Privacy Policy

YOUR PRIVACY MATTERS

Evolve North – Privacy Policy

Last updated: 27 July 2023

1. Introduction

Background

This Privacy Policy (Policy) applies to Direct Hospitality Pty Ltd (ABN: 85 600 668 602 trading as ‘Evolve North’ and related brands, businesses and entities throughout Australia including but not limited to: Evolve North, Streamline Supplies, Conical, Monarch Paper, Perq, and Coffee 2 Your Door (‘we’ , ‘us’ ‘our’).

We manage personal information in accordance with the Privacy Act 1988 (Cth) (‘Privacy Act’) and the Australian Privacy Principles as set out in Schedule 1 of the Privacy Act (the ‘APPs’), and any other privacy laws which may apply to your personal information.

This Policy relates to any personal information that we collect, hold, disclose and/or use in our business, including via our related social media pages, applications (‘Applications’), internal websites, intranet or websites (‘Websites’), including but not limited to –

This Policy incorporates our Credit Reporting Policy which sets out how we use, collect, store and disclose credit information.

Changes to this Policy

We reserve the right to update or change this Policy at any time and you should check this Policy periodically. Your continued use of the service that we provide after we post any modifications to this Policy on our websites will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

Personal Information

Throughout this Policy we refer to “Personal Information” which is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

Sensitive information

“Sensitive Information” is a subset of Personal Information, and includes information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, or health, genetic or biometric information.

2. What kinds of personal information is collected and held?

We collect and hold information about our employees, contractors who provide us with a service, our customers, our suppliers, job applicants, applicants who wish to open commercial credit accounts with us or apply to be a guarantor in relation to such credit, and other people who may come into contact with us or one of our businesses from time to time.

The information we collect, and hold includes, but is not limited to:

• Your first name and surname
• Address
• Email addresses
• Contact phone number
• Facsimile number
• Credit information/ credit eligibility information (for further information see the “Credit Reporting” section of this Policy)
• Employment information (see section 8 for further information)
• Marketing information.
• Date of birth
• Gender
• Individual preferences
• Supplier account details
• Sensitive information

We will not collect Sensitive Information unless the person to whom it relates consents to the collection of that information, and the information is reasonably necessary for one or more of our functions or activities, except where the collection is required or authorised by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) life or health, or is necessary in relation to legal proceedings (current, anticipated or potential), or another permitted exception in the Privacy Act (or other applicable privacy law) applies.

3. How do we collect and hold Personal Information?

3.1 Directly

We collect personal information directly from our customers when they provide it to us. For example:
• when requesting quotes/information via Website enquiries, purchasing goods or services over the telephone, facsimile or
email or submitting a form;
• when you interact and/or browse the Website or any Application associated with it, generally or for a specific purpose
(see the section ‘Passive collection of information’ below for more information on how we collect information when you use
our Websites and Applications); and
• when you provide Personal Information to submit a credit account application.

3.2 Indirectly

We may collect information indirectly, for example:
• via our Websites; including but not limited to opt-in forms, enquiries, log data and cookies,
• from your website,
• from media and publications,
• from other publicly available sources and from third parties, such as a credit reporting body.

3.3 Third party providers

We collect, process and store analytical data about visitors to our Websites and users of our Applications. We collect, process and store this analytical data using third party analytics software that is, to the best of our knowledge, secure and confidential. This analytical data is used to gain an understanding of user behaviour, perform system critical operations, and in extraordinary circumstances (including where permitted, required or authorised by law), for legal reasons. Anonymous user data is shared between third party services in order to gain insight as to aggregate user behaviour.

We also use analytic data insights to target users through remarketing, demographics, interests and website behaviour. Third party vendors, including but not limited to Google and Facebook may show our ads on sites across the internet. We and third party vendors, including but not limited to Google, make use of third party cookies together in order to inform, optimise and serve ads based on past visits to a website. We make use of demographic data (such as age, gender and interests) obtained through third party tools in order to, but not limited to: influence marketing spend and communicate internally and externally the aggregate behaviour.

