MyEmpire Privacy Policy

MyEmpire Group Pty Ltd (MyEmpire, we, us, our) is committed to protecting your privacy. We provide Cyber Security Services and Business Process Outsourcing services (Services).

Our primary privacy obligations are derived from Australian law. Sometimes, we also handle the information of United Kingdom (UK) residents or share data with other organisations which do so or provide services to individuals located in the UK.

The processing of Personal Information will always be in line with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth)(Privacy Act), the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR)(collectively, the UK Privacy Laws), and in accordance with country-specific data protection regulations and other applicable regulations to us.

This Privacy Policy has been written to provide understanding of how your Personal Information will be handled when engaging with MyEmpire. This Privacy Policy will also provide you with information so that you are able to consent to the processing of your Personal Information in an explicit and informed manner, where appropriate.

Any information which you provide to MyEmpire, or which is otherwise gathered by MyEmpire, in the context of the use of MyEmpire Services will be processed by MyEmpire in a lawful, fair, and transparent manner.

While we publish our Privacy Policy on our website so that it is easily accessible, we also make copies available on request in paper format. In most circumstances we do not charge a fee for providing a copy of the Policy. If, however, a request is made for a copy in some other format (foreign language requirements or those linked to disabilities such as sight or hearing impairment), special arrangements may need to be made.

1. Privacy, Personal Information, Personal Data and Employee Records

This Privacy Policy (Policy) concerns information or an opinion about an identified individual or an individual that is reasonably identifiable (you). MyEmpire processes Personal Information including Sensitive Personal Information.

All Personal Information that we process and hold (where we have possession or control of a record) or use and disclose (where the information is outside of our possession or control) is treated with the same respect, security, and high standards.

2. Definitions

Cookie” means piece of state information supplied by a web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests.

Customer” means a corporate entity in the private or public sector, such as a law enforcement agency, or business enterprise, which has entered into an agreement with MyEmpire, for MyEmpire to provide the Services to the Customer.

“Diagnostic Data” means data collected or obtained by MyEmpire from software that is locally installed by a MyEmpire Customer (and its Personnel) in connection with the MyEmpire Services. Diagnostic Data may also be referred to as ‘telemetry’.

“Personal Information” means any data by which a person may be identified, including any information that is personal information or personal data under the Privacy Act or under the UK Privacy Laws.

Personnel” means any person who is employed by or contracted to the Customer, or a subcontractor appointed by the Customer in accordance with the Agreement, and who is involved in accessing, using, or facilitating the MyEmpire Services and/or will have access to Customer Data, Customer Systems, Customer facilities and any Confidential Information of the Customer.

“Profiling” means any form of automated processing of Personal Data under the UK Privacy Laws, including but not limited to the use of Personal Data to evaluate certain personal aspects relating to an actual person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour (including possible criminal behaviour), location or movements.

“MyEmpire Services” or “Services” means the cyber security, business process outsourcing services, and any other services provided by MyEmpire Group from time to time.

“Services Data” means all data developed, produced, or created as a result of providing the MyEmpire Services whether or not developed, produced, or created by MyEmpire, a MyEmpire Customer, it’s Personnel or other third party.

“Sensitive Personal Information” means

  • information or an opinion about an individual’s:
    • racial or ethnic origin, or
    • political opinions, or
    • membership of a political association, or
    • religious beliefs or affiliations, or
    • philosophical beliefs, or
    • membership of a professional or trade association, or
    • membership of a trade union, or
    • sexual orientation or practices, or
    • criminal record (for Australian individuals); or
    • any other information that is biometric information under the applicable privacy laws; or
    • health information about an individual; or
    • genetic information about an individual that is not otherwise health information.

“Usage Data” is data collected automatically, either generated by using our Service, or from the Service infrastructure itself (for example, the duration of a page visit).

3. Scope and Applicability

The scope of this Policy extends to all Personal Information that we process in the course of providing the MyEmpire Services, in complying with law, managing risk, and conducting our business activities which include our customer relationships, internal operations (management, recruitment, employees, temporary staff, contractors) and external operations (third parties such as business partners and service providers).

We will only collect Personal Information from you if it is reasonably necessary for one or more of our functions or activities.

This Policy does not extend to third party websites or to social media accessed via links on our website or email communications.  Use of third-party links and social media will be governed by the privacy policies and terms of use of the relevant service providers.

This Policy does not extend to MyEmpire Customer environments, or to MyEmpire Customer privacy practices.

