Privacy Policy

Introduction and Scope

This Privacy Policy explains how we collect, use, disclose, and protect personal information in accordance with the Privacy Act 1988 (Commonwealth) and the Australian Privacy Principles (APPs). As a retail solar installation company operating in New South Wales, we are committed to protecting the privacy and confidentiality of personal information entrusted to us by our customers, prospective customers, suppliers, employees, and other stakeholders [1].

This policy applies to all personal information collected, held, used, and disclosed by our organization in the course of our business operations, including solar system consultations, installations, maintenance services, customer support, marketing activities, and administrative functions. The policy covers personal information collected through all channels, including our website, telephone communications, email correspondence, face-to-face interactions, written documentation, and third-party referrals [2].

Our privacy practices are designed to ensure compliance with Australian privacy law while supporting our business objectives of providing exceptional solar installation services and maintaining strong customer relationships. We recognize that privacy protection is not merely a legal obligation but a fundamental aspect of building and maintaining trust with our customers and the broader community [3].

The scope of this policy extends to all forms of personal information, whether collected directly from individuals or obtained from third parties, and regardless of the format in which the information is held, including electronic records, paper documents, photographs, audio recordings, and any other medium that contains personal information [4].

This policy should be read in conjunction with our other policies and procedures, including our Complaint Handling Policy, which outlines how privacy-related complaints are managed, and our data security procedures, which detail the technical and administrative measures we implement to protect personal information from unauthorized access, use, or disclosure [5].

We regularly review and update this privacy policy to ensure it remains current with changes in privacy law, business practices, and technology. Any material changes to this policy will be communicated to affected individuals through appropriate channels, and the updated policy will be made available on our website and through other relevant communication channels [6].

For the purposes of this policy, “personal information” has the meaning given in the Privacy Act 1988, which defines it as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not [7].

This policy applies to personal information about individuals only and does not cover information about companies, partnerships, trusts, or other business entities, except where such information also constitutes personal information about identifiable individuals associated with those entities [8].

Our Commitment to Privacy

We are committed to protecting the privacy of personal information and handling it in accordance with the highest standards of privacy protection. Our commitment extends beyond mere compliance with legal requirements to encompass a culture of privacy awareness and respect for individual privacy rights throughout our organization [9].

Our privacy commitment is reflected in our business practices, staff training programs, technology systems, and governance structures. We have implemented comprehensive privacy management procedures that ensure personal information is collected, used, and disclosed only for legitimate business purposes and in accordance with individual expectations and legal requirements [10].

We recognize that privacy protection is essential for maintaining customer trust and confidence in our services. Our customers entrust us with sensitive personal and financial information when engaging our solar installation services, and we take this responsibility seriously. We are committed to using this information only for the purposes for which it was collected and to protecting it from unauthorized access, use, or disclosure [11].

Our privacy commitment includes providing individuals with clear information about our privacy practices, ensuring that personal information is accurate and up-to-date, providing access to personal information upon request, and responding promptly and effectively to privacy complaints and inquiries [12].

We regularly review and update our privacy practices to ensure they remain effective and aligned with evolving privacy expectations, technological developments, and regulatory requirements. Our senior management takes direct responsibility for privacy governance and ensures that adequate resources are allocated to privacy protection activities [13].

Legal Framework and Compliance

Our privacy practices are governed by the Privacy Act 1988 (Commonwealth), which establishes a comprehensive framework for the protection of personal information in Australia. The Act includes thirteen Australian Privacy Principles (APPs) that regulate how organizations collect, use, disclose, and manage personal information [14].

As an organization with annual turnover exceeding $3 million, we are required to comply with all APPs and maintain an up-to-date privacy policy that describes our personal information handling practices. Our compliance obligations include implementing appropriate data security measures, providing individuals with access to their personal information, and establishing procedures for handling privacy complaints [15].

The Privacy Act also includes a mandatory data breach notification scheme that requires us to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches that are likely to result in serious harm. We have implemented comprehensive data breach response procedures to ensure compliance with these notification requirements [16].

