Aejis Migration
Privacy Statement & Policy

Privacy Statement

Aejis Migration, a division of Aejis Pty Ltd ACN 126 621 369 (“AM”, “we”, “us” and “our”) is committed to protecting the privacy of its clients, employees, partners and affiliates. AM is bound by the Privacy Act 1988 (“the Act”) and adheres to the Australian Privacy Principles (“APP”). The APP sets out 13 principles to be adhered to by APP entities in dealing with Personal Information as defined by the Act. The term “Personal Information” is defined at section 6 of the Act as follows:

“Personal Information means information or an opinion about an identifiable individual, or individual who is reasonably identifiable:

  1. whether the information or opinion is true or not; and
  2. whether the information or opinion is recorded in a material form or not.”

To find out more about the APP you can contact the Office of the Australian Information Commissioner (“OAIC”) by email at the following address: enquiries@oaic.gov.au. Specific information about the APP may be accessed via the following link: https://www.oaic.gov.au/privacy/australian-privacy-principles/

This Privacy Statement is the Privacy Policy of AM, and sets out the way that we manage personal and other information that our members, employees and partners may provide to us. It also details how you can make a complaint to the office of the OAIC, should you feel that we are not adhering to our obligations under the Act.

The Kinds of Personal Information Collected and Held by AM

Depending upon the circumstances, AM may collect and hold a range of Personal Information as a result of its dealings with you. This information may include the following:

  1. your name and contact details including phone numbers, postal addresses and e-mail addresses;
  2. identity documents such as passports, driver’s licenses, national ID’s, birth certificates, marriage certificates, household registration documents, bank cards, Medicare cards and private health insurance cards;
  3. employment information such as employment contracts, payslips, superannuation documents, taxation documents and employer references;
  4. company information including its ACN, ABN and the names and contact details of the company’s officers, employees and representatives;
  5. financial information including, but not limited to, credit card information and financial institution account information;
  6. company financial information such as profit and loss statements, balance sheets, cash flow statements, taxation documents and depreciation schedules.

Please note that this is not intended to be an exhaustive list, and there may be instances where AM collects and holds forms of Personal Information that is not referred to above.

How AM Collects and Holds Your Personal Information

AM collects your personal information via a range of different means, including, but not limited to:

  1. directly from you during the course of a meeting, by telephone, written correspondence in electronic or paper form, by providing a submission to a request for information from our website, CRM or any other tool capable of collecting data that would constitute Personal Information;
  2. via publicly available databases including, but not limited to, information held by the Australian Securities and Investment Commission, the Australian Financial Services Authority, or via internet search engines;
  3. via our website and mobile Apps. (ie. online forms, cookies, log files etc).

AM also uses Google analytics to collect information about how individuals use its website. The information obtained is used to help AM understand its user’s needs so that we can offer a better user experience. Google analytics uses cookies to collect information about which pages you visited, how long you were on the site, how you got there (for example from a search engine, a link, an advertisement, etc) and what you select. Information collected by the cookies (including your IP address) is transmitted to and stored by Google on servers in Australia and overseas. You can opt out of Google analytics if you disable or refuse the cookie, disable JavaScript, or use the opt out service provided by Google.

Our online services may contain links to other websites. AM is not responsible for the privacy practices or policies of those sites and we recommend that you review their privacy policies.

Under the APP, you have the right to anonymity and pseudonymity in your dealings with us. However, if you fail to provide us with the Personal Information, we may decline to engage with you any further.

AM may hold your Personal Information in electronic and/or hard copy format, both at our head office, branch premises and with our agents and/or service providers. We implement a range of reasonable measures to ensure the security and integrity of your Personal Information. Careful measures are also undertaken in respect of destroying personal information that is no longer required to be held or needed for any lawful purpose.

How AM Uses Your Personal Information

AM collects and holds your information for the following reasons:

  1. To provide updates, news, information and promotions regarding AM’s activities;
  2. For administrative, operational, strategic and marketing purposes.

AM will not use your personal information for marketing purposes if you expressly indicate that you do not wish it to do so.

AM may disclose your personal information:

  1. To other members, related entities and/or partners for purposes related to any supply of any of AM’s services requested by you;
  2. To its legal advisors and/or recovery agencies for purposes associated to any debt collection and/or dispute concerning you;
  3. To any party or institution as may be required by law.

AM may also disclose your information to your authorised representatives when you provide us with written authority to do so.