4. Consent

Where we rely on your consent as the lawful basis for processing your Personal Information, we will always ask for you to positively confirm your acceptance with a genuine choice, and provide you with adequate information in the circumstances. We note that all contact or other data forms where consent is required to be given by you include no pre-checked checkboxes so that you are able to freely, affirmatively opt-in. Where relevant, we will also provide you with notice specifically detailing what it is that you are consenting to in clear and plain language as well ensuring that each matter that requires consent is clearly distinguishable.

By positively confirming your acceptance of this Policy, you acknowledge and agree to be bound by this Policy.

Naturally, you must have the capacity to understand, to give and to communicate consent.  Individuals who are not sure about giving consent or if something is not clear to you, we invite you to contact us using the details below so that we can provide assistance.

5. Our handling of Personal Information

5.1 Open and Transparent Management of Personal Information

MyEmpire have implemented practices, procedures, and systems to align our handling of Personal Information in accordance with the Privacy Act, the UK Privacy Laws, applicable law, international standards, and best practice.

This Policy, together with our website Terms of Use and email disclaimer, set out how we provide for open and transparent management of Personal Information, to give you the ability to make informed choices about MyEmpire Services and to communications with us.

5.2 Anonymity and Pseudonymity

As an individual, you can choose to remain anonymous (you cannot be identified and we do not collect your Personal Information), or you can choose to use a pseudonym (you can use a name, term or description that is different from your own) when dealing with us.

Circumstances where we give individuals the option to remain anonymous or to use a pseudonym include, for example, where individuals prefer not to be identified to avoid direct marketing, to keep their whereabouts and choices from others, or to provide their opinion anonymously.

Examples of circumstances where we will need to know the identity of the person that we are dealing with relate to employment, the provision of the MyEmpire Services, where identification is required or authorised by law, where a refund is requested, for dispute resolution, or where you are exercising one of your rights to your Personal Information.

If you do not provide us with Personal Information in the above circumstances, some or all of the following may happen:

  • we may not be able to provide our Services to you, either to the same standard or at all,
  • we may not be able to run competitions and promotions in a way that benefits you, and/or
  • we may not be able to provide you with information about products and services that you may want.
5.3 Collection of Solicited Personal information

We will collect and process your Personal Information when:

  • you provide it to us through our website, and social media platforms we manage,
  • you provide it to us through email or other communications with us,
  • you provide it to us through our document sharing platforms, and
  • in some circumstances, our Customers will provide us with your Personal Information in order for us to provide our Services to them.

Our purposes for processing Personal Information include:

  • To provide the MyEmpire Services to our Customers,
  • To provide you with information, and updates about additional products, Services, and opportunities available to you,
  • To improve our products and services and better understand your needs,
  • To maintain our internal records and administrative purposes,
  • To comply with our legal obligations and resolve any disputes that we may have,
  • To remember information so you don’t have to re-enter it during your visit to our website,
  • To provide personalised content and information to you and others,
  • To send marketing communications to you,
  • To conduct our business, generate content and provide customer support and payment options (including updates and improvements),
  • To administer contracts including to negotiate, execute and/or manage a contract with you,
  • To communicate with you,
  • To conduct surveys to determine use and satisfaction,
  • To detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Master Services Agreement, other terms with you, this Policy,
  • To enforce our Master Services Agreement, this Policy or any other terms,
  • To verify information for accuracy or completeness,
  • To comply with our legal obligations,
  • To monitor metrics,
  • To use anonymised data to improve our Services,
  • To combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out in this Policy,
  • To protect a person’s rights, property or safety,
  • To process transactions to which you are a party,
  • To resolve disputes and to identify, test and resolve problems,
  • For internal human resourcing, and
  • Any other purpose made known in this Policy or any other policy

We collect:

  • First and last name,
  • Username and password;
  • Contact details (postal address, email address, telephone number),
  • Cookies and Diagnostic Data,
  • Services Data,
  • Usage Data, and
  • IP Address

We also collect sensitive Personal Information for the purposes of complying with our legal obligations, such as:

  • trade union memberships, and
  • health information.

For our employment and recruitment purposes, in addition to the above, we also collect:

  • Contact details for next-of-kin
  • government issued ID and photographs,
  • banking details and tax file numbers,
  • qualifications, training and work history,
  • criminal history, and
  • any other information you provide us.

We collect Personal Information by lawful and fair means, and wherever possible, we only collect it directly from the individual concerned.

