1. These words and phrases have defined meanings;
this Policy, and any amendments from time to time;
Personal and Sensitive Data
means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymized data.
for the provision of counseling services;
Collectively all information that you submit to Beamever via the Website. This definition incorporates, where applicable, the definitions provided in under the Privacy and Data Protection Act 2014 (Vic), and the Health Records Act 2001 ;
BeamEver, or us, our, we
Beamever, or any affiliated parties, subsidiaries or holding or any group of companies;
The Privacy and Data Protection Act 2014 (Vic);
User or You
any third party that accesses the Website and is not either (i) engaged as a customer and accessing the Website in connection with the purchase of such products or services; and
2. The legal basis for processing data shall be in accordance with:
consent for us to process their personal data for a specific purpose;
the processing is necessary for the Permitted Purpose;
the processing is necessary for us to comply with the Privacy Act and the Privacy Act (not including contractual obligations).
the processing is necessary for us to share personal data, but the individual is incapable of giving consent to the processing
the processing is necessary for us to share personal data where it is considered to be reasonably expected and which will have minimal privacy impact, or where there is a compelling justification for the processing
3. All data within our control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates. In compliance with Division 3 of the Privacy Act, personal data shall be:
(a) use the same degree of care to protect the Personal and Sensitive Data as it uses to protect its own confidential information, being at least a reasonable degree of care.
(b) processed lawfully, fairly and in a transparent manner in relation to individuals;
(c) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
(d) adequate, relevant and limited to what is necessary for relation to the purposes for which they are processed;
(e) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(f) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures required by the Privacy Act in order to safeguard the rights and freedoms of individuals; and
4. Beamever may disclose Personal and Sensitive Data to its employees, professional advisers, agents and sub-contractors (each a "Permitted Disclosee") provided that the Permitted Disclosee (i) has a need to have access to the Personal and Sensitive Data for the performance of its work in relation to the Permitted Purpose and (ii) is bound by a written Policy or professional obligation to protect the confidentiality of the Personal and Sensitive Data which it receives from you.
5. In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.
6. The security of data shall be achieved through the implementation of proportionate physical and technical measures. Nominated staff shall be responsible for the effectiveness of the controls implemented and reporting of their performance.
7. The security arrangements of Beamever with which data is shared shall also be considered and where required shall provide evidence of the competence in the security of shared data.
8. Beamever shall take the security and privacy of your data seriously. We need to gather and use information about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the Privacy Act; in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.
9. This policy explains how Beamever will hold and process your information. It explains your rights as a data subject. It also explains your obligations when obtaining, handling, processing or storing personal data in the course of working for, or on behalf of, Beamever.
10. All Personal and Sensitive data will:
(a) be collected and processed only for specified, explicit and legitimate purposes;
(b) be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
(c) be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
(d) not be kept for longer than is necessary for the purposes for which it is processed; and
(e) be processed securely.
11. Sometimes we might share your personal data with employees, or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests. If deemed necessary, we will complete a Privacy Impact Assessment (PIA) form before sharing such information.
12. We require affiliated parties to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
13. You hereby warrant to Beamever that it has the legal right and authority to acknowledge and accept the terms and conditions set out under this Policy.
14. You have the right to information about what personal data we process, how and on what basis as set out in this policy.
15. You have the right to access your own personal data by way of a subject access request (see above).
16. You can correct any inaccuracies in your personal data. By contacting an authorized representative of Beamever.
17. You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact us.
18. While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
19. You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
20. You have the right to object if we process your personal data for the purposes of direct marketing.
21. You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
22. With some exceptions, you have the right not to be subjected to automated decision-making.
23. You have the right to be notified of a data security breach concerning your personal data.
24. In most situations, we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact us.
25. You hereby warrant to Beamever that it has the legal right and authority to acknowledge and accept the terms and conditions set out under this Policy.
26. Subject to the above, Beamever, nor any of their respective employees, officers, agents, subsidiaries or any other associated third parties associated accepts any responsibility or liability for, or makes any representation or warranty, express or implied, that the Personal and Sensitive Data disclosed by you is accurate or complete.
27. Beamever to this Policy will not be liable for any failure or delay in performing its obligations where such failure or delay results from any cause that is beyond the reasonable control.
Effective as of
Jan 1, 2020