At I Know IT Pty Ltd t/as Benchmark 365, we take privacy seriously. Please read this Policy carefully as it will help you make informed decisions about sharing your personal information with us. The defined terms in this Policy have the same meaning as in our Terms of Use, which you should read together with this Policy. By accessing Our Services, you consent to the terms of this Policy and agree to be bound by it and our Terms of Use.

Benchmark 365 collects your personal information

Benchmark 365 provides organisations with managed services, IT support, project services, software solutions and sales and marketing support. (‘Service”)

The Service may involve the use and storage of Data about a company or individual. That Data can include personal information which is information about an identifiable individual, and may include the individual’s name, email address, job description and telephone numbers.

Benchmark 365 may collect personal information directly from you when you:

  • register to use the Service,
  • use the Service,
  • contact the Benchmark 365 support team, and
  • visit our Website.

You can always choose not to provide your personal information to Benchmark 365, but it may mean that we are unable to provide you with some or all the Service.

Benchmark 365 may receive personal information from you about others

Through your use of the Service, Benchmark 365 may also collect information from you about someone else. If you disclose personal information about someone else, you must ensure that you are authorised to disclose that information to Benchmark 365 and that, without Benchmark 365 taking any further steps required by applicable data protection or privacy laws, Benchmark 365 may collect, use and disclose such information for the purposes described in this Policy.

This means that you must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their personal information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Benchmark 365’s identity, and how to contact Benchmark 365.

Where requested to do so by Benchmark 365, you must also assist Benchmark 365 with any requests by the individual to access or update the personal information you have collected from them and entered into the Service.

Benchmark 365 collects, holds, and uses your personal information for limited purposes

Benchmark 365 collects your personal information so that we can provide you with the Service and any related services you may request. In doing so, Benchmark 365 may use the personal information we have collected from you for purposes related to the Services including to:

  • verify your identity,
  • administer the Service,
  • engage third parties who are required to assist in administration of the Service;
  • communicate with related service providers
  • notify you of new or changed services offered in relation to the Service,
  • carry out marketing or training relating to the Service,
  • assist with the resolution of technical support issues or other issues relating to the Service,
  • comply with laws and regulations in applicable jurisdictions,
  • possibly provide to potential buyers of or investors in our business (subject to express confidentiality and privacy conditions); and
  • communicate with you;

By using the Service, you consent to your personal information being collected, held and used in this way and for any other use you authorize. Benchmark 365 will only use your personal information for the purposes described in this Policy or otherwise with your express permission.

It is your responsibility to keep your password to the Service safe. You should notify us as soon as possible if you become aware of any misuse of your password, and immediately change your password within the Service or via the Forgotten Password process.

Benchmark 365 can aggregate your non-personally identifiable data

By using the Service, you agree that Benchmark 365 can access, aggregate and use non-personally identifiable data Benchmark 365 has collected from you. This data will in no way identify you or any other individual.

Benchmark 365 may use this aggregated non-personally identifiable data to:

  • assist us to better understand how our clients are using the Service,
  • provide our clients with further information regarding the uses and benefits of the Service, otherwise to
  • improve the Service.

Benchmark 365 holds your personal information on servers.

All Data, including personal and non-personal information, that is entered into the Service by you, or automatically imported on your instruction, is transferred to Benchmark 365’s servers as a function of transmission across the Internet. By using the Service, you consent to your personal information being transferred to our servers as set out in this Policy.

Cross Border

The third parties who host our servers do not control, and are not permitted to access or use your personal information except for the limited purpose of storing the information. For the purposes of Australian privacy legislation and Australian users of the Service, information that we collect may from time to time be stored, processed in or transferred between parties located in countries outside of Australia. This may include, but is not limited to, the Philippines. We may use Saas, cloud computing, servers or other technologies from time to time in the future and your information may be stored outside Australia. We will not disclose personal information to a recipient in a foreign country unless we are satisfied that the local laws are equal to or more stringent than the Australian Privacy laws, or we have a contractual arrangement that ensures that the recipient shall comply with the Australian Privacy Laws

Benchmark 365 takes steps to protect your personal information

Benchmark 365 is committed to protecting the security of your personal information and we take all reasonable precautions to protect it from unauthorised access, modification or disclosure. your personal information is stored on secure servers that have SSL Certificates issued by leading certificate authorities, and all Data transferred between you and the Service is encrypted. you can request further details about our security measures.