We may collect Personal Information from some sources other than the individual themselves from time to time. This includes:

  • From your employer if you are an employee of a Customer,
  • From recruiters, employment agencies or referees for human resourcing purposes, and
  • From law enforcement authorities when authorised or required by law.

We do not use your Personal Information for Profiling.

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting us using the contact details below.
  • We have a contractual obligation (where you are an employee of ours).
  • We have a legal obligation.
  • We have a legitimate interest including commercial interests, marketing interests, fraud prevention and IT security.
  • Our Customers have a legitimate interest including commercial interests or IT security interest.
5.4 Dealing with Unsolicited Personal information

Personal information is sometimes provided to us in circumstances where we have not requested it. In these circumstances, we will usually destroy or de-identify the Personal Information as soon as practicable if it is lawful and reasonable to do so, unless the unsolicited Personal Information is reasonably necessary for, or directly related to, our functions or activities.

5.5 Notification of the Collection of Personal Information

This Policy, other legal notices published on our website and our email disclaimer are our way to ensure that individuals know about the Personal Information that MyEmpire collects and our reasons for doing so. We will inform individuals about the Personal Information we collect before we collect it or at the time we collect it.

In exceptional circumstances where this does not happen, for example, when we receive unsolicited Personal Information which we decide to retain, we will inform individuals as soon as reasonably possible (at the latest within one (1) month) after the collection of Personal Information.

5.6 Use or Disclosure of Personal Information

Where we hold Personal Information about an individual that was collected for a particular purpose (the primary purpose) we will not use or disclose the information for another purpose (a secondary purpose) unless required or authorised by law, the individual has consented to the new purpose, or for Australian individuals, where the individual would reasonably expect us to use or disclose it for a related purpose.

We may disclose your Personal Information to any of our employees, officers, insurers, professional advisers, agents, suppliers, service providers, related entities or subcontractors insofar as reasonably necessary for the purposes set out in this Policy. We may also need to disclose Personal Information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.

Our third party service providers are required not to use your Personal Information other than to provide the services requested by us. If you would like to see a list of our service providers, please see our list of sub-processors.

In some circumstances, for example, where we believe that the MyEmpire Services may be improved through new technologies such as data science (analytics), or where we see a benefit to individuals, we may use Personal Information that has been provided to us by the individual themselves or received from third party analytics tools for a purpose that is different from the purpose for which it was given to us in the first place. Where we do this, we will only use anonymous data.

Regardless of any choices you make regarding your Personal Information, we also disclose Personal Information if we believe in good faith that the disclosure is necessary for legal investigation, to comply with relevant laws or regulations, to protect or defend the rights or property of MyEmpire, to investigate or assist in preventing any violation or potential violation of the law, this Policy and our MSA, to protect the safety of any person or to protect the security of MyEmpire’s systems, or to detect, prevent or otherwise address fraud, security or technical issues.

We will take reasonable steps to ensure that anyone to whom we disclose your Personal Information respects the confidentiality of the information and abides by the Privacy Act, and/or UK Privacy Laws or equivalent privacy laws.

We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Policy.

We may share some or all of your Personal Information with any of our parent companies’ subsidiaries, joint ventures, or other companies under a common control (Affiliates), in which case we will require our Affiliates to honour this Policy. If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any Personal Information and non-Personal Information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.

5.7 Direct Marketing

When we provide a Service, we ask for consent to communicate directly with the individuals concerned in order to provide their Personal Information and to promote our Services through direct marketing communications.

Whenever we do, we allow individuals to opt-out of receiving direct marketing notifications.

Where we use your data for direct marketing, we will ensure that it is in compliance with applicable laws. You will always be provided with an easy means of withdrawing your consent to MyEmpire processing your Personal Information. When you request us to stop communicating with you, we will comply with that request.

Where you are an employee of a Customer, we may be required to send you emails for legitimate reasons including but not limited to billing, reminders and verification purposes.

We do not disclose, sell, or share Personal Information to third parties for direct marketing purposes.

5.8 Cross-border Disclosure of Personal Information

Information that we collect may be stored, processed in, or transferred between parties located in countries outside of Australia and the UK, including our related bodies corporate and third-party service providers located overseas for some of the purposes listed in this Policy. These countries may include, but are not limited to the USA and countries in the European Union.

Where we transfer Personal Information out of the UK, we ensure an adequate level of protection for the rights of individuals based on the adequacy of the receiving country’s data protection laws. We meet international best practice standards and employ appropriate safeguards such as contractual clauses and other agreements to manage our processing of Personal Information and any processing by our service providers.