3.4 Combining/linking Personal Information

Other than as referred to elsewhere in this Policy, we will not facilitate the merging of personally identifiable information with non-personally identifiable information without prior user consent to that merger to optimise our Website and Website marketing. For example, we may collate Personal Information data and aggregate data for the purpose of comparing marketing costs with revenue on a transactional basis. If you are logged into our Website or Application, the analytical data that we collected about your use of the Website or Application (which would ordinarily be non-personally identifiable) will be associated with your account and personal information.

3.5 Passive collection of information – Direct Marketing and Behavioural Advertising

As you navigate through our Websites and access our Applications, certain information will be passively collected (that is, gathered without your actively providing the information) using various technologies, such as cookies, Internet tags or web beacons, and navigational data collection (log files, server logs, and clickstream data).

For example, we may collect information about matters including but not limited to the date, time and duration of visits and which pages of a Website or Application are most commonly accessed. This information is generally not linked to the identity of visitors, except where the Website or Application is accessed via links in an email or another electronic message we have sent or where we are able to uniquely identify the device or user accessing a website or Application, such as when you are logged into an account.

We may share hashed portions of your information with certain strategic partners to make our business more responsive to your interests and/or those of like-minded consumers. For example, we may aggregate your email address together with the email addresses of others who place Enquiries on our Site, locally hash such data, and transmit the resulting hashed data to third parties including but not limited to Facebook/LinkedIn/Google for the purpose of creating “Custom Audiences” (where targeted advertisements are sent to people on Facebook who have already been on our Site), and “Lookalike Audiences” (where targeted advertisements are sent to people on Facebook/LinkedIn/Google who have similar characteristics to people on our Custom Audience list).

Where we use Personal Information for promotional or direct marketing purposes, a person may at any time request that we not use their Personal Information for sending direct marketing material to that person including if you wish to opt-out of the use of certain hashed portions of your Personal Information. Such a request can be made by contacting us in writing at the contact details at the end of this Policy. There is no fee for making such a request.

Direct marketing can include for example: Displaying an advertisement on a social media site that an individual is logged into, using Personal Information, including data collected by cookies relating to websites the individual has viewed.

3.6 Cookies & Web Beacons

We use cookies on our websites. Cookies are text files placed in your computer’s browser to store your preferences. Cookies, by themselves, do not tell us your e-mail address or other personally identifiable information. However, once you choose to furnish the Websites with personally identifiable information, this information may be linked to the data stored in the cookie.

We may use web beacons on the Websites from time to time. Web beacons or clear. gifs are small pieces of code placed on a web page to monitor the behaviour and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.

3.7 Unsolicited information

Where we receive your personal information, and we did not solicit the information, we will assess whether we are permitted to retain that information under applicable privacy laws. If we determine that we are able to retain that information, we will take reasonable steps to notify you (or otherwise ensure that you are aware) of our receipt of your personal information within a reasonable time. If we determine that we could not have received the information under the APPs, we will use our best endeavours to destroy or de-identify the information. We may use or disclose the information to make such a determination.

3.8 Security

We act to safeguard the security and privacy of your information, whether you interact with us personally, by telephone, mail, over the internet or other electronic medium. We strive to take reasonable steps to protect the information we hold from misuse, interference, loss and unauthorised access modification or disclosure; however, we cannot guarantee its absolute security.

We store information both in hard copy paper form and in soft copy electronic form. Where the information is of a sensitive nature, we will take particular steps to secure the information.

In certain circumstances we use third party IT service providers to manage and store back-up data and for cloud data storage to hold information that is stored in soft copy electronic form.

When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However most personal information is stored in client files which will be kept for a minimum of seven years.

