This document declares the undertakings by Cooke & Hutchinson in relation to its handling of Your Data.
Contents
* Data Collection
* Data Security
* Data Use
* Data Disclosure
* Data Retention and Destruction
* Access by You to Your Personal Data
* Information about Data Handling Practices
* Handling of Enquiries, General Concerns and Complaints
* Enforcement
* Changes to These Privacy Undertakings
* Definitions
Data Collection
Cooke & Hutchinson undertakes to collect Your Data by means that are:
* fair;
* legal; and
* transparent.
If you visit Cooke & Hutchinson’s web-site, your web-browser automatically discloses, and Cooke & Hutchinson’s web-server automatically logs, the following information: the date and time, the IP address from which you issued the request, the type of browser and operating system you are using, the URL of any page that referred you to the page, the URL you requested, and whether your request was successful. This data may or may not be sufficient to identify you.
Any additional data that you provide, e.g. in a web-form, may also be logged. This data may or may not be sufficient to identify you.
Any additional data that your web-browser automatically provides may also be logged. This will be the case, for example, if your browser has previously been requested to store data on your computer in ‘cookies’ and submits them each time you request a web-page within a particular domain (such as Cooke & Hutchinson.com). This data may or may not be sufficient to identify you.
If you disclose personal data to Cooke & Hutchinson in conjunction with an identifier such as your name or your credit-card details, Cooke & Hutchinson will collect Your Data. Moreover, any data that becomes available to Cooke & Hutchinson through any of the means described in the preceding paragraphs may be able to be associated with that identifier, and hence become Your Data.
Subject to the qualifications immediately below, Cooke & Hutchinson undertakes to collect Your Data from you and not from other parties. This undertaking is qualified as follows:
* where Cooke & Hutchinson reasonably considers that the protection of its financial interests requires that it gather YourData from other sources, or from additional sources. This applies in particular where Cooke & Hutchinson has a lending exposure to you, and seeks information about your creditworthiness;
* where Cooke & Hutchinson reasonably considers that its capability to deliver quality services to you will be materially enhanced by gathering YourData from other sources. This applies in particular to consumer profile data.
Where Cooke & Hutchinson collects Your Data from sources other than you, it undertakes:
* to do so only by legal means;
* to do so only with your Consent; and
* to declare to you what sources it uses, and under what circumstances.
Cooke & Hutchinson undertakes to declare the purpose of collection in a manner which is clear and meaningful, and to avoid vague, highly inclusive statements such as ‘to support our operations’.
Data Security
Cooke & Hutchinson undertakes to store Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.
Cooke & Hutchinson undertakes to store Your Data only in jurisdictions where data protections are at least equivalent to those required under the OECD Guidelines.
Cooke & Hutchinson undertakes to transmit Your Data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.
Cooke & Hutchinson undertakes to implement appropriate measures to ensure security of Your Data against inappropriate behaviour by Cooke & Hutchinson’s staff-members and contractors. These include:
* training for staff in relation to privacy;
* access control, to limit access to Your Data to those staff and contractors who have legitimate reasons to access it;
* particularly in the case of sensitive data, audit trails of accesses, including the identities of staff and contractors accessing the data;
* reminders to staff and contractors from time to time about the importance of data privacy, and the consequences of inappropriate behaviour;
* declaration of appropriately strong sanctions that are to be applied in the event of inappropriate behaviour
* clear communication of policies and sanctions; and
* processes to audit, to investigate and to impose sanctions.
Data Use
Use refers to the application of Your Data by any part of Cooke & Hutchinson, or any staff-member or contractor of Cooke & Hutchinson in the course of their work.
Cooke & Hutchinson undertakes to use Your Data only for:
* the purposes for which it was collected;
* such other purposes as are subsequently agreed between Cooke & Hutchinson and You;
* such additional purposes as may be required by law. In these circumstances, Cooke & Hutchinson will take any reasonable steps available to it to communicate to You that the use has occurred, unless it is precluded from doing so by law; and
* such additional purposes as are authorised by law (in particular to protect Cooke & Hutchinson’s interests, e.g. if it believes on reasonable grounds that You have failed to fulfil your undertakings to Cooke & Hutchinson or have committed a breach of the criminal law).