5.9 Adoption, use or Disclosure of Government Identifiers

We do not adopt, use, or disclose government identifiers of an individual as our own identifiers.

We use and disclose government identifiers such as Australian Tax File Numbers, or a UK Unique Taxpayer Reference, for example, for human resource purposes, providing Business Process Outsourcing services and where required or authorised by law.

5.10 Quality of Personal Information

We are committed to taking reasonable steps to ensure that the Personal Information we collect, hold, use, and disclose is done so having regard to:

  • the purpose of the use or disclosure,
  • the accuracy of the information,
  • the currency of the information,
  • the completeness of the information, and
  • the relevance of the information.

Where we collect that information from individuals directly, we rely on you to supply accurate information.

To do this, we ask individuals to assist us. We provide various technical means, including email notifications and webforms where individuals can request access to, verify, and update records of Personal Information that we hold.

5.11 Security of Personal Information

We will process Personal Information securely and maintain appropriate technical and organisational measures to protect the Personal Information we process and hold from:

  • unauthorised access (by someone that is not permitted access the information),
  • misuse (wrong or improper use),
  • modification (alteration by someone that is not permitted to do so, or who acts beyond the scope of their authority to modify Personal Information),
  • interference (access even where the content is not necessarily modified),
  • unauthorised disclosure (where Personal Information is released from our effective control without authority), and/or
  • loss (accidental, inadvertent, misplaced Personal Information).

Our information security and privacy practices include circumstances where our data handling practices are outsourced to third parties. Because of this we endeavour wherever required under the applicable law to bind third party service providers through appropriate legal agreements. we also endeavour to monitor their privacy and security practices where required under the applicable law.

5.12 Retention of Personal Information

We will retain your Personal Information for the period necessary to fulfil the purposes outlined in this Policy unless a longer retention period is required or permitted by law.

Where there is no legal obligation to retain records and evidence, and in circumstances where we no longer need Personal Information for any purpose under the applicable law, we take reasonable steps to destroy the information or to ensure that the information is de-identified.

6. Notifiable Data Breaches

We take data breaches very seriously.

We will endeavour to meet the relevant deadline as imposed by the Privacy Act and/or the UK Privacy Laws to report any data breach to the Office of the Australian Information Commissioner (OAIC) and/or to the Information Commissioner’s Office where a data breach occurs that will likely be a risk to you.

Further, where there is likely to be a high risk or serious risk to you or your rights, we will endeavour to contact you without undue delay. We will review every incident and take action to prevent future breaches.

If you suspect or become aware of a breach or an impending breach, please contact us as a matter of urgency.

7. Your rights to your Personal Information

7.1 Your rights

Australian individuals

Under the Privacy Act, you have rights including:

  • Your right of access – You have the right to ask us for copies of your Personal Information.
  • Your right of correction – You have the right to ask us to correct Personal Information you think is inaccurate, out of date or incomplete.

UK individuals

Under the UK Privacy Laws, you have rights including:

  • Your right of access – You have the right to ask us for copies of your Personal Information.
  • Your right to rectification – You have the right to ask us to rectify Personal Information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure – You have the right to ask us to erase your Personal Information in certain circumstances.
  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your Personal Information in certain circumstances.
  • Your right to object to processing – You have the right to object to the processing of your Personal Information in certain circumstances.
  • Your right to data portability – You have the right to ask that we transfer the Personal Information you gave us to another organisation, or to you, in certain circumstances.
  • Your right not to be subject to decision based solely on automated processing, including Profiling – You have the right not to be subject to a decision based on this nature of processing which produces legal effects concerning you, or similarly significantly affects you.
7.2 Exercising your rights to your Personal Information

Subject to the Privacy Act and/or the UK Privacy Law, you may make requests in relation to your Personal Information that we hold about you by contacting us.

Accessing or correcting your Personal Information

Where we hold Personal Information, we will, on request by an individual, normally give that individual access to their information. We will also take reasonable steps to correct the information to ensure that, having regard to the purpose for which we hold it, it is accurate, up-to-date, complete, relevant, and not misleading.

In considering a request for access or correction to Personal Information by an individual, we may require identification information.

In certain circumstances, we may not be required to provide you with access to your Personal Information, for example, where provided for in law, in instances of commercial sensitivity and where a third party may be negatively affected.

We reserve the right not necessarily to effect the changes sought but undertake to consider reasonable requests and to associate a statement to the record reflecting our refusal to correct the failed request for correction if we reasonably consider that the information is accurate.

