Privacy Policy

PRIVACY POLICY OF THE HMO PROPERTY CO PTY LTD (ACN: 633 039 862) (“the Company”) complies with the Privacy Act 1988 (Cth) (the “Act”) and respects your privacy. The Act requires the Company to provide you with a copy of its privacy policy on request, free of charge. This privacy policy of the Company (“Privacy Policy”) details how the Company manages Personal Information. The Privacy Policy is also available on the Company’s website.

The term “Personal Information” is defined by the Act as “personal information means information or an opinion about an identified individual, or you who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.”


1. Open and Transparent Management of Personal Information

1.1. The Company manages personal information in an open and transparent way and complies with the Australian Privacy Principles.

1.2. The Company holds Personal Information in hard copy and/or electronic form.

1.3. At or before the time (or, if that is not practicable, as soon as practicable after) when the Company collects Personal Information about you from you, the Company will take reasonable steps to ensure that you are aware of the Company’s identity and how to contact it. The contact details of the Company are as detailed at the end of this Privacy Policy (the “Company Contact Details”).

1.4. The fact that you are able to gain access to your Personal Information, the Company, holds on the Company Contact Details.

1.5. You may access personal information about yourself that is held by the Company and seek the correction of such information.


2. Anonymity and Pseudonymity

2.1. You must have the option of not identifying yourself, or of using a pseudonym, when dealing with the Company in relation to a particular matter.

2.2. Subclause 2.1 does not apply if in relation to that matter the Company is required or authorised by or under an Australian law, or a court/tribunal order, to deal with you who has identified yourself; or it is impracticable for the Company to deal with you who has not identified yourself or who has used a pseudonym.


3. Collection of Solicited Personal Information

3.1. The Company collects Personal Information (other than sensitive information) only if the information is necessary for one or more of its functions or activities.

3.2. The Company does not collect sensitive information about you unless:

a) your consents to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities; or

b) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or

c) a permitted general situation exists in relation to the collection of the information by the Company; or

d) a permitted health situation exists in relation to the collection of the information by the Company.

3.3. The Company collects Personal Information only by lawful and fair means and not in an unreasonably intrusive way.



4. Dealing with Unsolicited Personal Information

4.1. If the Company receives personal information, which the Company did not solicit, the Company must, within a reasonable period after receiving the information, determine whether or not the Company could have collected the information under the previous clause if the Company had solicited the information.

4.2. The Company may use or disclose the personal information for the purposes of making the determination under subclause 4.1.

4.3. If the Company determines that the Company could not have collected the personal information and the information is not contained in a Commonwealth record, the Company must as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

4.4. If subclause 4.3 does not apply in relation to the personal information, the below-detailed clauses 5 to 13 apply in relation to the information as if the Company had collected the information under clause three above.


5. Notification of the Collection of Personal Information

5.1. At or before the time or, if that is not practicable, as soon as practicable after, the Company collects personal information about you, the Company must take such steps (if any) as are reasonable in the circumstances to notify you of such matters referred to in subclause 5.2 as are reasonable in the circumstances; or to otherwise ensure that you are aware of any such matters.

5.2. The matters for the purposes of subclause 5.1 are as follows:

a) the identity and contact details of the Company;

b) if the Company collects the personal information from someone other than you; or you may not be aware that the Company has collected the personal information; the fact that the Company so collects, or has collected the information and the circumstances of that collection;

c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order, the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection);

d) the purposes for which the Company collects the personal information;

e) the main consequences (if any) for you if all or some of the personal information is not collected by the Company;

f) any other entity, body or person, or the types of any other entities, bodies or persons, to which the Company usually discloses personal information of the kind collected by the Company;

g) how you may access the personal information about you that is held by the Company and seek the correction of such information;

h) how you may complain about a breach of the Australian Privacy Principles or a registered code (if any) that binds the Company, and how the Company will deal with such a complaint;

i) whether the Company is likely to disclose the personal information to Overseas Recipients;

j) if the Company is likely to disclose the personal information to Overseas Recipients, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make you aware of them


6. Use or Disclosure of Personal Information

6.1. If the Company holds personal information about you that was collected for a particular purpose (the “Primary Purpose”), the Company must not use or disclose the information for another purpose (the “Secondary Purpose”) unless you have consented to the use or disclosure of the information or subclause 6.2 or 6.3 applies in relation to the use or disclosure of the information.