Cooke & Hutchinson undertakes to use YourData only if it has demonstrable relevance to the particular use to which it is being put.
Cooke & Hutchinson undertakes to use YourData in such a manner as to take into account the possibility that it is not of sufficient quality for the purpose, e.g. because it is inaccurate, out-of-date, incomplete, or out-of-context.
Data Disclosure
Disclosure refers to making YourData available to any party other than Cooke & Hutchinson and You. The term disclosure may include many different conditions of data transfer, including selling, renting, trading, sharing and giving.
Cooke & Hutchinson undertakes to disclose Your Data only under the following circumstances:
* in the course of business being conducted between You and Cooke & Hutchinson, where disclosure is necessary to a contractor, such as a transport company. Where Your Data is disclosed in this way, Cooke & Hutchinson undertakes to exercise control over Cooke & Hutchinson’s contractors to ensure that their actions are compliant with these Terms;
* in other circumstances that are directly implied by the purpose agreed between You and Cooke & Hutchinson at the time of data collection or subsequently. Where Your Data is disclosed in this way, Cooke & Hutchinson undertakes to exercise control over Cooke & Hutchinson’s contractors to ensure that their actions are compliant with these Terms;
* with your consent, or at your request;
* where required by law, such as a provision of a statute, or a court order such as a search warrant or sub poena. In these circumstances, Cooke & Hutchinson will take any reasonable steps available to it to communicate to You that the disclosure has occurred, unless it is precluded from doing so by law;
* where permitted by law (e.g. the reporting of suspected breach of the criminal law to a law enforcement agency; and in an emergency, where Cooke & Hutchinson believes on reasonable grounds that the disclosure of YourData will materially assist in the protection of the life of health of some person), provided that Cooke & Hutchinson will apply due diligence to ensure that the exercise of the permission is justifiable.
In all cases, Cooke & Hutchinson undertakes to disclose only such of Your Data as is necessary in the particular circumstances.
Data Retention and Destruction
Subject to the qualifications immediately below, Cooke & Hutchinson undertakes:
* to retain Your Data only as long as is consistent with its purpose; and
* to destroy Your Data when its purpose has expired, and to do so in such a manner that Your Data is not subsequently capable of being recovered.
This undertaking is qualified as follows:
* Your Data may be retained in Cooke & Hutchinson’s logs, backups and audit trails within short-term retention cycles that are devised to protect the company’s operations. In such cases, Your Data will be destroyed in accordance with those cycles;
* Your Data may be retained beyond the expiry of its purpose if that is required by law, such as a provision of a statute, or a court order such as a search warrant or sub poena, or a warning by a law enforcement agency that delivery of a court order is imminent. In these circumstances, Cooke & Hutchinson:
o will take any reasonable steps available to it to communicate to You that Your Data is being retained, unless it is precluded from doing so by law; and
o will only retain Your Data while that provision is current, and will then destroy Your Data;
* Your Data may be retained beyond the expiry of its purpose if it is authorised by law (in particular to protect Cooke & Hutchinson’s interests, e.g. if it believes on reasonable grounds that You have failed to fulfil your undertakings to Cooke & Hutchinson or have committed a breach of the criminal law). In these circumstances, Cooke & Hutchinson will only retain Your Data while that situation is current, and will then destroy Your Data.
Access by You to Your Personal Data
Cooke & Hutchinson undertakes to provide you with access to Your Data, subject to only such conditions and processes as are reasonable in the circumstances. In particular, Cooke & Hutchinson undertakes to enable access:
* conveniently;
* without unreasonable delay; and
* without cost.
Cooke & Hutchinson undertakes to establish and operate identity authentication protections for access to Your Data that are appropriate to its sensitivity, but practical. This may involve some inconvenience; for example, relatively straightforward procedures may be involved in order to provide you with access through a channel that you have previously registered with Cooke & Hutchinson (such as a particular email-address), but may impose more onerous procedures if you wish to use some other channel.
In the event that you dispute some aspect of Your Data, Cooke & Hutchinson undertakes to take reasonable steps in relation to the amendment, supplementation or deletion of Your Data.