If this occurs, we will give you reasons for our decision not to provide you with such access to your Personal Information or to correct your Personal Information in accordance with the requirements of the Privacy Act and/or UK Privacy Laws.

Deletion (UK individuals only)

We keep data for as long as it is needed for our operations and to provide our Services to our Customers.

If you wish to have us delete your data, please contact us.

Object, restrict or withdraw consent (UK individuals only)

You may submit a request to us if you object to any Personal Information being stored, or if you wish to restrict or withdraw any consent given for the processing of your Personal Information.

You may withdraw your consent to the processing of your Personal Information at any time. If you wish to exercise this right, you may do so by contacting us.

You may withdraw your consent to the processing of your Personal information for marketing purposes by contacting us or by clicking the unsubscribe link at the bottom of any marketing materials we send you.

Portability (UK individuals only)

We may, if required and possible, provide you with the means to download the Personal Information you have provided to us. Please contact us for further information on how this can be arranged.

If you make a request to exercise your rights with us, we will reply to you within a reasonable time, up to one (1) month. You are not required to pay any charge for exercising your rights. However, we may charge an administrative fee for the provision of information in certain circumstances, such as if you make repeated requests for information or where the information is held by a third-party provider.

If we need more time to assist you in exercising your rights, we will notify you about this and provide a timeframe for our further response, which can be up to two (2) further months.

If you are an Australian individual, we may also charge a fee where we incur costs for providing you access to information, for example, for photocopying, postage and costs associated with using an intermediary if one is required.

Where we act as a data processor, we do so on behalf of our Customer and in accordance with their instructions. This means that should you wish to access, review, correct, transfer, modify or delete any Personal Information we process on behalf of a Customer, you should contact the Customer with your request.

8. Complaints and enquiries to MyEmpire

If you reside in Australia, the Office of the Australian Information Commissioner will not investigate a complaint if you have not first raised the matter with us. For this reason, we ask individuals to agree to submit all complaints relating to this Policy to us first, so that we have an opportunity to resolve complaints before they proceed to any relevant authority. Individuals are asked to direct all complaints and enquiries to us using the contact details  below.

If you reside in Australia, all queries or complaints should be directed to:

Privacy Team
Email: [email protected]
Address: Level 3, 162 Collins Street,
Melbourne, Victoria, Australia

If you reside in the UK, the data controller that is responsible for your Personal Information is:

MyEmpire Group Limited
Company Number 14391538
Email: [email protected]
Address: 101 New Cavendish Street, 1st Floor South, London W1G 8TB

9. Complaints to authorities

If you wish to raise a concern about our use of your Personal Information you have the right to do so with your local authority.

If you are located in Australia – the Office of the Australian Information Commissioner:

Telephone: 1300 363 992 (if calling from outside Australia including Norfolk Island please call: +61 2 9284 9749)

National Relay Service:

TTY users’ phone 133 677 then ask for 1300 363 992
Speak and Listen users’ phone 1300 555 727 then ask for 1300 363 992
Internet relay users connect to the National Relay Service then ask for 1300 363 992

Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW 2001
Fax: +61 2 9284 9666
Email: [email protected]
website: https://www.oaic.gov.au/privacy/privacy-complaints/

If you are located in the UK – the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

10. Changes to this policy

This Policy is subject to occasional revision and we reserve the right, at our sole discretion, to modify or replace any part of Policy. It is your responsibility to check the Policy periodically for changes. Continued use of our Services including the website shall indicate your acknowledgement of that it is your responsibility to review the Policy periodically and become aware of any modifications.

We may amend this Policy from time to time. Not all changes to our Policy will require your consent, for example where office security procedures are changed. We will notify you of any change to our information handling policy that requires your consent before being implemented.

This Policy was last updated in March 2023.

Cookie Notice

Cookies

We may from time-to-time use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer.

We generally treat information collected by cookies and other technologies as non-personal information. However, to the extent that IP addresses or similar identifiers are considered personal information by applicable law, we also treat these identifiers as personal information. Similarly, to the extent that non-personal information is combined with personal information, we treat the combined information as Personal Information for the purposes of this Policy.

Most web browsers automatically accept cookies, but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our website. our website may from time-to-time use cookies to analyses website traffic and help us provide a better website visitor experience. In addition, cookies may be used to serve relevant ads to website visitors through third party services such as Google AdWords. These ads may appear on this website or other websites you visit.