6.2. This subclause applies in relation to the use or disclosure of personal information about you if:

a) you would reasonably expect the Company to use or disclose the information for the Secondary Purpose and the Secondary Purpose is:

i) if the information is sensitive information, directly related to the Primary Purpose; or

ii) if the information is not sensitive information, related to the Primary Purpose; or

b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

c) a permitted general situation (as stated in section 16A of the Act) exists in relation to the use or disclosure of the information by the Company; or

d) a permitted health situation (as stated in section 16B of the Act) exists in relation to the use or disclosure of the information by the Company; or

e) the Company reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

6.3. If subsection 16B(2) of the Act applies in relation to the collection of the personal information by the Company, the Company must take such steps as are reasonable in the circumstances to ensure that the information is de-identified before the Company discloses it in accordance with subclause 6.1 or 6.2.

6.4. If the Company uses or discloses personal information in accordance with paragraph 6.2(e) above, the Company must make a written note of the use or disclosure.

6.5. If the Company is a body corporate; and the Company collects personal information from a related body corporate; this principle applies as if the Company’s Primary Purpose for the collection of the information were the Primary Purpose for which the related body corporate collected the information.

6.6. This principle does not apply to the use or disclosure by the Company of personal information for the purpose of direct marketing; or government related identifiers.


7. Direct Marketing

7.1. If the Company holds personal information about you, the Company must not use or disclose the information for the purpose of direct marketing.

7.2. Despite subclause 7.1, the Company may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:

a) the Company collected the information from you; and

b) you would reasonably expect the Company to use or disclose the information for that purpose; and

c) the Company provides a simple means by which you may easily request not to receive direct marketing communications from the Company; and

d) you have not made such a request to the Company.


7.3. Despite subclause 7.1, the Company may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing if:

a) the Company collected the information from you, and you would not reasonably expect the Company to use or disclose the information for that purpose or someone other than you; and either you have consented to the use or disclosure of the information for that purpose, or it is impracticable to obtain that consent: and

b) the Company provides a simple means by which you may easily request not to receive direct marketing communications from the Company; and

c) in each direct marketing communication with you, the Company includes a prominent statement that you may make such a request or the Company otherwise draws your attention to the fact that you may make such a request; and

d) you have not made such a request to the Company.


7.4. Despite subclause 7.1, the Company may use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.

7.5. Despite subclause 7.1, the Company may use or disclose personal information for the purpose of direct marketing if:

a) the Company is a contracted service provider for a Commonwealth contract; and

b) the Company collected the information for the purpose of meeting (directly or indirectly) an obligation under the contract; and

c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation.


7.6. If the Company uses or discloses personal information about you :

a) for the purpose of direct marketing by the Company; or

b) for the purpose of facilitating direct marketing by other organisations;

you may:

c) if paragraph (a) applies, request not to receive direct marketing communications from the Company; and

d) if paragraph (b) applies, request the Company not to use or disclose the information for the purpose referred to in that paragraph; and request the Company to provide its source of the information.


7.7. If you make a request under subclause 7.6, the Company must not charge you for the making of, or to give effect to, the request and:

a) if the request is of a kind referred to in paragraph 7.6(c) or (d), the Company must give effect to the request within a reasonable period after the request is made; and

b) if the request is of a kind referred to in paragraph 7.6(e), the Company must, within a reasonable period after the request is made, notify you of its source unless it is impracticable or unreasonable to do so.


7.8. This principle does not apply to the extent that any of the following applies:

a) Division 5 of Part 7B of the Interactive Gambling Act 2001;

b) the Do Not Call Register Act 2006;

c) the Spam Act 2003;

d) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.


8. Cross-border Disclosure of Personal Information

8.1. Before the Company discloses personal information about you to a person (the “Overseas Recipient”) who is not in Australia or an external Territory and who is not the Company or you the Company must take such steps as are reasonable in the circumstances to ensure that the Overseas Recipient does not breach the Australian Privacy Principles (other than clause 1 above) in relation to the information.

8.2. Subclause 8.1 does not apply to the disclosure of personal information about you by the Company to the Overseas Recipient if:

a) the Company reasonably believes that:

i) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and

ii) there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme; or

b) both of the following applies:

i) the Company expressly informs you that if you consent to the disclosure of the information, subclause 8.1 will not apply to the disclosure;

ii) after being so informed, you consent to the disclosure; or

c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or

d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Act) exists in relation to the disclosure of the information by the Company.


