Our delivery days are Monday – Friday. Home / Office Delivery service within a 25km radius.
Privacy Policy

YARDMILL Privacy Statement

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) (Privacy Act) updates the Privacy Act 1988 (Cth) and is intended to establish a comprehensive national scheme for the collection, holding, use, correction, disclosure and transfer of personal information by organisations in the private sector. This gives individuals the right to know what information an organisation holds about them and a right to correct that information if it is wrong.

This policy is to ensure TeeRoy Pty T/A YARDMILL (YARDMILL) complies with the Privacy Act established for the handling of personal information by organisations in the private sector. YARDMILL is required to ensure that it complies with the thirteen Australian Privacy Principles (APPs) set out by the Privacy Act. The Australian Privacy Principles (APPs) regulate the way YARDMILL can collect, use, disclose, amend and pass on personal information.

Responsibility and Authority

All Managers and Staff

  • Ensure compliance with the policy

Privacy Compliance Officer

  • Receives complaints from an individual regarding an alleged breach of privacy by
    YARDMILL
  • Investigates and attempts to resolve any alleged breach of privacy complaint internally
    with the individual

If you have any questions about our privacy practices or this privacy policy or wish to make a complaint, please contact our Privacy Officer by email at tracey@yardmill.com.au or write to:
Privacy Officer
YARDMILL
434 Toorak Road
Toorak, Vic 3142

Part 1 – Consideration of Personal Information Privacy

APP 1: Open and Transparent Management of Personal Information

Personal information will only be collected to the extent necessary by lawful and fair means and not in an unreasonably intrusive way for one or more of YARDMILL’s functions or activities.

At the time of collection (or as soon as practicable afterwards) YARDMILL will take reasonable steps to ensure personal information is managed is an open and transparent way. Under the Privacy Act you are entitled to:

  • know the kind of information the entity collects and holds
  • how the entity collects and holds personal information
  • the purposes for collecting, holding and disclosing personal information
  • how they can access and seek correction of such information
  • how an individual may complain about a breach of the Australian Privacy Principles,
    and how the entity would deal with such a complaint
  • whether the entity is likely to disclose personal information overseas recipients
  • if the entity is likely to disclose personal information to overseas recipients, the
    countries in which such recipients are likely to be located if it is practicable to do so

YARDMILL will provide upon request from an individual or body free access to YARDMILL’s
privacy policy in such form as appropriate.

APP 2: Anonymity and pseudonymity

Whenever it is lawful and practicable, an individual will have the option of not identifying themselves or of using a pseudonym in relation to a particular matter.

Part 2 – Collection of Personal Information

APP 3: Collection of solicited personal information

Personal Information other than Sensitive Information

YARDMILL will only collect personal information (other than sensitive information) if it is reasonably necessary for one or more of the YARDMILL’s functions or activities.

Sensitive Information

YARDMILL will not collect sensitive information about an individual unless:

  1. the individual has consented and the information is reasonably necessary for one or
    more functions or activities;
  2. the collection is required or authorised by law; or
  3. a permitted general situation exists in relation to the collection of information by
    YARDMILL;
  4. a permitted health situation exists in relation to the collection of information by
    YARDMILL

Permitted general situations means:

  • lessening or preventing a serious threat to the life, health or safety of any individual, or
    to public health or safety
  • taking appropriate action in relation to suspected unlawful activity or serious
    misconduct
  • locating a person reported as missing
  • asserting a legal or equitable claim
  • conducting an alternative dispute resolution process

Permitted health situation means:

  • the collection of health information to provide a health service
  • the collection of health information for certain research and other purposes
  • the use or disclosure of health information for certain research and other purposes
  • the use or disclosure of genetic information
  • the disclosure of health information for a secondary purpose to a responsible person
    for an individual
    • Personal Information means information or an opinion about an identified individual, or an
      individual who is reasonably identifiable

      1. Whether the information or opinion is true or not; and
      2. Whether the information or opinion is recorded in a material form or not.