However, the Internet is not in itself a secure environment and we cannot give an absolute assurance that your information will be secure at all times. Transmission of personal information over the Internet is at your own risk and you should only enter, or instruct the entering of, personal information to the Service within a secure environment.

We will advise you at the first reasonable opportunity upon discovering or being advised of a security breach where your personal information is lost, stolen, accessed, used, disclosed, copied, modified, or disposed of by any unauthorized persons or in any unauthorized manner.

Benchmark 365 only discloses your Personal Information in limited circumstances

Benchmark 365 will only disclose the personal information you have provided to us to entities that are related to Benchmark 365 if it is necessary and appropriate to facilitate the purpose for which your personal information was collected pursuant to this Policy, including the provision of the Service.

Benchmark 365 will not otherwise disclose your personal information to a third party unless you have provided your express consent. However, you should be aware that Benchmark 365 may be required to disclose your personal information without your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law. Where possible and appropriate, we will notify you if we are required by law to disclose

Your personal payment information.

If you are required to pay for the Service and choose to pay for the Service by credit card, your credit card details are not stored by the Service and cannot be accessed by Benchmark 365 staff.

Direct Marketing

We never disclose personal information that we collect to a third party for the purpose of allowing them to direct market their products and services unless you have given us your permission for us to do this. We may disclose personal information within our group of companies for the purpose of direct marketing.

By accepting our services you expressly permit us to use your personal information for our direct marketing purposes and the purposes expressly set out in this policy. You consent to our use of your information to issue product and professional mail outs by email, fax, social media or letters and undertaking other marketing or service based activities. You may opt out of any direct marketing service at any time.

You may request access to your personal information

It is your responsibility to ensure that the personal information you provide to us is accurate, complete and up-to-date. You may request access to the information we hold about you, or request that we update or correct any personal information we hold about you, by setting out your request in writing and sending it to us at team@benchmark365.com

Benchmark 365 will process your request as soon as reasonably practicable, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet your request, we will let you know why. For example, it may be necessary for us to deny your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process your request in the manner you have requested. In some circumstances, it may be necessary for us to seek to arrange access to your personal information through a mutually agreed intermediary.

We’ll only keep your personal information for as long as we require it for the purposes of providing you with the Service. However, we may also be required to keep some of your personal information for specified periods of time, for example under certain laws relating to corporations, money laundering, and financial reporting legislation.

When can access be denied?

Access will be denied if:

the request does not relate to the personal information of the person making the request;

  • providing access would pose a serious and imminent threat to the life or health of a person;
  • providing access would create an unreasonable impact on the privacy of others;
  • the request is frivolous or vexatious;
  • the request relates to existing or anticipated legal proceedings;
  • the information is subject to legal professional privilege;
  • providing access would prejudice negotiations with the individual making the request;
  • access would be unlawful;
  • denial of access is authorised or required by law;
  • access would prejudice law enforcement activities;
  • access discloses ‘commercially sensitive’ decision making processes or information;
  • or any other reason that is provided for in the Privacy Principles or the Privacy Act 1988 (Cth).

If we deny access to information we will give you our reasons for denying access.

Benchmark 365 uses cookies

In providing the Service, Benchmark 365 ,may utilise “cookies”. A cookie is a small text file that is stored on your computer for record-keeping purposes. A cookie does not identify you personally or contain any other information about you but it does identify your computer.

We and some of our affiliates and third-party service providers may use a combination of “persistent cookies” (cookies that remain on your hard drive for an extended period of time) and “session ID cookies” (cookies that expire when you close your browser) on the Website to, for example, track overall site usage, and track and report on your use and interaction with ad impressions and ad services.

You can set your browser to notify you when you receive a cookie so that you will have an opportunity to either accept or reject it in each instance. However, you should note that refusing cookies may have a negative impact on the functionality and usability of the Website.

You can opt-out of any email communications

Benchmark 365 may send billing information, product information, Service updates and Service notifications to you via email. Our emails will contain clear and obvious instructions describing how you can choose to be removed from any mailing list not essential to the Service. Benchmark 365 will remove you at your request.

