Privacy and Security Policy
Harcourts Group (Australia) Pty Ltd ACN 074 304 073 and Harcourts Group Ltd (NZ) and their related entities (collectively, Harcourts, us, we, our) are committed to protecting the privacy of your personal information.
Harcourts is required to comply with the Privacy Act 1988 (Cth) including the Australian Privacy Principles (APPs) in Australia and the Privacy Act 2020 (Privacy Act) in New Zealand.
Collection of your personal information
The kinds of personal information we collect and hold about you, and our use of that information, is dependent on the products and services we provide to you.
In addition to operating a national real estate franchise network, the products and services that we (and/or our franchisees and licensees) provide include providing real estate agency services for the buying, selling, leasing, development and advertising of residential, commercial and rural properties, business broking, training and providing services in connection with arranging utility connection, removalists, cleaners, conveyancing, financing and insurance.
Generally, this personal information may include (but is not limited to) your name, address, date of birth, telephone number, email address, details of the products or services you have enquired about, property value, rental amounts, insurance details, references (in relation to rental arrangements and job applicants) and photo identification. In addition to the above information, when you enrol in a course we will collect information which may include credit card details for payment of course fees and for Australian nationally recognised training identification documents such as birth certificates, drivers licenses and/or passports in order to create a Unique Student Identifier (USI) unless you can provide a USI to The Academy. Collection of your personal information may be required by law for the purpose of reporting to Commonwealth, State and Territory government agencies for planning, evaluative and administrative relating to your training or course.
Generally, we collect your personal information directly from you unless it is impracticable or unreasonable to do so (for example where you deal with our franchisees, rather than us). From time to time, we may collect personal information about you from third parties (for example, from your representative, from publicly available sources, from your referees where you apply for a position with us, when you transact with our franchisees or if you apply to become a franchisee).
If you enrol in a course we may also collect personal information about you from third parties, for example:
- from schools and other educational institutions where necessary to verify qualifications and course credits for enrolment and assessment purposes;
- from organisations where you may be completing a work placement, or practical component of your course;
- from your employer if your course is being supported by them or incorporated into your employment;
- from professional or member associations or government departments via website such as confirming membership or registration or license check.
When collecting your personal information, we will take reasonable steps to provide you with certain information as required under the APPs, including the purpose of collection, who we may disclose your personal information to, any law that requires or authorises us to collect the information and the main consequences if we do not collect all of the personal information we require. If we collect your personal information from another source, we will take reasonable steps to ensure you are aware of the fact and the circumstances of that collection.
Generally, if we are unable to collect the personal information we require we may not be able to provide you with the products and services you seek. If the information provided is incorrect or incomplete, this may also prevent, limit or otherwise affect our ability to provide products or services to you.
Purposes for which personal information is collected, held, used and disclosed
We will use and disclose your personal information for the purposes for which we collected it, and for other related purposes that you would reasonably expect. We may hold and process personal data that you provide to us in accordance with the GDPR.
Generally, these purposes include responding to your enquiries, providing you (or arranging for our franchisees to provide you) with products and services such as those set out in the section above, providing you with marketing information about our products and services and those of our franchisees, obtaining your feedback on your customer experience, conducting promotional activities and for our general business operations (for example, recruitment, maintenance of our business records, compliance with our legal and insurance obligations and statistical purposes).
By providing us with your personal information, you consent to us using your personal information for these purposes. You agree that we may send you such information by post or by electronic means such as email. You can opt-out of marketing and promotional communications at any time by contacting our Privacy Officer via the details shown below.
If you are undertaking a Harcourts training course we may disclose information to a third party about you or your course for the purposes of assessing your progress, tracking your attendance, providing student support, issuing your results, and providing certificates of completion and/or Statement of Attainments (SoA for nationally recognised training). In addition for Australian nationally recognised, this will include:
- disclosure to government agencies with responsibility for administering and regulating education and training providers in Australia such as the Australian Skills Quality Authority (ASQA) and state training authorities
- disclosure to government agencies or government-appointed providers with responsibility for reviewing and analysing student and other stakeholder feedback, including those administering the Quality Indicators and data reporting requirements.
We may exchange your personal information within the Harcourts corporate group. We may also disclose your personal information to our franchisees, licensees, agents and contractors for the purposes set out above, and for the purposes of those parties providing services to us or performing business services or functions on our behalf.
Apart from the above instances, we may also use and disclose your personal information with your consent and as otherwise required or permitted by law.
We will only collect ‘sensitive information’ with your consent. We will assume that you have consented to us collecting all information which is provided to us by you for use in accordance with this policy, including any ‘sensitive information’, unless you tell us otherwise at the time you provide it to us.