      Sensitive Information: means:

      (a) information or an opinion about an individual’s:

      1. racial or ethnic origin; or
      2. political opinions; or
      3. membership of a political association; or
      4. religious beliefs or affiliations; or
      5. philosophical beliefs; or
      6. membership of a professional or trade association; or
      7. membership of a trade union; or
      8. sexual preferences or practices; or
      9. criminal record;
      10. that is also personal information; or

      (b) health information about an individual; or

      (c) genetic information about an individual that is not otherwise health information.

      Means of Collection

      YARDMILL will only collect personal information by lawful and fair means. YARDMILL can only collect personal information about an individual from that individual unless it is unreasonable or impractical to do so.

      APP 4: Dealing with Unsolicited Personal Information

      Where YARDMILL receives personal information in a manner that is not compliant with APP3, that information will be destroyed and/or de-identified. If unsolicited personal information is contained in a Commonwealth record, YARDMILL is not required to destroy or de-identify that information.

      APP 5: Notification of the Collection of Personal Information

      At the time of collection (or as soon as practicable afterwards) YARDMILL will take reasonable steps to ensure that the individual is notified:

      1. The identity and contact details of YARDMILL
      2. That YARDMILL is or has collected information, and the circumstances of that
        collection
      3. YARDMILL will state when the collection of personal information is required and/or
        authorised by law, and provide details of the relevant law or order.
      4. The purpose for which the personal information is collected
      5. The main consequences (if any) for the individual if some/all of the personal
        information is not collected
      6. Of any disclosures of personal information that YARDMILL will make to any other
        entity, body or person.
      7. How the individual can access and seek the correction of personal information
      8. How the individual can lodge a complaint of a breach of the Australian Privacy
        Principles or a registered APP code that binds YARDMILL, and how YARDMILL will
        deal with complaints.
      9. Whether YARDMILL is likely to disclose personal information to overseas recipients,
        and if applicable, which countries.

      Procedure for making a complaint

      A person may make a complaint if they feel their personal information has been handled inappropriately by a private sector organisation in breach of YARDMILL’s privacy obligations under the Privacy Act.

      In the first instance, complaints must be directed to YARDMILL’s Privacy Officer in writing. YARDMILL will investigate the complaint and prepare a response to the complainant in writing within a reasonable period of time

      If the complainant is not satisfied with YARDMILL’s response or the manner in which YARDMILL has dealt with the complaint, the individual may make a formal complaint to the Office of the Australian Information Commissioner (OAIC). The OAIC may investigate, resolve or close complaints based on information found during preliminary inquiries. If the OAIC believes there is enough evidence to support the complaint, it will try to conciliate the matter.

      If conciliation does not resolve the complaint, depending on the circumstances, the Australian Information Commissioner may make a determination. A determination could include a requirement that YARDMILL issue an apology, improve practices to reduce likelihood of a breach of the Privacy Act, or compensation is to be paid to the complainant. A complainant may withdraw their complaint at any time.

      Where OAIC has made a decision, a complainant may request OAIC to review it by a new officer. If the OAIC closes the file or the Information Commissioner makes a determination that is not legally

      correct, the complainant may apply to the Federal Court or the Federal Magistrates Court by way of appeal. Either party may also appeal to the Administrative Appeal Tribunal within 28 days of a final OAIC decision for a review of any compensation amount ordered by the Information Commissioner.

      YARDMILL may amend and vary this policy from time to time.

      Part 3 – Dealing with Personal Information

      APP 6: Use or Disclosure of Personal Information

      YARDMILL will not use personal information for another purpose (secondary purpose) unless:

      1. the individual has consented; or
      2. the secondary purpose is related to the primary purpose and the individual would
        reasonably expect YARDMILL to use or disclose the information for the secondary
        purpose.
      3. The use/disclosure of the information is required by law
      4. A permitted general/health situation exists in relation to the disclosure. Health situation
        information will be de-identified before YARDMILL discloses it.
      5. YARDMILL believes that the use/disclosure of information is reasonably necessary for
        one or more enforcement related activities conducted by/on behalf of an enforcement
        body.

      Written Note of Use or Disclosure

      YARDMILL will make a written note of all uses and disclosures of personal information.