In addition to federal privacy law, our privacy practices must comply with other relevant legislation, including the Competition and Consumer Act 2010, which prohibits misleading or deceptive conduct in relation to privacy representations, and various state and territory laws that may impose additional privacy obligations in specific contexts [17].

Our privacy compliance program includes regular training for staff, periodic privacy impact assessments for new systems and processes, ongoing monitoring of privacy performance, and regular review of privacy policies and procedures to ensure they remain current and effective [18].

Types of Personal Information We Collect

We collect various types of personal information necessary for providing solar installation services, maintaining customer relationships, and conducting our business operations effectively. The specific types of personal information we collect depend on the nature of our relationship with individuals and the services they require [19].

Contact and Identification Information includes names, addresses, telephone numbers, email addresses, and other contact details necessary for communication and service delivery. We also collect identification information such as driver’s license numbers or other government-issued identification when required for verification purposes or regulatory compliance [20].

Financial Information encompasses bank account details, credit card information, payment history, and other financial data necessary for processing payments, arranging financing, and managing customer accounts. This information is collected and handled with particular care given its sensitive nature and potential for misuse [21].

Property and Technical Information includes details about customers’ properties, electrical systems, energy usage patterns, roof specifications, and other technical data necessary for designing and installing appropriate solar systems. This information may include photographs, site plans, electrical diagrams, and energy consumption records [22].

Service and Installation Information covers details about solar systems installed, maintenance services provided, warranty claims, customer service interactions, and other information related to our ongoing service relationship with customers [23].

Marketing and Communication Preferences include information about customers’ preferences for receiving marketing communications, participation in customer surveys, feedback on our services, and other information related to our marketing and customer relationship activities [24].

Employment Information for our staff includes personal details, employment history, qualifications, performance records, and other information necessary for employment administration, training, and compliance with workplace laws [25].

Supplier and Contractor Information encompasses personal information about individuals associated with our suppliers, contractors, and business partners, including contact details, qualifications, insurance information, and performance records [26].

How We Collect Personal Information

We collect personal information through various channels and methods, always striving to collect information directly from individuals where practicable and to ensure that collection is fair, lawful, and transparent [27].

Direct Collection occurs when individuals provide personal information directly to us through various channels, including telephone conversations, email communications, completion of forms, face-to-face meetings, and interactions through our website. This direct collection method allows us to provide clear information about why we are collecting the information and how it will be used [28].

Website Collection involves gathering personal information through our website, including information provided through contact forms, quote requests, newsletter subscriptions, and other online interactions. Our website includes clear privacy notices that explain what information is collected and how it will be used [29].

Third Party Collection may occur when we receive personal information from referral partners, suppliers, contractors, or other third parties in the course of our business operations. When collecting information from third parties, we take reasonable steps to ensure that individuals are aware of the collection and our privacy practices [30].

Public Sources may provide personal information that is publicly available, such as business directories, professional registers, or publicly accessible social media profiles. We only collect such information when it is relevant to our business relationship with individuals and when collection is reasonable in the circumstances [31].

Automatic Collection through our website and digital systems may gather technical information such as IP addresses, browser types, and website usage patterns through cookies and similar technologies. This information is typically collected automatically but individuals can control some aspects of this collection through browser settings [32].

We ensure that all personal information collection is conducted in accordance with the APPs, including providing appropriate privacy notices, obtaining consent where required, and ensuring that collection is reasonably necessary for our business functions or activities [33].

Why We Collect Personal Information

We collect personal information for specific, legitimate business purposes that are directly related to our solar installation services and customer relationships. Our collection practices are guided by the principle that personal information should only be collected when it is reasonably necessary for our business functions or activities [34].

Service Delivery represents our primary purpose for collecting personal information, including conducting site assessments, designing appropriate solar systems, obtaining necessary permits and approvals, coordinating installation activities, and providing ongoing maintenance and support services [35].