You undertake:
* not to seek access for frivolous purposes, or unreasonably frequently;
* to accept that deletion of some data may not be consistent with the provision of particular services by Cooke & Hutchinson to you.
Information about Data-Handling Practices
Cooke & Hutchinson undertakes to make information available to you about the manner in which Cooke & Hutchinson handles your data:
* in general terms, in a readily accessible manner; and
* in more specific terms, on request.
Where Your Data is disclosed to a contractor, Cooke & Hutchinson undertakes to make information available to you on request about the manner in which Cooke & Hutchinson’s contractors handle your data.
Cooke & Hutchinson undertakes to ensure that the information provided is meaningful, and addresses your concerns.
You undertake:
* not to seek such information for frivolous purposes, or unreasonably frequently; and
* to accept that the disclosure of excessive detail may harm the security of Your Data and Cooke & Hutchinson’s business processes, and may harm Cooke & Hutchinson’s commercial interests.
Handling of Enquiries, General Concerns and Complaints
If you have enquiries, general concerns, or complaints about these Terms, or about Cooke & Hutchinson’s behaviour in relation to these Terms, you undertake:
* to communicate them in the first instance:
o to Cooke & Hutchinson only;
o in sufficient detail;
o through a channel made available by Cooke & Hutchinson for that purpose;
Cooke & Hutchinson undertakes:
* to provide one or more channels for communications to Cooke & Hutchinson, which are convenient to users;
* to promptly provide acknowledgement of the receipt of communications, including the provision of a copy of the communication, the date and time it was registered, and Cooke & Hutchinson’s reference-code for the communication;
* to promptly provide a response to the communication, in an appropriate and meaningful manner.
You further undertake to not pursue Cooke & Hutchinson through any Regulator or the media:
* until and unless Cooke & Hutchinson has had a reasonable opportunity to respond to the initial communication; and
* while Cooke & Hutchinson and you remain are conducting a meaningful dialogue about the matter.
Enforcement
Cooke & Hutchinson declares that its undertakings in these Terms are intended to create legal obligations, and that those obligations are intended to be enforceable under appropriate laws in appropriate jurisdictions. These include laws relating to data protection, privacy, fair trading, corporations and criminal laws.
You undertake to seek enforcement only in a jurisdiction that is relevant to the transactions that have taken place between You and Cooke & Hutchinson, in particular the jurisdiction in which you live or in which you performed the relevant acts, and the jurisdiction in which Cooke & Hutchinson is domiciled or performed the relevant acts.
If you wish to discover the relevant laws in any particular jurisdiction, Cooke & Hutchinson draws your attention to the following resources:
* WorldLII Privacy Links
* Compilation of [U.S.] State and Federal Privacy Laws, Privacy Journal, Providence RI
* Privacy Law Sourcebook 2004, EPIC, Washington DC
* the Australian Privacy Foundation’s pages:
o International Instruments Relating to Privacy Law
o Privacy Laws of Countries of the World
o Privacy Laws of the Commonwealth of Australia
o Privacy Laws of the States and Territories of Australia
* Privacy International
Changes to These Privacy Undertakings
Cooke & Hutchinson undertakes:
* not to materially change these Terms in a manner that reduces the protections for Your Data;
* to take all possible steps to prevent any company that acquires this company or any of its relevant assets from materially changing the Terms applicable to Your Data in a manner that reduces the protections for Your Data;
* where it is considering making changes to these Terms, or creating more specific Terms relating to specific services, to consult with appropriate representative and advocacy organisations;
* where it makes changes to these Terms, to ensure that the differences between successive versions are readily accessible;
* to maintain all prior versions of these Terms in such a manner that they are dated, and readily accessible.
Definitions
Your Data means data that is capable of being associated with you, whether or not it includes an explicit identifier such as your name or customer number. In particular, it encompasses all data that Cooke & Hutchinson is capable of correlating with you, using such means as server-logs and cookie-contents.
Your Data does not refer to data that can no longer be associated with you. This includes aggregated data that does not and cannot identify the individuals whose data are included in the aggregation.
Consent means your concurrence with an action to be taken by Cooke & Hutchinson. Consent may be express or implicit, but in either case must be informed and freely-given.