Last updated February 2018.
Stellar is committed to providing the highest level of service to its shareholders, employees, clients and its client’s customers. Stellar understands the importance of protecting and maintaining the privacy, security and accuracy of personal information it collects and/or uses in the course of conducting its business and related services.
In managing its business and providing Business Process Outsourced (BPO) services to its clients (public agencies and/or private organisations), Stellar’s compliance when handling personal information includes:
- Ensuring its own compliance with privacy requirements where personal information is provided directly to Stellar for its own business and administration purposes;
- Ensuring that Stellar meets the privacy requirements as specified by its clients when handling personal information on their behalf; and
- Working in partnership with Stellar’s clients and suppliers to ensure there is agreement on how we will collectively meet our respective privacy obligations, where handling and use of personal information overlap.
Providing your Personal Information on Stellar’s websites
Where you provide your personal information directly via this website you acknowledge and accept that:
- Stellar may transfer your personal information to its related organisations overseas that includes the Philippines and the United States of America.
- Stellar’s website also provides links to third party websites. Where you provide your personal information directly to these third party organisations the use of your personal information by them is not within Stellar’s control and therefore we cannot accept responsibility regarding the use of your personal information by these organisations. It is recommended that you review the privacy policies of these organisations prior to providing your personal information.
2. Management of Personal Information
Collection of Personal Information
Purpose for Collection of Personal Information
Stellar primarily collects personal information from its clients and their customers when a product or service is used or requested (in the form of an email, telephone conversation, call recording, in writing, chatlog, or in person).
Client privacy policies should also be referenced separately regarding personal information management for these client services and should in most circumstances be available publically on that client’s website, or from their privacy officer.
Stellar may collect personal information directly for its own business purposes i.e. if you are providing goods or services directly to Stellar or, if you apply for employment. Note, if all necessary personal information is not provided, Stellar may be unable to process a request or provide the services you require.
Types of Personal Information Collected
Personal information collected and held by Stellar may include details such as name; date of birth; physical and or postal address; contact details (in the form of telephone numbers, fax numbers and email addresses); employment and education history; bank account or credit card details.
Stellar may also collect anonymous information regarding visitors to its websites. This may include IP address, previous sites visited, internet provider location and date and time of the visit.
3. Use or Disclosure of Personal Information
How is personal information collected and disclosed?
Whether for Stellar or on behalf of its clients Stellar’s usual practice is to collect personal information directly from the individual or their authorised representative. Stellar may collect personal information from a third party or a publicly available source such as list purchases, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way.
Stellar only collects personal information for purposes which are directly related to its business functions or activities in the course of conducting the BPO services, and only when it is necessary for or directly related to such purposes. The personal information will be collected in a non-intrusive manner, by fair and lawful means and in accordance with relevant regulatory guidelines and industry codes.
Dependant on the purpose for the collection of personal information by Stellar, this may be disclosed to third parties as applicable considering the nature of services our organisation provides which may include:
- Stellar’s clients and their related organisations where required for specific business purposes;
- Stellar’s suppliers and business partners (such as consultants, technology infrastructure and support and maintenance service providers);
- Stellar’s related organisations (within the Philippines and the United States of America); or
- Government organisations as required by law (for instance taxation or audit purposes, Office of the Australian Information Commissioner (OAIC) and other regulatory bodies as required).
For instances where this personal information is used, held in or disclosed to a location outside of Australia, Stellar will take all reasonable steps to ensure that this personal information is managed in line with the Australian privacy law.
For prospective Stellar employees, personal information collected may be transferred to our related organisation in the Philippines for the purposes of processing the application and stored on servers located in Australia and the Philippines. Prospective employees agree by submitting an application that their personal information may be transferred and stored offshore for processing.
For prospective Stellar clients or suppliers, personal information collected may be transferred to our related organisation in the Philippines for the purposes of categorising or processing requests and stored on servers located in Australia, the Philippines and the United States of America.
When conducting BPO services on behalf of its clients, Stellar will work in partnership with those clients to take reasonable steps to recommend required disclosures are made to the individual from whom personal information is collected.
4. Dealing with personal information
Use of personal information
Stellar will only use or disclose personal information for the purpose it was collected (or secondary purposes as permitted by privacy law). Stellar will only transfer personal information to a recipient in a foreign jurisdiction in circumstances where the personal information will have appropriate privacy protection in accordance with Australian privacy law and the individual has consented to the transfer.