      Related Bodies Corporate

      Where YARDMILL collects personal information from a body corporate, it will treat personal information in the same manner as stated above.

      Exceptions

      Where personal information is used or disclosed for the purpose of direct marketing or government related identifiers, the above principles do not apply.

      APP 7: Direct Marketing

      Direct Marketing

      Direct marketing concerns the use/disclosure of personal information to communicate directly with an individual to promote goods and services. YARDMILL will not use or disclose personal information held about an individual for the purposes of direct marketing unless one of the exceptions outlined below apply.

      Exceptions – Personal Information other than Sensitive Information

      YARDMILL will not use or disclose personal information for the purposes of direct marketing unless:

      1. YARDMILL has collected the information from the individual and the individual would
        reasonably expect YARDMILL to use/disclose the information for this purpose
      2. YARDMILL has provided a simple means where the individual may easily request not
        to receive direct marketing communications, and the individual has not made such a
        request

      Where YARDMILL has collected the personal information from a third party or from the individual directly, but the individual does not have a reasonable expectation that their personal information will be used for the purpose of direct marketing, YARDMILL will seek consent from an individual for each direct marketing communication.

      Exception – Sensitive Information

      YARDMILL will not use or disclose sensitive information about an individual for the purposes of direct marketing without the consent of the individual.

      Exception – Contracted Service Providers

      YARDMILL may use or disclose personal information for the purpose of direct marketing where:

      1. YARDMILL is a contracted service provider for a Commonwealth contract;
      2. YARDMILL collected the information for the purpose of meeting (directly or indirectly)
        an obligation under the contract; and
      3. The use or disclosure is necessary to meet (directly or indirectly) such an obligation.

      Individual may request not to receive direct marketing communications

      Where an individual has requested for YARDMILL not to use or disclose their personal information for the purpose of direct marketing, or for the purpose of facilitating direct marketing by other organisations, YARDMILL will give effect to any such request by an individual within a reasonable period of time and without cost to the individual.

      YARDMILL will, on request, notify an individual of its source of the individual’s personal information that it has used or disclosed for the purpose of direct marketing unless this is unreasonable or impracticable to do so

      This does not apply to the extent that the Do Not Call Register Act 2006, the Spam Act 2003 or any other legislation prescribed by the regulations apply.

      APP 8: Cross-Border Disclosure of Personal Information

      YARDMILL will not disclose personal information to a person overseas unless reasonable steps have been taken to ensure that the recipient does not breach the Australian Privacy Principles.

      This does not apply when:

      1. YARDMILL reasonably believes that the recipient is subject to a law or scheme that is
        overall similar to the APP, and the individual can access mechanisms to enforce the
        protection of that law or scheme.
      2. YARDMILL seeks the consent of the individual to disclose the personal information;
        expressly stating that they will not take reasonable steps to ensure the recipient does
        not breach the APP.
      3. The disclosure of information is required/authorised by an Australian law or
        court/tribunal order.
      4. A permitted general situation exists in relation to the disclosure of the information by
        YARDMILL.

      APP 9: Adoption, Use or Disclosure of Government Related Identifiers

      Adoption of Government Related Identifiers

      YARDMILL will not adopt as its own identifier an identifier that has been authorised under Australian law. Examples are an individual’s Medicare or tax file number.

      Use or Disclosure of Government Related Identifiers

      YARDMILL will not use or disclose an identifier unless:

      1. It is to verify the identity of the individual for the purposes of their activities/functions
      2. It is necessary for YARDMILL to fulfil its obligations to an agency or a State/Territory
      3. It is required/authorised by law
      4. A permitted general situation exists in relation to the use/disclosure of the identifier
      5. YARDMILL reasonably believes that the use or disclosure of the identifier is
        reasonably necessary for one or more enforcement related activities conducted by or on behalf of an enforcement body

      Regulations about Adoption, Use or Disclosure

      YARDMILL may use/adopt or disclose a government related identifier of an individual if:

      1. The identifier is prescribed by regulations;
      2. YARDMILL is prescribed by the regulations, or is included in a class of organisations
        prescribed by the regulations;
      3. The adoption, use or disclosure is prescribed by the regulations.