Customer Relationship Management involves using personal information to maintain effective relationships with our customers, including managing customer accounts, processing payments, handling inquiries and complaints, and providing customer support services [36].

Legal and Regulatory Compliance requires us to collect certain personal information to comply with various legal obligations, including taxation requirements, workplace safety regulations, building codes, electrical safety standards, and consumer protection laws [37].

Business Administration encompasses the collection of personal information necessary for general business operations, including managing supplier relationships, maintaining business records, conducting financial management, and supporting internal administration processes [38].

Marketing and Communication involves collecting information to communicate with customers about our services, provide information about new products or services, conduct customer satisfaction surveys, and maintain ongoing customer relationships [39].

Risk Management includes collecting information necessary for assessing and managing business risks, including credit assessments, insurance requirements, safety considerations, and compliance monitoring [40].

We do not collect personal information for purposes that are not related to our business functions, and we do not collect more personal information than is reasonably necessary for our identified purposes [41].

How We Use Personal Information

Our use of personal information is governed by the purposes for which it was collected and the reasonable expectations of individuals about how their information will be used. We use personal information only for the purposes disclosed in this policy or for other purposes that are directly related to the original collection purpose [42].

Primary Use Purposes align directly with our collection purposes and include providing solar installation services, managing customer relationships, fulfilling contractual obligations, processing payments, and maintaining business records [43].

Secondary Use Purposes may include uses that are directly related to the primary purposes, such as improving our services based on customer feedback, conducting internal business analysis, and developing new products or services that may be of interest to customers [44].

Marketing Communications involve using contact information to communicate with customers about our services, industry developments, special offers, and other information that may be of interest. All marketing communications include clear opt-out mechanisms and respect individual preferences [45].

Quality Improvement encompasses using personal information to monitor and improve the quality of our services, including analyzing customer feedback, identifying service improvement opportunities, and implementing changes to enhance customer satisfaction [46].

Legal Compliance may require us to use personal information for various compliance purposes, including responding to regulatory inquiries, complying with court orders, meeting taxation obligations, and fulfilling other legal requirements [47].

We implement appropriate controls to ensure that personal information is used only by authorized personnel for authorized purposes, and we provide regular training to staff about appropriate use of personal information [48].

Disclosure of Personal Information

We may disclose personal information to third parties in certain circumstances, always ensuring that such disclosure is lawful, necessary, and consistent with individual expectations and our privacy obligations [49].

Service Providers may receive personal information when we engage external contractors, suppliers, or service providers to assist with our business operations, including installation subcontractors, equipment suppliers, payment processors, and professional service providers [50].

Regulatory Authorities may receive personal information when required by law or when necessary for compliance with regulatory requirements, including building authorities, electrical safety regulators, taxation authorities, and consumer protection agencies [51].

Financial Institutions may receive personal information in connection with payment processing, financing arrangements, insurance claims, or other financial services related to our business operations [52].

Legal and Professional Advisors may receive personal information when we require legal advice, accounting services, or other professional services in connection with our business operations or legal obligations [53].

Business Partners may receive limited personal information when necessary for joint service delivery, referral arrangements, or other legitimate business collaborations, always subject to appropriate confidentiality protections [54].

Emergency Situations may require disclosure of personal information to protect the safety of individuals, prevent serious threats to public health or safety, or respond to emergency situations [55].

All third-party disclosures are subject to appropriate confidentiality agreements and privacy protections to ensure that personal information is handled appropriately by recipients [56].

Overseas Disclosure

We may disclose personal information to overseas recipients in certain circumstances, always ensuring appropriate privacy protections and compliance with Australian privacy law requirements for overseas disclosure [57].

Cloud Storage Services may involve storing personal information on servers located overseas, particularly when using international cloud computing services for data storage, backup, or business continuity purposes [58].

Equipment Suppliers based overseas may receive technical information about installations when necessary for warranty claims, technical support, or product development purposes [59].

Professional Services provided by international firms may require disclosure of personal information when we engage overseas legal, accounting, or consulting services [60].