Access to and Correction of Personal Information Held by AM

You may access information held by us about you by submitting a request in writing by email or hard copy using either of the following address:

mail@aejislegal.com.au

Or

The Privacy Officer

Aejis Legal

Ground Level, Suite 3, 345 Ann Street, Brisbane, QLD, 4000

You will need to provide AM with sufficient proof of identity before we will respond to any request for access or correction.

AM will typically respond to your request within 30 days. The information will only be supplied:

  1. if AM is required to disclose same under the APP; or
  2. if AM chooses to do so.

If AM declines your request for access to your Personal Information, it will provide you with written reasons for doing so.

AM has the discretion to charge you any fees associated with obtaining and providing you with access to any of your Personal Information held by AM, including the costs of locating, retrieving, compiling, copying and delivering the requested information.

Once you have obtained access to the Personal Information held by AM about you, you may request that we attend to the correction of any errors and/or omissions. Any request must be put in writing and sent to either of the addresses set out above. AM will typically process your request within thirty (30) days and will notify you of any changes applied by us in writing. If AM declines to make any requested changes, it will provide you with written reasons for doing so.

Disclosure of Personal Information to Third Parties

From time to time we may need to disclose your personal information to third parties such as translators, the Department of Home Affairs, the Australian Federal Police, Bupa Migration Health Services, or any relevant Australian State or Territory Government agencies. We will always obtain your prior written consent before disclosing your personal information to these, or any other, third parties.

Disclosure of Personal Information to Overseas Recipients

The third parties to whom we disclose your personal information may be located in Australia and overseas. We undertake steps to ensure that all our service providers agree to protect the privacy and security of your personal information, and to use the information only for the purpose for which it is disclosed. 

How You May Complain about AM for an Alleged Breach of the Australian Privacy Principles or a Registered APP Code

If you wish to make a complaint about the way in which AM deals with your personal information, and/or its adherence to the APP, and/or any registered APP Code, you may direct your complaint in writing to either of the following addresses:

mail@aejislegal.com.au

Or

The Privacy Officer

Aejis Legal

Ground Level, Suite 3, 345 Ann Street, Brisbane, QLD, 4000

AM will typically respond to your complaint in writing within thirty (30) days, unless your complaint requires us to obtain further information from you or to make enquiries with any related or unrelated third parties. AM will endeavour to deal with your complaint as quickly as possible given the circumstances. If it is likely that a conclusive response will not be given within thirty (30) days of receipt of your complaint, AM will notify you of the reasons for the delay and provide you with a revised timeframe for delivery of its response.

If you are dissatisfied by our response, you may make a complaint to the Office of the Australian Information Commissioner.  For detailed information on how to make a complaint to the OAIC, please visit the following web link:

https://www.oaic.gov.au/privacy/privacy-complaints/

The contact information of the OAIC is set out below:

1300 363 992

enquiries@oaic.gov.au

Fax 02 9284 9666

Post: Sydney Office, GPO Box 5218 Sydney NSW 2001

How Eligible Data Breaches are Handled

Eligible data breaches happen where there is an unauthorised access to, unauthorised disclosure of, or loss of personal information held by us which may result in serious harm to an individual.

Pursuant to the Australian Privacy Protection Principles, AM must take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification and disclosure.

A data breach response plan outlines processes as to how a data breach will be contained, evaluated and managed. The plan also outlines how we decide whether it is necessary to notify an individual of a data breach. 

Our data breach response plan is as follows:

  1. Contain the breach;
  2. Initiate a preliminary assessment by an appropriately qualified Data Breach Response team;
  3. Assess the risks for individuals associated with the breach;
  4. Determine who needs to be made aware of the breach;
  5. Review the incident and take action to prevent future breaches.

When deciding whether an individual is required to be notified, the following factors will be considered:

  1. Whether there is a risk of serious harm to the individual;
  2. Whether notification will avoid or mitigate possible harm;
  3. Whether the compromised information is sensitive or likely to cause humiliation or embarrassment for the individual; and
  4. Whether there are legal and/or contractual obligations to notify.

If we reasonably believe there is a risk of serious harm to the individual due to a data breach, we will notify the Commissioner. In some situations, we may also notify other third parties, such as law enforcement officers.

Glossary of Terms

  1. ABN means ‘Australian Business Number’
  2. The Act means ‘the Privacy Act 1988
  3. APP means ‘Australian Privacy Principles’
  4. ACN means ‘Australian Company Number’;
  5. OAIC means ‘Office of the Australian Information Commissioner’.