Your data is safe

Privacy Policy

Robert Kirby Online Privacy Statements

Updated 23/11/2019

Robert Kirby Online Privacy Statements

The privacy and collection statement below is part of Robert Kirby’s overall approach to ensuring compliance with the key legislation and policies around how they engage with customers through their digital channels.

To save time, the statement has been developed to align and comply with the requirements under the key policy for Queensland Government agencies outlined below. However this policy should be reviewed in alignment of the GDPR as Robert Kirby will be releasing products on a global scale and although the GDPR technically applies only in Europe, it is the world-leading standard for online privacy and most other countries are likely to mandate similar requirements in the next few years. These policy requirements have been edited down into Plain English to ensure it’s easy for customers to read, comprehend and action. More detailed compliance information has been detailed in the right-hand column so Robert Kirby and his legal support are able to see where important clauses are being addressed. Feedback is very welcome.

Compliance

It is important when delivering website and social engagement services that the department consider the following legislation and policies in particular that relate to protecting customers’ privacy and the flow of information: Queensland Information Privacy Act 2009 (Privacy Act)

Strictly speaking, the Privacy Act applies to ‘personal information’ (information that identifies an individual like their name, email address or an ID number). Much of the data collected (such as aggregated website usage data) is at least pseudo-anonymous and not considered ‘personal information’. However, the privacy and collection statement is a blanket statement and combines both personal information and anonymous information together for the sake of simplicity.
Having the privacy and collection statement is a key part of compliance. However, to make good on the obligations and requirements outlined in the statement and underlying legislation the department will also need to consider:

  • Request permission to use photos
      – Where Robert Kirby would like to use photos published by customers on social media, they will need to be approached to explicitly opt in to allow this.
  • Specific privacy statements
      – A specific privacy statement must be provided where Robert Kirby is requesting personal information (such as names, phone numbers, email or other addresses or identification numbers). E.g. on the contact form on the Northshore Website. This statement just needs to outline how the collected data will be used (e.g. to contact the customer and help them with their enquiry).
  • Information Security Principles
      – A Business Impact Assessment (BIA) could be completed against the digital channels to identify key risks and then security controls put in place to mitigate the risks identified.

Privacy and Collection Statement

Purpose

The purpose of this statement is to clarify the relationships between you, us and the social platform providers we engage on, and how the data you share flows between. This allows us to deliver services to you and help protect you and your data while we deliver them.
This statement outlines how we comply with the relevant requirements from legislation in Australia and overseas and how they protect you and your data.

Definitions

This statement uses a number of terms and concepts that it helps to be clear about.
There are 3 groups of people referred to in this statement:

  • ‘You’
  • ‘Us’, ‘we’ or ‘our’ refers to Robert Kirby Breakthrough Brilliance.
  • ‘Social platform providers’ refers to the companies that provide and support the social platforms we use to engage with you.

‘Data’ or ‘information’ are treated as being the same concept, and refer to any content or statistics:

  • shared by you.
  • collected about you or your usage of the ‘digital channels’ defined below.
  • generated by the social platforms themselves.

‘Social posts’ refer to the content you share with social providers that gets published on their platform for us or others to see and engage with.

‘Personal information’ is defined under the Privacy Act. In short, ‘personal information’ is information about an individual whose identity is apparent or can reasonably be ascertained from the information. For example, your name, phone number or email address. Information that does not identify you will be referred to as ‘anonymised information’.

‘Digital channels’ refers to the websites and social media platforms and accounts we are using to engage with you. These channels are listed below.

What this statement covers

This statement covers the following digital channels:

  • The Robert Kirby website
  • The Robert Kirby Facebook account
  • The Robert Kirby Instagram account
  • The Robert Kirby Twitter account

You are in control of your data

We treat any data collected about you with the highest respect and it’s collection and use is outlined in this statement. However, when you sign up for and engage using social platforms, you are voluntarily agreeing to send your information to the platform providers, often overseas, and sometimes to be published publicly.

Any data you share with the social platform providers, whether that’s during interactions with us, or with others is governed by the platform’s privacy policies and we cannot guarantee those policies align with privacy legislation. We encourage you to think carefully before sharing on social platforms:

  • The platforms we engage on are based outside of Australia, are you comfortable with your data travelling overseas and being stored there?
  • If the post is to be shared publicly or to a group of people, are you comfortable for it to be visible in that context?
  • If you are sharing information that personally identifies you or someone else or is sensitive, consider if a social platform is the right place to share it?

If your answer to any of these questions is ‘no’, we encourage you not to share your data in this way.
If you would like to engage with us without sending your data to social platform providers, or you believe you need to send us personal or sensitive information, we encourage you to reach out to us using our secure contact form.

Data we collect about you

We collect the following types of data:

  • Any information you share with or about us over social platforms, so we can engage with and provide services to you.
  • Anonymised information such as how visitors use our digital channels is collected using tools such as Google Analytics and Hootsuite.
  • Sometimes we may request personal information. For example, if you request that we make contact with you we may ask for your name and contact details. In these cases we will provide a specific privacy statement to clarify how those details will be used.
  • Sometimes we may reach out via social channels to request your approval to use an image you have posted on that social channel about Northshore.

How we use your data

We will only use your data for the purposes outlined below unless otherwise specified at the point of collection or authorised or required to do so by law. For example, if you request to be contacted, we will use your personal information for the specific purpose of contacting you.
We use your data:

  • to provide our services to you.
  • to measure our performance.
  • to analyse the usage of our digital channels to help us improve the channels and the services we provide.
  • to keep a historical record of interactions to fulfil any legal obligations. These requests may include your name on social channels, and the content of your posts.

Who has access to this data

The data we collect is only available to authorised staff and only for the purposes outlined above.
The data you share with social platform providers is maintained under their terms and conditions, that you agreed to when signing up for their service.
We will not share your data other than in ways specified in this statement unless it is specified at the point of collection or authorised or required to do so by law.

Security

Data you share with us via the Robert Kirby website is protected using Secure Sockets Layer (SSL) encryption, is stored in secure databases and only accessible to authorised staff.
Where the Robert Kirby site links to other websites or social platforms, we are not responsible for the privacy, security or the content on those channels.

Security

Data we collect is stored on secure platforms and retained for a period of time as guided by the General Retention and Disposal Schedule:

  • Social posts
      – Routine Communication—Only retained until the communication is complete.
      – Marketing Campaigns – other—Retained for 5 years after the campaign is complete.
      – Stakeholder engagement—Retained for 7 years after the consultation is complete.
  • Anonymised information (e.g. digital channel usage statistics)
      – Research – other—Retained for 5 years after business action is complete.
      – This data may be retained longer at our direction to allow for trends to be researched over longer periods.
  • Service delivery
      – Routine Communication—Only retained until the service delivery is complete.

Accessing your personal information

We provide you with the right to request access to personal information we have stored about you and to amend that information.

Contact us

Contact us if you have questions about this statement or you would like to know more about information privacy.

We provide you with the right to request access to personal information we have stored about you and to amend that information.