You are responsible for transfer of your data to third-party applications

The Service may allow you to transfer Data, including your personal information, electronically to and from third-party applications. Benchmark 365 has no control over, and takes no responsibility for, the privacy practices or content of these applications. You are responsible for checking the privacy policy of any such applications so that you can be informed of how they will handle personal information.

Benchmark 365 has a privacy complaints process

If you wish to complain about how we have handled your personal information, please provide our Technology Manager with full details of your complaint and any supporting documentation by e-mail at team@benchmark365.com

Our Privacy and Data Protection Officer will endeavour to:

  • provide an initial response to your query or complaint within 10 business days, and
  • investigate and attempt to resolve your query or complaint within 30 business days or such longer period as is necessary and notified to you.

Please refer to our GDPR Statement which is available on our below.

Mandatory Data Breach

Benchmark 365 is aware of and shall comply with the Mandatory Data Breach reporting obligations as set out in the Privacy Act.

This policy may be updated from time to time

Benchmark 365 reserves the right to change this Policy at any time, and any amended Policy is effective upon posting to this Website. Benchmark 365 will communicate any significant changes to you via email or notification via the Service. Your continued use of the Service will be deemed acceptance of any amended Policy.

Additional Information

Additional information on the Australian Privacy Principles can be obtained from http://www.oaic.gov.au/

 

Background to statement

On the 25th May 2018, the EU General Data Protection Regulation (GDPR) came into force, replacing the existing 1995 EU Data Protection Directive (European Directive 95/46/EC). The GDPR brings with it the most significant changes to data protection law in the EU in two decades. Importantly, the GDPR is intended to have extra territorial application and may be applicable to Australian businesses.

Australian businesses must comply with the GDPR where it processes (meaning it collects, uses and discloses) personal data of individuals and either has an office in the EU, or has processing activities which are related to offering goods and services to, or monitoring the behaviour of, an individual in the EU.

Benchmark 365’s Commitment

I Know IT Pty Ltd (ACN 33 110 231 528) (‘Benchmark 365’ or ‘we’ or ‘us’ or ‘our’) is a managed service provider providing IP support, project services, software solutions and sales and marketing support. It is likely that we are not legally compelled to be compliant with the GDPR, but we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles.

We are dedicated to developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new GDPR as well as the existing data protection laws that we must comply with – the Privacy Act and the Australian Privacy Principles.

Our preparation and objectives involve implementing procedures consistent with the GDPR. They have been summarised in this statement and include the development and implementation of data protection roles, policies, procedures, controls and measures.

Benchmark 365’s steps towards compliance with GDPR

In addition to, and in most cases consistent with, our pre-existing compliance with Australian data protection laws and regulations, we have done, and endeavor to do continually implement and enforce programs on:

  • Information Audits
  • Updating Policies & Procedures
  • Data Protection generally
  • Data Retention & Erasure & de-identification
  • Data Breaches
  • International Data Transfers & Third-Party Disclosures
  • Subject Access Requests (SAR)
  • Direct Marketing
  • How and when we do Data Protection Impact Assessments (DPIA)
  • What Processor Agreements we have in place and their termsHow we deal with Special Categories Data

Data Subject Rights

In addition to the policies and procedures mentioned above, we understand your right to access any personal information that Benchmark 365 processes about them and to request information about: –

  • The personal data we hold;
  • How we sourced that personal data;
  • Why we need that personal data;
  • What we use the personal data for;
  • All recipients to whom the personal data may/has been/will be disclosed;
  • How we store your personal data.

Benchmark 365 will also honour (even if not legally completed to do so), at all times, the following rights that all individual have been granted under the GDPR:

  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this.
  • This is already a right under the Privacy Act in Australia.
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances.

Information Security & Technical and Organisational Measures

Benchmark 365 takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process.

We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including: –

  • Two factor authentication on all external services
  • Server and workstation Encryption
  • Record Segregation with Targeted Security Model
  • Data Loss Prevention via Inspection of all Data Motion
  • Continuous Staff Security Training
  • Fake Phishing Campaigns to Test Employee Awareness
  • Track and Report Employee Actions
  • Routine Record Scrubbing to Remove Personalised Information

GDPR Roles and Employees

Benchmark 365 have designated Adam Tyler as our Privacy and Data Protection Officer
We understand that continuous employee awareness and understanding is vital to the continued compliance with privacy laws

If you have any questions please contact the Privacy and Data Protection Officer.