Every month we'll send you helpful tips about how to get the most out of Op Central, some industry insights, client spotlights and any other relevant content.
You'll also be the first to know about new product modules, special offers and any other exciting opportunities!
Vortilla Holdings Pty Ltd is committed to providing quality services to you, and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information. We have adopted the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au. We comply with the Regulation No. 679/2016, the General Data Protection Regulation, also known as GDPR. This document includes necessary specifications.
Personal Data Controller
Kayla Russell c/o suite 20, 25 Claremont St, South Yarra, VIC Australia 3141. We have appointed a data protection officer who may be reached via firstname.lastname@example.org.
What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers. This Personal Information is obtained in many ways including; interviews, correspondence, by telephone, by email, via our website, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don’t guarantee website links or policy of authorised third parties. We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. Notwithstanding that we may use your Personal Information for marketing purposes, we will not do so without your consent, whether express or inferred, where that consent is required pursuant to the Spam Act 2003 (Cth), Do Not Call Register Act 2006 (Cth) or any other relevant legislation. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing. When we collect Personal Information, we may, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
Personal Data we process
We process only Personal Data User provides us by using our service:
Purpose and legal basis of processing Personal Data
Your Personal Data will be used for the purposes of the Service:
Access to the Personal Data
The use of Personal Data is limited to providing or improving user-facing features that are prominent in the requesting application’s user interface. All other uses of the data are prohibited except in the following circumstances:
Additionally worth noting is that we do not allow humans to read the data, unless;
The Personal Data retention
The Personal Data is stored in the Service until User deletes their account in the service. Access log information might be collected for longer period for the purpose of establishing, exercising or defence of legal claims.
User provides Personal Data voluntarily. Without this we are not able to provide our services. We want you to always be in control of your Personal Data. To this end, you have certain rights that allow for it. Under certain conditions, you may:
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Sensitive information will be used by us only:
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Your Personal Information may be disclosed in several circumstances including the following:
Security of Personal Information
Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure. When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access to your Personal Information
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. Vortilla Holdings Pty Ltd will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information. To protect your Personal Information, we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
This policy may change from time to time and is available on our website.
Note: This policy applies to all data that is provided to us by any means, including via manual entry into the system, and as collected via your voluntarily choice to utilise our integration with third party systems such as but not limited to Google Gsuite and Microsoft Office 365.
1. Marketing Materials Opt In
1.1. The Recipient consents to, and requests that Op Central does, from time to time:
(a) send Commercial Electronic Messages to the Recipient at its Electronic Account; and
(b) make telemarketing calls to the Recipient using its Telephone Number. 1.2. The Recipient acknowledges and agrees that:
(a) for the purposes of section 16(4) of the Spam Act, Op Central may rely upon the Recipient’s entry into this Privacy Agreement as evidencing its consent to Op Central sending Commercial Electronic Messages to its Electronic Account;
(b) for the purposes of section 3 of the Do Not Call Register Act, the consent provided by the Recipient pursuant to clause 1.1(b), is provided until and unless it is expressly withdrawn by the Recipient giving Op Central notice in accordance with clause 1.2(c), and in no circumstances will such a withdrawal of consent be deemed by an effluxion of time; and
(c) it can withdraw its consent provided and referred to in clause 1.1 at any time by:
i. giving written notice to Op Central at email@example.com or any other address notified by Op Central from time to time; or
ii. utilising the unsubscribe facility included in any Commercial Electronic Message sent by Op Central to the Recipient to send Op Central an Unsubscribe Message.
2.1. Commercial Electronic Message has the meaning given to that term by section 6 of the Spam Act.
2.2. Do Not Call Register Act means the Do Not Call Register Act 2006 (Cth).
2.3. Electronic Account includes all email addresses, social media accounts, telephone numbers and any other digital repository which the Recipient provides Op Central at the time of entering this Privacy Agreement or anytime thereafter.
2.4. Spam Act means the Spam Act 2003 (Cth).
2.5. Telephone Number includes all telephone numbers which the Recipient provides Op Central at the time of entering this Privacy Agreement or anytime thereafter.
2.6. Unsubscribe Message has the meaning given to that term by clause 18(9) of the Spam Act.
Certain conduct or relationships can give rise to an ‘inferred consent’. [Schedule 2 of the Spam Act] provides that consent includes consent that may reasonably be inferred from the conduct and the business and other relationships of the individual or organisation concerned.
For example, if the person has an existing business relationship with the sender and as part of that relationship has knowingly and directly provided an electronic address to the sender, then it would be reasonable to infer that the person has consented to receiving commercial electronic messages from the sender.
The following are examples where it is possible that consent may be inferred:
• in undertaking a purchase of goods or services the account-holder has provided an electronic address, except if in the circumstances a reasonable person would not expect to receive future messages. For example, if the recipient had merely provided the address for market research purposes then it would not be reasonable to infer that the person had consented to receiving commercial electronic messages from the sender;
• an electronic address is provided with the expectation (or as a requirement) that it will be used in transactions and may be used for additional communications (eg. online banking/online business);
• online registration of a product/warranty;
• the account-holder hands over a business card containing their electronic address to a commercial entity except if in the circumstances a reasonable person would not expect to receive future messages. For example, if the account-holder had provided the business card for work purposes then it would not be reasonable to infer that the person consented to receiving future commercial electronic messages from the sender which were not related to their work. For example, a public relations manager might reasonably expect to receive press releases announcing new products or promotions, but not a list of the weekly grocery specials.
In addition to inferring consent from a person’s conduct, it is possible to infer consent from the business and other relationships of the individual or organisation concerned.
The following are given by way of examples of the types of relationships from which consent may be reasonably inferred:
• the account-holder purchased goods or services which involve ongoing warranty and service provisions. For example, if a person purchased a car which has a three year warranty from a dealer, then you can reasonably infer consent to receiving associated electronic messages from the dealer relating to the ongoing warranty and service of the car;
• shareholders may reasonably infer consent to receive electronic messages from the company from which they hold shares, and the broker through whom they bought them;
• magazine/newspaper subscriber;
• subscriber to a service (including phone contracts);
• registered user of online services;
• utility/rate payers (is in a business relationship with utility company/ government body);
• subscribers to information/advisory services;
• financial members of a club;
• professional association members;
• frequent flyer/buyer club;
• bank account holder;
• superannuation subscriber
• purchasing a software license;
In addition to a pre-existing business relationship, consent may be inferred where another relationship, such as a family relationship exists. For example, if a person owns a nursery and sends an e-mail message advertising a sale of the goods at the nursery to their family and friends then, notwithstanding that a recipient may not have expressly consented to receiving such a message, consent may be reasonably inferred in this circumstance because of the relationship between the sender and the recipient.
However, consent will not always be inferred where there is a pre-existing relationship between a person and a business. For example, if a person:
• purchases a t-shirt or groceries from a shop;
• attends a concert, performance or movie;
• uses a brand of ubiquitous software;
• or makes a purchase or transaction as an anonymous entity;
then it would not be reasonable to infer that the person consented to receiving commercial electronic messages from the relevant shop or business simply because there was some pre-existing connection between the two parties.
The extent of the person’s consent will also depend on what can be reasonably inferred from the conduct and the relationship. The extent of the consent will be a question of fact to be considered according to each particular set of circumstances.
If a person can establish that the relevant electronic account-holder has consented to the sending of the message (for example through establishing a pre-existing business relationship), then he or she will not be in breach….The defendant bears the evidential burden of establishing consent.