If you are enrolled in a Harcourts training course, we may collect information about you which is considered sensitive information for example, information about whether you identify you as Aboriginal or Torres Strait Islander; information which may disclose your racial or ethnic origin (such as your proficiency languages other than English); and information about your health or a disability where this is relevant to your training needs.
Storage and security of your personal information
We may hold your personal information in electronic formats or in hard copy.
We take reasonable steps to securely store your personal information to ensure it is protected from unauthorised access, modification and disclosure, and from other types of misuse, interference and loss. This includes electronic and physical security measures and procedures, staff training and use of password protection software.
We will take reasonable steps to destroy or permanently de-identify your personal information when we no longer require it for any purpose for which it was collected. We may retain your personal information for as long as necessary to comply with any applicable law, for legal, insurance and corporate governance purposes, for the prevention of fraud and to resolve disputes. Your personal information may also be retained in our IT system back-up records.
The transfer of data over the Internet is inherently insecure. We cannot guarantee the security, during transmission, of any personal information provided to us via our websites. Please bear this in mind when transmitting information by this means to us.
The Privacy Amendment (Notifiable Data Breaches) Act 2017 established the Notifiable Data Breaches Scheme (NDB scheme) in Australia (to be Part IIIC of the Privacy Act 1988 on commencement). The NDB scheme sets out obligations for notifying affected individuals, and the Australian Information Commissioner (Commissioner), about a data breach which is likely to result in serious harm.
Where serious harm to affected individuals is likely, we will notify those individuals and the Commissioner in accordance with our legal obligations. You may contact our Privacy Officer via the contact details below should you require additional information.
Access and correction of your personal information
The Privacy Act, APPs and the GDPR give you the right to access information held about you by us. You may lodge a request to access and correct personal information that we hold about you if you believe it is inaccurate, incomplete, out-of-date, irrelevant or misleading by contacting our Privacy Officer via the contact details shown below.
You may request that we provide you with access to the personal information we hold about you. Generally, we will provide you with access, except in limited circumstances where the APPs permit us to deny access. Any such requests must be made in writing and directed to our Privacy Officer via the details shown below. Under the APPs, we are permitted to charge you a reasonable fee for providing access to your personal information. Please note that no fee will be incurred for requesting access, and if your request for access is accepted we will inform you of the fee (if any) that will be payable for providing access if you proceed with your request.
You may ask us to inform you of the source of any personal information about you that we have collected from a third party. We will provide this at no cost, except in limited circumstances where the APPs or other laws permit us to withhold this information.
You have the right to change the permissions that you have given us in relation to how we may use your data. You also have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you. You can exercise these rights at any time by writing to our Privacy Officer at the address detailed below.
Making a complaint
You may lodge a complaint with us if you believe we have handled your personal information other than in accordance with the APPs. To do so please contact our Privacy Officer via the contact details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response. We will endeavor to respond as quickly as possible, which will typically be within 14 days of receiving your complaint.
Overseas disclosure of your personal information
Generally, we will not disclose your personal information to overseas recipients, except upon your request, or if we are authorised or required to do so by law. Generally, such disclosures will be to members of our international corporate group.
If you consent to the disclosure of your personal information to an overseas entity you understand and agree that:
(a) the overseas recipient is unlikely to be required to comply with the Privacy Act and APPs;
(b) the overseas recipient may not be subject to privacy laws that are similar to the Privacy Act or APPs (and may even be compelled to make certain disclosures of your personal information under the privacy regime applicable to them, for example disclosure to the overseas government authorities);
(c) Harcourts may not take steps to ensure that the overseas recipient handles your personal information in accordance with the Privacy Act and APPs;
(d) the overseas recipient may handle your personal information other than in accordance with the Privacy Act or APPs, in which case you will not be able to seek redress for such acts or practices under the Privacy Act; and
(e) Harcourts will not be responsible for, or otherwise liable for the way in which the overseas recipient handles your personal information.
As part of the services offered to you, for example through our Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote website server hosts to provide the website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of our suppliers, e.g. our website server host, or work for us when temporarily outside of the EEA.
For the purpose of the GDPR, we are the data controller and any enquiry regarding the collection or processing of your data should be addressed to our Privacy Officer at the contact details below.
If you would like further information about the way we manage your personal information, or if you have a privacy-related complaint, please contact our Privacy Officer by telephone on +61 7 3839 3226, by mail at 31 Amy Johnson Place, Eagle Farm, QLD 4009, Australia or by email at firstname.lastname@example.org.
Office of the Australian Information Commissioner
More information about your rights and our obligations in connection with your personal information are available from the Office of the Australian Information Commissioner at www.oaic.gov.au.