9. Adoption, Use or Disclosure of Government Related Identifiers

9.1. The Company must not adopt a government related identifier of you as its own identifier of you unless the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order or Subclause 9.3 applies in relation to the adoption.

9.2. The Company must not use or disclose a government related identifier of you unless:

a) the use or disclosure of the identifier is reasonably necessary for the Company to verify the identity of you for the purposes of the Company’s activities or functions; or

b) the use or disclosure of the identifier is reasonably necessary for the Company to fulfil its obligations to an agency or a State or Territory authority; or

c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or

d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Act) exists in relation to the use or disclosure of the identifier; or

e) the Company reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

e) subclause 9.3 applies in relation to the use or disclosure.


9.3. This subclause applies in relation to the adoption, use or disclosure by the Company of a government related identifier of you if the identifier is prescribed by the regulations and the Company is prescribed by the regulations or is included in a class of organisations prescribed by the regulations and the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.


10. Quality of personal information

10.1. The Company must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the Company collects is accurate, up-to-date and complete.

10.2. The Company must take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the Company uses or discloses is, having regard to the purpose of the use or disclosure is accurate, up-to-date, complete and relevant.


11. Security of personal information

11.1. If the Company holds personal information, the Company must take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorised access, modification or disclosure.

11.2. If the Company holds personal information about you; and the Company no longer needs the information for any purpose for which the information may be used or disclosed by the Company under this Schedule, and the information is not contained in a Commonwealth record, and the Company is not required by or under an Australian law, or a court/tribunal order, to retain the information, the Company must take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.


Access to personal information

12.1. If the Company holds personal information about you, the Company must, on request by you, give you access to the information.

12.2. Despite subclause 12.1, the Company is not required to give you access to the personal information to the extent that:

a) the Company reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or

b) giving access would have an unreasonable impact on the privacy of other individuals; or

c) the request for access is frivolous or vexatious; or

d) the information relates to existing or anticipated legal proceedings between the Company and you, and would not be accessible by the process of discovery in those proceedings; or

e) giving access would reveal the intentions of the Company in relation to negotiations with you in such a way as to prejudice those negotiations; or

f) giving access would be unlawful; or

g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or

h) both of the following applies:

i) the Company has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the Company’s functions or activities has been, is being or may be engaged in;

ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

j) giving access would reveal evaluative information generated within the Company in connection with a commercially sensitive decision-making process.


12.3. The Company must respond to the request for access to the personal information within a reasonable period after the request is made; and give access to the information in the manner requested by you, if it is reasonable and practicable to do so.

12.4. If the Company refuses to give access to the personal information because of subclause 12.2 or to give access in the manner requested by you, the Company must take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the Company and you.

12.5. Without limiting subclause 12.4, access may be given through the use of a mutually agreed intermediary.

12.6. If the Company charges you for giving access to the personal information, the charge must not be excessive and must not apply to the making of the request.


12.7. If the Company refuses to give access to the personal information because of subclause 12.2 or 12.3 or to give access in the manner requested by you, the Company must give you a written notice that sets out the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so and the mechanisms available to complain about the refusal; and any other matter prescribed by the regulations.

12.8. If the Company refuses to give access to the personal information because of paragraph 12.2(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.


13. Correction of personal information

13.1. If the Company holds personal information about you; and either the Company is satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or you request the Company to correct the information; the Company must take such steps (if any) as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

13.2. If the Company charges you for giving access to the personal information, the charge must not be excessive and must not apply to the making of the request.

13.3. If the Company refuses to give access to the personal information because of subclause 12.2 or 12.3 or to give access in the manner requested by you, the Company must give you a written notice that sets out the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so and the mechanisms available to complain about the refusal; and any other matter prescribed by the regulations.

13.4. If the Company refuses to give access to the personal information because of paragraph 12.2(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.

13.5. If a request is made under subclause 13.1 or 13.4, the Company must respond to the request within a reasonable period after the request is made; and must not charge you for the making of the request, for correcting the personal information or for associating the statement with the personal information (as the case may be).


The Company Contact Details are:

THE HMO PROPERTY CO PTY LTD (ACN: 633 039 862)

of 1/138 Mill Point Road, South Perth WA 6151

Ph.: 0452 228 985

Email: info@thehmopropertyco.com

Web: www.thehmopropertyco.com