This Policy was published on 7 May, 2018. It will take effect on 23 May 2018.
The previous version of this policy can be viewed here.
When you trust Milestone Group with your personal data, we know you expect us to protect it and keep it safe. We are committed to protecting the privacy of the personal data of individuals with whom we deal.
We are bound by the appropriate data protection and privacy legislation and regulations in each of our operating jurisdictions and will protect your personal information in accordance with these regulations. The regulations govern how we can collect, use, hold and disclose your personal data, as well as ensuring the quality and security of your personal data.
Please note that during the course of our relationship with you, we may tell you more about how we handle your information. When you receive this further information, please consider it carefully. Please also visit our website regularly as we update this policy from time to time to comply with any changes in legislation and market practices
What is personal data?
Personal data means personal information, and includes any information or opinion about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal data whether it is true or not and regardless of whether we have kept a record of it.
The personal data that we seek to collect about you will depend on the products or services that we provide. If you do not allow us to collect all of the data we request, we may not be able to deliver all of those services effectively.
To the extent that we process personal data related to data subjects based in the European Economic Area, we are also bound by the requirements in the General Data Protection Regulation (GDPR). For the purposes of this policy, Milestone Group is the controller, meaning we determine the purposes and means of the processing of your personal data.
What kinds of personal data do we collect and hold?
When you use or apply for our products or services or commence employment with us, we may ask for identification information. This could include your name, contact details and job title. We do not collect or otherwise process any sensitive personal data.
How do we collect personal data?
We collect most personal data directly from you. For example, we may collect your personal data when you apply for or use our products or services, visit our website, talk to us in person or on the phone, provide us with your business card, or commence employment with us. We also collect data from you electronically when you interact with us via email or our website. We may collect data about you from third parties, such as event organisers for marketing purposes, or other public domains such as social media, for example via LinkedIn.
What are the lawful basis for processing personal data?
In processing your personal data in connection with the purposes and uses set out in this policy, we may rely on one or more of the following legal bases, depending on the circumstances:
- Where we have obtained your consent;
- Where the processing is necessary for a contract between you and us;
- Where processing is required by applicable law;
- Where processing is necessary to protect the vital interests of an individual; or
- Where we have a legitimate business interest in processing your data and this is not overridden by your fundamental rights, interests or freedoms.
How do we hold personal data?
Much of the data we hold about you will be stored electronically and securely. We may store your personal data on our internal platforms or in third party systems or software such as SalesForce. We take reasonable steps to destroy any personal data that is no longer in use in accordance with regulatory timelines and our records retention policy.
Our purposes and uses of personal data?
We collect and use personal information for the following purposes:
- Providing products or services to our clients;
- Improving our products or services;
- Surveys, contact and feedback forms and registration pages;
- Conducting our internal business operations, including meeting any relevant regulatory or legal requirements;
- Communicating with clients and market participants
Who do we disclose your data with?
If you are an employee of Milestone Group based in the United Kingdom (UK), your personal data may be sent to our external services provider for the purposes of payroll processing. If you are a client or business partner of Milestone Group or an employee based in a country other than the UK, we do not transfer your personal data to any third parties. However, your data may be stored in third party platforms as stipulated above.
Do we transfer personal data overseas?
Due to the international nature of our business, we may need to transfer your personal data to our offices in other countries or to third parties, as noted above. As such, your personal data may be transferred to jurisdictions that have different privacy laws to those that apply in the country in which you are located.
If you are located in the European Economic Area and your personal data is transferred to a country that has not been designated an adequate jurisdiction by the European Commission, we will do so on the basis of standard contractual clauses. These are template clauses related to the transfer of data that have been adopted by the European Commission.
Do we use information for marketing?
We may use your personal data to contact you and offer you products and services we believe may be of interest to you where we have a lawful basis to do so. We may offer you products and services by various means, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising.
If we provide services to you, we may send information to you regarding our services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law.
You may unsubscribe from our mailing list at any time by following the unsubscribe instructions included in every promotional email we send. We will not send you promotional emails from a list you have selected to be unsubscribed from, but we may continue to contact you to the extent necessary for the purposes of any services you have requested or from additional lists you have signed up under.
We have implemented appropriate technical and organisation security measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised processing in accordance with applicable privacy laws
Because the Internet is an open system, the transmission of information via the internet is not completely secure. Although we implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any personal data that you send to us is sent securely.
We will take every reasonable step to ensure that:
- personal data is accurate and, where necessary, kept up to date; and
- any of your personal data that you inform us is inaccurate (having regard to the purposes for which they are processed) are erased or rectified.
We only collect and store data which we believe is relevant to the services we are providing to you or offering to provide or which we are legally obliged to maintain. We undertake regular reviews of our data and delete any data which we believe to no longer required.
We will take every reasonable step to ensure personal data is only stored or processed for the minimum period necessary for the purposes set out in this policy. Milestone Group will retain personal data in accordance with its data retention policy or as required by applicable law or otherwise legally required.
Your legal rights
You may have a number of rights under applicable law, including:
- The right not to provide your personal data to us (however, please note that we may be unable to provide you with the full extent of our services if you do not provide us with necessary personal data);
- The right of access to your personal data;
- The right to request rectification of inaccuracies;
- The right to request erasure, or restriction of processing, of your personal data;
- The right to object to the processing of your personal data;
- The right to have your personal data transferred to another controller;
- The right to withdraw consent; and
- The right to lodge complaints.
We are not required to provide you access if we are unable to identify you, and in certain circumstances we’re allowed to deny your request, or limit the access we provide. For example, we might not provide you access to commercially sensitive information. Whatever the outcome, we’ll write to you explaining our decision.
To exercise any of these rights or to ask a question about your rights, please use the contact details provided below. Please note we may require proof of your identity before we can give effect to your rights. Your request will be investigated reasonably promptly before deciding what action to take and at the latest, within one month. We will provide reasons to you where we do not intend to comply with your request.
Cookies and Third-parties
In addition to our own cookies, we may also use various third-parties services which require cookies to undertake functions such as reporting usage statistics and performance of the Site, allowing us to recognise you each time you return, as well as for conducting market surveys.
Contact us about our privacy and data handling practices
If you are concerned about how your personal data is being handled or if you have a complaint about a breach by us of the Privacy Act, the APPs or the GDPR, please contact us.
Telephone: +61 2 8224 2600
Our Data Protection Officer can also be contacted in relation to privacy concerns by writing to:
The Data Protection Officer
9 Castlereagh Street,
Sydney, NSW 2000,
We will acknowledge your complaint as soon as we can and we will let you know if we need any further information from you to resolve your complaint.
We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days but some complaints may take longer to resolve. If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.
If you are unhappy with our response, there are other bodies you can go to and we will provide advise on how to contact the relevant authority in your country when we respond to your complaint.
We may change the way we handle personal data from time to time for any reason. If we do so, we will update this Policy.
An up-to-date version is available at www.milestonegroup.com/privacy-policy
We, Us or Our means:
- Milestone Group and its subsidiary and affiliated entities.