Stellar will not adopt as its own customer identifier an identifier that has been assigned by a Commonwealth government agency or a service provider of an agency.
Consideration of personal information privacy
Stellar will only ask for personal information where this is required to complete a business function. Whenever it is lawful, practicable and (where business is conducted on behalf of our clients) within client service specifications, individuals will have the option of interacting anonymously when dealing with Stellar.
In some instances if all necessary personal information is not provided, Stellar may be unable to process a request or provide the services required.
Stellar’s personal information collection activities are predominantly driven by specific client requirements and as such quality and retention periods will be client specific (or government mandated if considered to be an Australian Commonwealth record).
5. Storage and Security of your personal information
Stellar takes reasonable precautions to protect personal information held from misuse, loss, theft, as well as against unauthorised access, modification or disclosure, alteration and destruction. In addition to electronic data protection through password access, data back-up and firewalls) these measures include:
- administrative processes;
- technical safeguards; and
- physical infrastructure and site security
Stellar has comprehensive security policies and procedures in place to ensure the protection of personal information held by both Stellar and our clients.
As part of Stellar’s commitment to continuous process improvement process regular audits will be undertaken to ensure that these security practices are adhered to and remain current.
What do we do with personal information when it is no longer needed?
Stellar retains information where required in line with its retention policies, however where personal information is no longer required for the purposes for which it was collected, or if the law no longer requires us to retain it Stellar takes all reasonable steps to securely destroy or otherwise de-identify the personal information.
6. Requesting Access to and Correction of Personal Information
Stellar takes all reasonable precautions to ensure that the personal information it collects, uses and discloses is accurate, complete and up-to-date. However, the accuracy of that information depends largely on the personal information received from the discloser. Stellar recommends that if you have disclosed personal information that subsequently contains errors, or otherwise requires change that you advise Stellar accordingly.
Should you request access to/or correction of personal information you will be asked to verify your identity, specify what information you require access to and in some instances the reason for your request in order to provide you the most relevant information (although you are under no obligation to provide a reason for your request). You will be given a reasonable chance to correct your personal information that is not accurate, complete and up to date.
Stellar expects to respond to requests for access to personal information within a reasonable period after the request is made, but no later than thirty (30) calendar days from the date of receipt of the written request. Stellar may charge a fee for any reasonable costs incurred in providing access to personal information.
For requests regarding access and correction of personal information held in connection a client service, this verification will be supplemented by client process and policies regarding such.
In certain circumstances, Stellar or its clients may not be required by law to allow access to or correction of personal information and reasons will be provided in writing if this is the case.
7. Privacy Breach and Complaint Management
Training and privacy education
Complaint handling process regarding possible breach of privacy
Your complaint must be in writing and should outline the reasons you suspect there has been a breach of privacy. After investigation of your complaint Stellar’s Privacy Officer will contact you with regards to resolving that complaint.
If a resolution cannot be reached, or you are not satisfied with the resolution of your complaint, you have the right to contact the Office of the Australian Information Commissioner (OAIC) who may investigate your complaint. For more information on how to contact the OAIC visit their website at http://www.oaic.gov.au/.
Where you have reason to be believe that there has been a potential breach of privacy law in relation to how your personal information has been managed on a Stellar managed client service you are encouraged to raise that with Stellar’s client directly.
Notifiable Data Breaches (NDB scheme)
The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 by the Australian Federal Parliament established a Notifiable Data Breaches (NDB) scheme, amending the Privacy Act 1988.
The NDB scheme requires entities (as defined under the Privacy Act) to notify any individuals ‘likely to be at risk of serious harm’ as result of an ‘eligible data breach’.
In response Stellar has developed a Notifiable Data Breach process in order to respond to any actual, or suspected eligible data breach. The purpose of this process is to ensure that any actual or suspected eligible data breach is investigated and addressed without undue delay and to prevent or ameliorate potential adverse outcomes for those who are the subject of the eligible data breach.
As a BPO service provider any data breach is more likely to arise within a given service that Stellar provides on behalf of a client. Stellar’s clients will have their own NDB process in place in response to an eligible data breach. Notwithstanding such Stellar’s process will be enacted simultaneously to ensure any suspected data breach is addressed without undue delay.