At Wholesale Horticultural Group Pty Ltd (WHG or our, us or we), we recognise the importance of privacy and understand your concerns about the security of the personal information you provide to us.

We comply with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth), and the Information Privacy Principles (IPPs) as set out in the Privacy Act 2020 (NZ) (collectively, the Privacy Acts), which detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.

Scope

This Privacy Policy describes how WHG collects and processes your personal information. By submitting your personal information to WHG, you acknowledge that you have read and understood, and agree to the use of your personal information in accordance with this Policy. We reserve the right to revise this Policy or any part of it from time to time. Please review the Policy periodically for changes.

Definitions

In Australia, Personal Information – means information and/or an opinion (including information or opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual who is identifiable, whose identity is apparent, or whose identity can reasonably be ascertained, from the information or opinion.

Sensitive Information – a sub-set of personal information, includes information or an opinion about (for example) an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.

In New Zealand, Personal Information – means information about an identifiable individual.

What personal information we collect and hold

WHG will only collect personal information by lawful and fair means, in accordance with the Privacy Acts.

WHG only collects personal information for purposes which are reasonably necessary for, or directly related to our business functions, the provision of our goods and services, and other activities as permitted under the Privacy Acts. This includes:

  • When you contact us asking for information on our goods and services;
  • When you ask to be on an e-mail or mailing list relating to our business, goods and services; and
  • When you place an order for our goods and services, and for activities related to that transaction.

The kinds of personal information that we commonly collect and hold from you or about you include your name, address, email address and payment details etc.

When you browse our website, or contact us electronically, we also automatically collect your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Generally, we do not collect sensitive or health information. However, we may collect sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law (for example, where we have received your consent).

You have the option of not identifying yourself or of using a pseudonym when dealing with us, unless the use of your true identity is a legal requirement or necessary to complete the enquiry or transaction.

How we collect personal information

We aim to collect personal information only directly from you unless it is unreasonable or impracticable for us to do so. For example, we collect personal information from you or about you from:

  • interaction with us when you obtain a service;
  • correspondence, including emails, letters and telephone calls;
  • when you participate in WHG’s contests, programs or promotions;
  • application forms and contracts that you submit to us; and
  • your activity on our website.

In limited circumstances we may receive personal information about you from third parties (eg. associated businesses and referrers). Where we obtain personal information about you from third parties, we will inform you.

WHG will ensure that all unsolicited personal information will be afforded the same privacy protection as solicited personal information.

Where unsolicited personal information is received:

  • we will assess whether we could have collected the information directly from you, and
  • If not, then we will destroy or remove identifying components in the information as soon as practicable, but only if lawful and reasonable to do so.

Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities. For example, we collect, hold, use and disclose your personal information as necessary to provide our goods and services to you or your organisation.

When you provide us with personal information to register an account, we imply that you consent to our collecting it and using it in accordance with this Policy.

WHG will notify you whether the giving of the personal information is compulsory or voluntary for WHG’s primary purpose for collection.

If we do not collect, hold, use or disclose your personal information, or if you choose not to provide certain personal information to us or do not consent to our collection, holding, use or disclosure of your personal information, we may not be able to provide you with the goods or services you have requested us to provide. On our website, you may not be able to access certain parts or the full functionality of our website.

We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, fraud checks, payment gateways, providing you with information about other goods and services offered by us, marketing and promotions, market research, warranty work, statistical collation, and website traffic analysis.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

We may also collect, hold, use and disclose your personal information in circumstances that are required or permitted by law, where that is necessary for us to comply with our legal obligations.

How we hold and store personal information

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed. The measures we take include:

  • storing personal information held on paper in locked offices in secure premises;
  • protecting personal information electronically, including credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards; and
  • where we disclose personal information to third parties, our contractual arrangements with those third parties contains specific privacy requirements.

How we use personal information

We generally use your personal information for the purposes described in this Policy, and for related purposes.

If you have agreed or asked, we may also use your personal information to keep you up to date with information about our business, new goods and services, and other company updates. If you do not want us to use your personal information in this way or send you any further information, you can always let us know by contacting us through the contact details given below.

WHG may disclose and transfer your personal information to IT providers, subcontractors and other third-party service providers that assist with the operation of the website, or with the delivery of goods, provision of services, or the performance of associated activities.

We may disclose your personal information to law enforcement authorities or other government officials, only when permitted or required by law or by legal process (eg. when necessary to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or illegal activity).

If our business is acquired or merged with another company, your personal information may be transferred to the new owners so that we may continue to sell our goods to you.

Destruction and De – identification

WHG takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. The measures taken to protect personal information include password protection for accessing our electronic information, paper files being in locked cabinets, access restrictions and conducting staff training on how to protect personal information we hold.

We will retain your personal information while it is required for any of our business functions or for any other lawful purpose. When the personal information that we collect is no longer required, we use secure methods to destroy or permanently de-identify your personal information.

The following staff members have access to relevant employee records on a need-to-know basis:

  • Directors
  • Managers and/or supervisors
  • Staff involved in the recruitment and selection process
  • Human Resources staff.

Overseas disclosure

Our business is affiliated with other businesses located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients, particularly where we have identified commercial opportunities that may benefit you. However, we will only do so where:

  • In the Australian context:
  • it is necessary to complete the transaction you have entered into; and
  • you have provided consent; or
  • we believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
  • it is otherwise permitted by law.
  • In the New Zealand context:
  • the overseas recipient is subject to the New Zealand Privacy Act as they do business in New Zealand;
  • the overseas recipient will adequately protect the information;
  • the overseas recipient is subject to privacy laws that provide comparable safeguards to the New Zealand Privacy Act;
  • you have provided consent; or
  • it is otherwise permitted by law.