      APP 10: Quality of Personal Information

      YARDMILL will take reasonable steps to ensure that personal data collected, used or disclosed is accurate, up to date and complete.

      APP 11: Security of Personal Information

      YARDMILL will take reasonable steps to protect personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. YARDMILL will also take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under Principle 3.

      APP 12: Access to Personal Information

      Access

      Where YARDMILL holds personal information about an individual, it will provide the individual with access to the information on request.

      Exceptions to access

      YARDMILL is not required to give the individual access to the personal information where:

      1. YARDMILL reasonably believes that giving access would pose a serious threat to the
        life, health or safety of any individual/to public health/public safety;
      2. Giving access would have an unreasonable impact on the privacy of other individuals
      3. The request for access is frivolous or vexatious;
      4. The information relates to existing or anticipated legal proceedings between the entity
        and the individual, and would not be accessible by the process of discovery in those
        proceedings;
      5. Giving access would reveal the intentions of the entity in relation to negotiations with
        that individual, and would prejudice those negotiations;
      6. Giving access would be unlawful;
      7. Denying access is required/authorised by or under Australian Law or a court/tribunal
        order;
      8. YARDMILL has reason to suspect that unlawful activity or serious
        misconduct relating to YARDMILL has been engaged in, and giving access is likely to
        prejudice the taking of appropriate action;
      9. Giving access would be likely to prejudice one or more enforcement related activities
        conduced by/on behalf of an enforcement body;
      10. Giving access would reveal evaluative information generated within the YARDMILL in
        connection with a commercially sensitive decision-making process.

      Dealing with requests for access

      YARDMILL must respond to requests for access to personal information within 30 days of a request by an agency, or within a reasonable time period after the request is made by an organisation.

      Access to information should be given in the manner requested by the individual if it is reasonable and practicable to do so.

      Other means of access

      Where YARDMILL refuses to give access to personal information on a permitted ground or refuses to give access in the manner requested by the individual, YARDMILL must take reasonable steps to give access in a way that meets the needs of the individual and YARDMILL (e.g. deleting personal information for which there is a ground for refusing access and giving the redacted version to the individual, or giving a summary of the requested
      personal information to the individual).

      Access may be given through the use of a mutually agreed intermediary.

      Access Charges

      YARDMILL may impose a charge for giving access to personal information (such as copying costs, postage costs, costs associated with using an intermediary). This charge must not be used to discourage an individual from requesting access to personal information, and cannot be applied to the making of the request.

      Refusal to give access

      Refusals by YARDMILL to give access to personal information will be in writing and will state:

      1. The reasons for the refusal;
      2. The mechanisms available to complain about the refusal;
      3. Any other matter prescribed by the regulations.

      Where YARDMILL has refused access due to evaluative information in connection with a commercially sensitive decision-making process, YARDMILL may include an explanation for the commercially sensitive decision.

      APP 13: Correction of Personal Information

      Correction

      Where YARDMILL or an individual believes that personal information is inaccurate, out of date, incomplete, irrelevant or misleading, YARDMILL will take reasonable steps to correct that information.

      Notification of Correction to Third Parties

      YARDMILL will take reasonable steps to ensure that all third parties privy to personal information have been notified of a correction unless it is unlawful or unreasonable to notify.

      Refusal to Correct Information

      If YARDMILL refuses to correct personal information as requested by the individual, a written notice will be provided that contains:

      1. The reasons for refusal
      2. The mechanisms available to complain about the refusal
      3. Any other matter prescribed by regulations

      Request to Associate a Statement

      Where YARDMILL has refused to correct personal information and the individual has requested for an associated statement that the information is out of date, inaccurate, incomplete, irrelevant or misleading, YARDMILL will take reasonable steps to associate the statement in such a way that will make the statement apparent to users of the information.

      Dealing with Requests

      YARDMILL will respond to requests to associate a statement:

      1. Within 30 days (if request is from an agency)
      2. Within a reasonable period after the request is made

      YARDMILL will not charge an individual for making a request, for correcting information or associating a statement with the personal information.