At COS we respect and protect the privacy of our customers, suppliers and employees. We are committed to protecting the privacy of your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) including the Australian Privacy Principles.
This policy and the Privacy Act does not apply to ’employee records’ (as defined in the Privacy Act) held by COS.
What we collect
In the course of doing business, we may collect and hold information about the organisations and individuals with whom we engage as customers, partners or suppliers, or employees. We may also collect and hold information about individuals within those organisations or individuals within whom we or our customers engage directly.
We may also collect other personal and sensitive information as part of the recruitment process, including your resume, qualifications, skills, education provider and history, work history and residency status and contact details.
Please note that the type of personal information we collect and hold depends on the nature of our interaction with you. We only collect and hold personal information that is reasonably necessary depending on the nature of the interaction.
We collect the following personal information:
- Name, address, contact details (including telephone number, fax number and email address) and trade references;
- Business details (ABN/ACN, business name and your position within the company – if applicable);
- Names and addresses of the directors, proprietors and owners of corporate customers and any personal guarantors, which are collected as a part of our credit application process;
- Credit card and other financial details;
- Information about your communications with us, about services or goods ordered, acquired or supplied, payment and billing information, marketing preferences;
- Contractor name, address, licence, contact and emergency contact details which are used for the purposes of managing our various contractors in accordance with the requirements of our customers and our business requirements; and
- Any other information as authorised or required by law.
We may also collect and use personal information provided by supplier organisations to:
- Manage our accounts payment and ordering systems,
- Improve our internal procurement management processes, and
- Otherwise improve our relationship with our suppliers.
How we use and collect personal information
COS will usually collect your personal information directly from you, when you place an order, where you access and interact with the website or with the COS Customer Service Team. COS may also collect information about you that is publicly available including information from websites such as LinkedIn or other websites. There may be occasions when COS collects personal information from a third party, such as credit reporting agencies and past employers and referees.
We will only collect information from third parties where:
- you have consented to such collection;
- such collection is necessary to enable us to provide you with our products and services; or
- it is legally permissible for us to do.
If COS receives personal information that COS has not requested (unsolicited information) and COS determines that it could not have collected that information under the Australian Privacy Principles if COS had requested it, COS will destroy or de-identify the information if it is lawful and reasonable to do so.
How we use personal information
Depending on the nature of our interaction with you, COS may use your personal information for the primary purpose of:
- fulfilling your requests for products and services, and receiving payment;
- performing the necessary credit checks in accordance with our credit application processes;
- marketing our goods and services (including direct marketing);
- managing our business, such as assessing insurance requirements and business processes;
- assessing your suitability to work within our organisation;
- assisting in the running our business, including quality assurance programs, billing, improving our services, implementing appropriate security measures and training personnel; and
- effectively communicating with third parties, such as courier companies engaged, to deliver any ordered goods.
COS may use your personal information for a secondary purpose if:
- that secondary purpose is directly related to the primary purpose, and you would reasonably expect, or COS has informed you, that your information will be used for that secondary purpose;
- you have given your consent for your personal information to be used for a secondary purpose; or
- COS is required or authorised by law to use your personal information for a secondary purpose (including for research and quality improvements within COS).
Who has access to personal information?
COS and any contractors of COS may have access to and use your personal information. Personal information may from time to time be retained on data storage systems owned and operated by these contractors.
We may also disclose your personal information to a buyer or prospective buyer of any of our assets or business (or any part of it).
We may also use and disclose your personal information with your consent and as otherwise required or permitted by law. This may include, where appropriate, handling personal information relying on exemptions that may be available under applicable privacy laws including, for example, the employee records exemption in the Privacy Act.
Overseas Disclosure of your personal information
In some circumstances, we may disclose your personal information to overseas recipients located in the United States of America and Germany. Otherwise, generally we will not disclose your personal information to overseas recipients, except with your consent or where we are required or authorised to do so by law.
Our websites utilise “cookies” to provide you with a more convenient shopping experience, such as remembering your login name and password, purchase history and maintaining items in your shopping cart if you leave the site before checkout.
Personal information is used by COS for its legitimate business purpose, as disclosed at the time of collection. It is also used for ancillary purposes such as locating and identifying you and for servicing our relationship with you. Your contact details may also be used by us for the purposes of sending marketing correspondence to you. You may make a request to us not to receive direct marketing communications.
COS undertakes not to sell, rent or trade personal information. We will not disclose personal information to third parties for them to market goods and services to you. We will not otherwise use or disclose your personal information unless the use or disclosure is authorised under the Australian Privacy Principles. Some examples of where use or disclosure is authorised under the Australian Privacy Principles are:
- Use or disclosure is required or authorised by or under law;
- Use or disclosure is necessary to prevent a threat to life, health or safety;
- Use or disclosure is necessary to investigate suspected unlawful activity, to prevent or detect a criminal offence or serious improper conduct;
- Use or disclosure is reasonably necessary for the conduct of or preparation for court proceedings; or
- You have consented, either expressly or impliedly, to us disclosing the information about you.
As with most business organisations, COS relies on third party suppliers (agents) to conduct specialised activities such as mail-outs and the dispatch of internet messages. These agents act on behalf of COS and do not facilitate their own commercial agendas whilst processing your personal information. While personal information may be provided to these agents to enable them to perform their agreed tasks, such information remains the property of COS at all times and the agent organisations involved may not use or disclose it for their own purposes.
How do you update your Personal Information and have access to it?
At COS we seek to keep your personal information accurate, complete and up-to-date. Our Account Receivable Team are dedicated to maintaining customer profiles on a daily basis. To assist us with this, please contact us if any of the details you have provided change. If you believe that the information we have about you is not accurate, complete or up-to-date, or is otherwise irrelevant or misleading, please contact us on the details below and we will correct it.
On request we will provide you with access to the personal information we store about you, but only to the extent we are able by law, and are required under the Australian Privacy Principles.
If we are unable to give you the access requested, we will, if reasonable, consider whether the use of an intermediary would allow sufficient access to meet both our needs. We will also provide you with the reasons for our inability to give you the access requested.
Security and Storage of Data
At COS we will take all reasonable steps to store your personal information securely. After all, it is in our interests to make sure you feel confident shopping with us.
Only authorised members in our Customer Service Team and in Marketing, Finance and IT have access to our customers’ and suppliers’ personal information. Their access is subject to strict controls and procedures.
While we strive to protect users’ personal information, the transfer of data over the Internet is inherently insecure. COS cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once COS receives your transmission, it is committed to keeping secure the data you provide us and we will take all reasonable precautions to protect information from loss, misuse or unauthorised access or alteration.
COS retains the information you provide to us including your contact and credit card details to enable us to verify transactions and customer and supplier details and to retain adequate records for legal and accounting purposes. This information is held on secure servers in controlled facilities.
Contact us about Privacy
If you have a complaint about the way in which we handle your personal information or think that there may have been a breach of the Australian Privacy Principles, please contact us on the details below. We will confirm receipt of your complaint and set out the time frame we require to investigate your complaint and provide you with a response, which generally, will be within 30 days of receiving your complaint.
Should you not be satisfied with the outcome, you may contact the Office of the Australian Information Commission:
Telephone: 1300 363 992
Telephone: 1300 882 244
PO Box 7179
Silverwater NSW 2128