Our overseas affiliates are located in New Zealand and Australia.

The use of cookies

When you browse our website, contact us electronically, or engage with us on social media, we may also record geographical tagging, cookies, your IP address and statistical data from your activity. We may use your personal information to customise and improve your user experience on our website and other social media platforms. By using our website, you agree that we can record this information from your device and access them when you visit the website in the future.

If you want to delete any cookies that are already on your computer, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Please note that by deleting cookies or disabling future cookies you may not be able to access certain areas or features of our website or experience the full functionality of our website.

Our website may also contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any personal information which you provide whilst visiting such sites and such sites are not governed by this Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.

Here is a list of cookies that we use. We have listed them here so you that you can choose if you want to opt-out of cookies or not.

  • _session_id, unique token, sessional, allows us to store information about your session (referrer, landing page, etc).
  • _visit, no data held, Persistent for 30 minutes from the last visit, used by our website provider’s internal stats tracker to record the number of visits.
  • _uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
  • cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
  • _secure_session_id, unique token, sessional.
  • wholesale_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

Employee records

The purpose of employee records is to have applicant and personnel records and to maintain current and past employee information for business and employment related purposes, or where authorised or required by law.

The purpose of keeping records on candidates for employment is to allow WHG to assess the suitability of candidates for employment.

The information in these files may include:

  • Application(s) for employment, including the applicant’s name, resume, statement addressing the criteria and referee reports
  • Any tasks undertaken by the candidate during the selection process
  • Notes from the interviewer/s during the selection process
  • Contact details for the applicant and their referees.

The personal information in these files relates to the employee and may include:

  • Application(s) for employment, including the employee’s resume, statement addressing the criteria and referee reports
  • Any tasks undertaken by the employee during the selection process
  • Notes from the interviewer/s during the selection process
  • The employee’s employment contract and other records relating to their terms and conditions of employment
  • Proof of citizenship or passport details to verify proof of ability to work in Australia or New Zealand
  • Copies of academic qualifications and/or confirmation of these qualifications from the issuing body
  • Records of banking, tax and superannuation accounts and identification numbers
  • Records relating to the employee’s salary, benefits and leave
  • Medical certificates or heal related information supplied by an employee or their medical practitioner, including pre-employment medicals
  • Contact details for employee and next of kin
  • Superannuation contributions
  • Information relating to the employee’s training and development
  • Checklists to ensure all applicable information has been received and complied as required

WHG generally collects personal information directly from employees and applicants but may also collect personal information from other sources such as recruitment agents and personnel providers.

Subject to the Privacy legislation, employee records may be stored and processed by us for the following reasons:

  • Recruitment and selection information: we collect this to evaluate applications for employment and make decision in relation to selection employees, we conduct identity checks, right to work checks. This assists us to make job offers, provide employment contracts, and prepare you for your upcoming employment if you accept an offer from us. We also require personal details at this stage to help with identification.
  • Ongoing management of your employment including remuneration and benefits information, leave and absence information, performance management and other such information: we collect this to manage and maintain HR and employment records, to provide remuneration, benefits, pensions, to make appropriate tax and national insurance deductions and contributions, to identify and communicate with you, to manage performance and progress as well as training, development, promotions and manage grievances, allegations (e.g. whistleblowing, harassment), complaints, disciplinary processes. We may also use this information to process and manage absences and manage payments in relation to those absences.
  • Responding to legal and regulatory requests: we will at all times comply with lawful requests by public authorities or otherwise required or authorised by applicable laws, court orders, government regulation or other regulatory authorities such as tax and employment authorities.

WHG does not give personal information held in these files to other agencies, organisations or anyone else without the consent of the individual, unless the individual would reasonably expect or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.

Data quality Request for access and correction

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.

When you request access to the personal information we hold about you, or request that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Acts or other relevant law to withhold the information and/or not make the changes.

In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please contact us.

WHG will provide you with written notice if we refuse to correct the personal information as requested by you. The written notice will set out:

  • the reason for refusal (unless this would be unreasonable);
  • the mechanisms available to complain about the refusal; and
  • any other matter prescribed by regulation.

WHG will respond to a correction request within a reasonable period. We will not charge for making the request, for correcting the information, or for associating any statement with the personal information.

To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

Current and past employees’ personnel files are exempt from the Australian Privacy Act and therefore are not accessible to the individual, however, should correction of the information contained in the personnel files be required the new information needs to be supplied to the Human Resources Department in the required format.

Data breaches

If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after the suspected breach has occurred. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected individuals as soon as practicable after becoming aware that a data breach has occurred. If the breach has occurred in New Zealand, we will attempt to notify the New Zealand Privacy Commissioner within 72 hours of the data breach occurring.

Complaints and concerns

We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Acts, the APPs and the IPPs. We will respond to your complaint in accordance with the relevant provisions of the APPs and IPPs. For further information, please contact us.

Contact

If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information about our Privacy Policy contact us at:

WHOLESALE HORTICULTURAL GROUP Pty Ltd

Privacy Policy Privacy Officer: Ian Lindsey

3 Legacy Road EPPING VIC, 3076 AUSTRALIA

Telephone: 0447 710 417

E-mail: ian@whg.net.au

Last updated: September 2022