At TuckerBush (“TukerBush”, “us”, “we”), privacy is important to us. We make every effort to maintain the highest standards in dealing with personal information of all people that we deal with (including employees and people external to the organisation referred to in this document as “you” or “your”) in accordance with the Privacy Act 1998 (Cth) and to the extent applicable the EU General Data Protection Regulation (GDPR) (“the Law”).
2. What Information we collect and hold
We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the services you are seeking, or to providing services to others.
This information may include your name, date of birth, current and previous address details, telephone numbers, email addresses, demographic information, occupation and employment details, including qualifications.
We also collect information about:
- Suppliers, businesses and people we have licensing arrangements with, breeders, growers, propagators, customers, clients and their employees (including business name and address, contact details) and employee names, birth dates, addresses and working conditions (including hours and salaries); and
- potential employees (including names, addresses, contact details, employment and academic histories and the names of their referees).
We do not collect Sensitive Information (as defined by the Law).
Collection of information that is not ‘personal information’
3. How we collect and hold
Personal information will generally be collected directly from you through the use of any of our standard forms (including an account opening form), in a contract, over the internet, via email, or through a telephone conversation with you.
4. Why we collect information
The personal information that we collect and hold about you, depends on your interaction with us. Generally, we will collect, use and hold your personal information for the purposes of:
(a) providing services and products to you or someone else;
(b) providing you with information about other services or products that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
(d) facilitating our internal business operations (including managing contracts and managing employment, if relevant);
(e) complying with regulatory or legal requirements;
(f) analysing our services and goods and customer and affiliated businesses needs with a view to developing new or improved services.
5. What we do with the information we collect
TuckerBush does not sell, or otherwise trade, your personal information. Generally we only use or disclose personal information about you for the purposes for which it was collected (as above).
We use your personal information to carry out our business with you, including understanding your needs and providing you with better services and products. In particular, we use your personal information and you consent to us using your personal information:
- for internal record keeping;
- to improve our services and products;
- for promotion and direct marketing to you of our services and products;
- for internal product/service analysis (market research);
- to comply with the Law and protect against fraudulent activity;
- to conduct market research and analysis for the purpose of improving our products and services;
- to conduct competitions or promotions for us or customers or affiliated businesses;
- to verify your identity;
- to investigate any complaints made by you, or against you; or
- if we have reason to suspect that you have been engaged in any unlawful activity.
We also use your personal information to communicate with you, including by email, mail or telephone. If you have opted in to receive newsletters, communications or special offers from TuckerBush you may, in some circumstances, also receive newsletters, communications or special offers from our third party partners. If you do not wish to receive direct marketing communications please ask us to cease this via our Privacy Officer.
6. When we disclose your personal information
We may disclose personal information held about you to:
- our affiliated companies as required for carrying on our business;
- third party service suppliers, including, but not limited to email systems providers and parties
- involved in the maintenance of our information technology systems and storing of data;
- our authorised representatives (including accounting, legal and financial advisers);
- organisations required by Law;
- insurance providers in relation to specific claims;
- law enforcement agencies; and,
- anyone to whom you authorise us to disclose the information.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, disclosure, misuse, modification or loss of your personal information, we have in place suitable physical, electronic and managerial procedures to safeguard and secure the information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Access to your personal information is limited to those parties within TuckerBush who require legitimate access to it.
We may have your personal information collected by, stored, processed or transferred to organisations located overseas, for example where:
- we use service providers or have affiliations with businesses based overseas;
- you have requested a product or service that involves an international element.
Because some of our back ups are cloud based your information may also be stored on computer servers located outside of Australia. You consent to the disclosure of your personal information to such overseas recipients and its location on overseas servers.
In special circumstances – for example, if we were to sell our business or part of our business –your information may be transferred to potential purchasers and their advisers as part of that sale. From time to time, we may provide aggregated and de-identified information to other business partners for various purposes.
8. Access to and updating your personal information
You may request the details of any personal information we hold about you in accordance with the provisions of the Privacy Act 1988 (Cth), and to the extent applicable the GDPR.
If you believe that any personal information we have is incorrect or incomplete, and you wish it to be corrected, please contact us as soon as possible and we will promptly correct it. On your request, and as far as it is practicable, we will provide your updated details to third party providers that we have previously disclosed your personal information to with your consent.
9. Notification of Data Breach
If we experience a data breach, for example, unauthorised access to, or disclosure of, your personal information, or where your personal information is lost in circumstances that could give rise to unauthorised loss or disclosure, and serious harm is likely to occur to you and we have not been able to prevent it we will advise you and the Australian Information Commissioner as soon as reasonably practical of the breach, and work with you to resolve it or mitigate the circumstances of the breach.
10. GDPR (for individuals within the European Union)
The GDPR provides data protection and privacy rights to individuals within the European Union as set out below.
Under the GDPR such individuals (you) are granted the following rights:
- You have a right to know our identity. Please see ‘Data Controller Details’ at the end of this policy.
- You may withdraw any given consent at any time.
- You will be notified if, at any point in the future, the usage of your data changes from what is stated here. You will have the opportunity to withdraw consent.
- You have the right to object to any of your data being processed.
- You may request a copy of all information we have about you, at any time.
- You may request modification of any data we have on you, at any time
- You may request deletion of any or all data we have on you, at any time
*For requests about your data, we will have to identify you to be able to comply.
Full details on your GDPR rights are provided at the following link:
Some personal data may be collected by us in the operation of our website. The amount of information collected depends on the level of interaction you have with us, such as signing up to the Support Centre or entering into competitions.
Data we collect may include the following:
- Identity data, such as name and email;
- Contact information, such as email and phone number;
- Financial and transactional data such as records of sales and purchases;
- Usage data, such as email opening rates, number of website logins, etc;
- Any other information you may volunteer to us, such as feedback or survey responses.
We will use your data for the following purposes:
- To verify your identity should you wish to exercise your rights as above.
- To provide services to you that you have requested.
- To send you marketing materials and offers.
- To generate anonymous aggregate data.
Recipients of Data
Your data may be stored with third parties that provide services to us, such as our hosting provider and mailing list provider. Data may be available in some cases to contractors or associates that perform services for us, such as website development services.
The period of data retention depends on the type of data, and the actions you take. We will retain data as long as is necessary to provide services, products and content to you, and may retain some information after un-subscription or account removal. To have all information about you removed, please contact us, and we will comply as closely as allowed by law.
Please contact us (see details in Part 13 below) if any of the following apply to you:
- You want to know what data we have about you.
- You want us to modify or delete any data we have about you.
- You feel that your rights have not been met.
- You do not understand any part of this policy.
- You have unanswered questions about how we collect or use data.
We will use best endeavours to report a personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting your rights and freedoms, we will also inform you without undue delay.
Our Controller details are listed under Part 13 below.
When you visit our website
When you visit our website www.tuckerbush.com.au we will collect any personal information that you provide including when you register for or use the Support Centre and we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that TuckerBush is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
12. Breach of this Policy
Any breach of this Policy may result in disciplinary action in accordance with our policies for our employees and contractors.
Any employee or contractor who becomes aware of a breach of this Policy must disclose this breach either to their Manager or the Privacy Officer.
13. How to contact us
PO Box 216, Kalamunda WA 6926
For the purposes of the GDPR our Data Controller Details are:
Data Controller Details
Entity name: TUCKERBUSH
PO Box 216, Kalamunda WA 6926