Before disclosing personal information overseas, we take reasonable steps to ensure that overseas recipients are subject to privacy obligations substantially similar to the APPs, or we obtain appropriate consent from individuals for the overseas disclosure [61].

We maintain records of overseas disclosures and regularly review our overseas disclosure practices to ensure ongoing compliance with privacy law requirements [62].

Data Security and Storage

We implement comprehensive security measures to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. Our security approach encompasses both technical and administrative measures designed to provide appropriate protection for the sensitivity of the information we hold [63].

Technical Security Measures include secure data storage systems, encryption of sensitive information, access controls and authentication systems, regular security updates and patches, network security monitoring, and secure backup and recovery procedures [64].

Administrative Security Measures encompass staff training on privacy and security requirements, background checks for personnel with access to sensitive information, clear policies and procedures for information handling, regular security audits and assessments, and incident response procedures [65].

Physical Security Measures include secure facilities for storing paper records, controlled access to areas where personal information is processed, secure disposal of documents containing personal information, and protection of computer systems and storage devices [66].

We regularly review and update our security measures to address evolving threats and ensure that our protection measures remain effective and appropriate for the types of personal information we hold [67].

Access and Correction Rights

Individuals have the right to request access to personal information we hold about them and to request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading information [68].

Access Requests can be made through our designated privacy contact channels, and we will respond within a reasonable timeframe, typically within 30 days. We may charge a reasonable fee for providing access to personal information, particularly for complex requests requiring significant resources [69].

Correction Requests will be processed promptly, and we will take reasonable steps to correct personal information when we are satisfied that it is inaccurate, out-of-date, incomplete, irrelevant, or misleading [70].

Access Limitations may apply in certain circumstances, such as when providing access would pose a serious threat to safety, would unreasonably impact the privacy of others, or would be unlawful [71].

We maintain procedures to verify the identity of individuals making access or correction requests to ensure that personal information is only provided to authorized persons [72].

Privacy Complaints

We have established comprehensive procedures for handling privacy complaints and inquiries, ensuring that all concerns about our privacy practices are addressed promptly and effectively [73].

Complaint Submission can be made through various channels, including telephone, email, written correspondence, or in-person contact with our privacy officer [74].

Investigation Process involves thorough review of complaints, gathering of relevant information, consultation with relevant personnel, and determination of appropriate responses or corrective actions [75].

Resolution Timeframes typically involve acknowledgment within 5 business days and resolution within 30 days, though complex complaints may require additional time [76].

External Review options are available through the Office of the Australian Information Commissioner if individuals are not satisfied with our response to their privacy complaints [77].

Marketing and Communications

Our marketing and communication practices are designed to respect individual preferences and comply with privacy and spam laws [78].

Consent Management ensures that we obtain appropriate consent for marketing communications and provide clear opt-out mechanisms in all marketing materials [79].

Communication Preferences are respected, and we maintain systems to track and honor individual preferences about receiving different types of communications [80].

Spam Compliance ensures that all electronic marketing communications comply with the Spam Act 2003 and include appropriate identification and unsubscribe mechanisms [81].

Website Privacy and Cookies

Our website privacy practices include the use of cookies and similar technologies to enhance user experience and gather analytics information [82].

Cookie Usage involves both essential cookies necessary for website functionality and optional cookies for analytics and marketing purposes [83].

User Control is provided through browser settings and cookie preference tools that allow individuals to control cookie usage [84].

Third-Party Services integrated into our website may have their own privacy practices, which are governed by their respective privacy policies [85].

Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and meet business requirements [86].

Retention Periods vary depending on the type of information and legal requirements, typically ranging from 3 to 7 years for customer records [87].

Secure Disposal procedures ensure that personal information is destroyed or de-identified when no longer required [88].

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or business operations [89].

Notification of material changes will be provided through our website and direct communication with affected individuals where appropriate [90].

Effective Date of changes will be clearly indicated, and the current version of the policy will always be available on our website [91].

 

keyboard_arrow_up