Updated MAY 2021
The following policy outlines how B2Buy handles your personal information.
We understand that policies might not be the most exciting documents to read and that they can be quite lengthy so we have provided column B as a short summation of column A, though column B is not legally binding and will not be used as an aid in interpretation of Column A. To the extent there is any inconsistency between the columns, column A will prevail.
By using our website, you acknowledge you have read, understood, and agree to this policy.
B2Buy Pty Ltd, ABN: 57 636 191 485 (“B2Buy, we, us, our”) is committed to protecting the privacy of our clients, contractors and suppliers (“you”) and complying with the Australian Privacy Principles set out in the Privacy Act 1989 (Cth) (“Act”), the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and where applicable, State and Territory legislation in relation to health information.
This is just informing you of the purpose of this policy and who we are.
The purpose of this policy is to protect the privacy of our clients, contractors and suppliers and make sure we are compliant with the relevant legislations.
Personal information – means information or opinion about an identified individual, or an individual who is reasonably identifiable.
Sensitive information – includes information about an individual’s health, genetics, race, political opinion or membership, religion, philosophical beliefs, union membership, sexual preference and criminal record.
Service – we provide our services for a range of clients. Our service includes, but is not limited to:
- Providing an online e-commerce platform to facilitate sales between our clients and our suppliers; and
- Any related services.
We use various terms in this policy, this is to give you an understanding of what those terms mean.
Always refer back to this section if you are unsure on what the term means.
3. Sharing of your personal information
We may occasionally hire other companies to provide services on our behalf, including but not limited to handling customer support enquiries or processing transactions. Those companies will be permitted to obtain only the personal information they need in order to deliver the service. B2Buy takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
We may also use and disclose your personal information:
- To provide the Services to you and determine which of our Services is best suited to your needs;
- For marketing purposes, to improve our service and to notify you of opportunities that we think you might be interested in;
- To credit reporting agencies and to courts, tribunals, regulatory authorities where you have failed to pay for Services provided by us; and
- When required by law.
In providing B2Buy your personal information, you consent to this disclosure.
There are instances where we may have to hire other companies to assist us in providing the Services, if we do, we will require them to be bound by their confidentiality and privacy obligations.
We may disclose your personal information:
- To provide you the services;
- For marketing purposes;
- To credit reporting agencies; and
- When required by law.
You consent to this disclosure.
4. Protecting your information
We will hold your personal information and sensitive information in either our electronic databases, cloud based applications, in house severs or in our physical files. We will use a range of IT and physical security systems to protect your personal information.
A “data breach” occurs if the personal information held by us is lost or subjected to unauthorised access or disclosure.
If there is a breach, our first response will be to contain a suspected or known breach as quickly as possible. This will include taking immediate steps to limit any further instances of access to or distribution of the personal information.
If the breach may result in serious harm, then we will conduct an assessment process, this will include whether remedial action is possible. The assessment process will include:
- Initiate – to plan the assessment and assign a team or person;
- Investigate – to gather the relevant information about the incident and determine what has occurred; and
- Evaluate – make an evidence- based decision about whether it is likely that the breach will result in serious harm.
This will be documented and assessment will be conducted within 30 days.
If the breach will likely result in serious harm, under the Notifiable Data Breaches Scheme you will be notified and it will include recommendations about the steps you may take in response to the breach. We will also notify the Australian Information Commissioner.
This explains how we hold your personal and sensitive information - either through our electronic database, cloud application or in our physical files.
If there is a data breach that may result in serious harm, our first response is to contain it as quickly as possible and then we would initiate our assessment process.
If the breach will likely result in serious harm, we will notify you.
We will take reasonable steps to protect your personal information, but there are instances where it will be out of our control.
If there is unauthorised access that is out of our control, we will not be liable if your personal information has been disclosed.
Your personal information may be collected through cookies on our website.
We might change our policy from time to time. If we do, it will be updated on our website.
Make sure to check our website and this policy regularly in case there are amendments.
8. Accessing Your Personal Information
You have a right to access your personal information, subject to exceptions allowed by law. If you would like to do so, please contact us. You may be required to put your request in writing for security reasons. B2Buy reserves the right to charge a fee for searching for, and providing access to, your information on a per request basis. We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Act.
If you want to access your personal information, feel free to contact us in writing. There may be instances that we are not allowed to give you your personal information under the law but we would let you know.
If we need to incur expenses to obtain your personal information, we may charge you a fee.
9. Contacting us
If you have any questions or comments, feel free to contact us with the contact details listed.