4. The purposes for which we collect, hold, use and disclose Personal Information.

We collect this Personal Information in various ways in the course of conducting business, including for the purposes of:
• Contacting customers
• Providing goods and services to customers
• Acquiring goods and services from customers
• Providing information to customers
• Providing newsletters and discounts to customers via e-mail
• Responding to customer queries in relation to our products and services
• Interaction with customers who utilise our website
• To better understand your needs, enabling us to improve our products and services
• To customise our websites according to your interests
• To make improvements to the Websites to enhance the user experience
• Direct Marketing and Behavioural Advertising
• Promotional and marketing activities
• Monitor the effectiveness of our advertising
• the purposes set out in the “Credit Reporting” section of this Policy

5. Disclosures of your Personal Information

5.1 General

We may disclose your personal information to our related companies, service providers and specialist advisers who have been contracted with administrative or other services, insurers, credit providers, a person authorised by you to access the information. We may also disclose personal information to others if required or authorised to do so by law. We do not guarantee website links or the privacy policies or practices of the third parties who operate the websites that are accessible via those links.

We do not sell, publish, or give away your information to any other party that can be associated with you.

5.2 Overseas disclosures

We do not generally disclose personal information directly to recipients outside of Australia in the ordinary course of our business operations. However, some of the service providers we use may utilise offshore servers and other data hosting and processing facilities located outside of Australia.

For example, we use the ezyCollect software platform to automate our accounts receivables activities (such as issuing
invoices and payment reminders). ezyCollect is an Australian-registered business, but it uses cloud services, and as such, its
servers may be located either in Australia or overseas (including in the Philippines and other countries). You can find further
information in ezyCollect’s privacy policy, which is available here: https://ezycollect.io/privacy-policy/

In limited circumstances where we do send personal information offshore, we will comply with the relevant requirements under the Privacy Act and any other applicable privacy laws.

Web traffic information is disclosed to our third party analytics providers when you visit our Websites or use our Applications. These third party providers may store information across multiple countries.

When you communicate with us through a social network service such as Facebook or Twitter, the social network provider and its partners may collect and hold your personal information overseas.

6. How can you control your Personal Information?

6.1 Access to your Personal Information

You may request access to the Personal Information we hold about you, and request that we update and/or correct any errors in that Personal Information at any time. If you would like to request access to (or correction of) your Personal Information, please contact us in writing using the contact details at the end of this Policy.

We will not charge any fee for your considering your access or correction request. However, we may charge a reasonable administrative fee to cover our costs in providing you with a copy of your personal information.

We will take reasonable steps to ensure the accuracy and completeness of the Personal Information we hold. However, if a person believes that any Personal Information that we hold about them is inaccurate or out of date, then they should contact us in writing via our contact details at the end of this Policy.

We will grant a person access to (or correction) their Personal Information within a reasonable time, subject to the circumstances of the request. We will handle all requests for access to (or correction of) personal information in accordance with our obligations under the Privacy Act or the relevant privacy legislation. Generally, we are required to provide you with access and/or correction of your personal information unless a relevant exception applies. On the rare circumstances where we refuse an access or correction request we will provide you with our reasons for doing so.

We may require verification of identity when you make a request to access (or update) Personal Information. This is so that we can ensure your Personal Information is disclosed only to you.

6.2 Complaints

You can contact us in relation to lodging a complaint about a breach of the APPs, a binding registered APP code or in relation to a credit reporting issue, via our contact details at the end of this Policy.

We will assess the complaint and will respond to you within a reasonable timeframe. Any further action following this initial response will vary depending on the nature of the complaint.

If you are not satisfied with our response to your complaint, you may take your complaint to the Office of the Australian Information Commissioner (OAIC) or to any other review body with jurisdiction.

The OAIC’s contact details are:
Office of the Australian Information Commissioner
GPO Box 5218, Sydney NSW 2001
Telephone: 1300 363 992
Email: enquiries@oaic.gov.au

6.3 Opt-Outs

You can opt out of many types of behavioural based digital advertising by visiting www.youronlinechoices.com.au/opt-out. If you would like us to stop using your personal information for behavioural based digital advertising (for example providing hashed portions of your Personal Information to advertising platforms such Google, Facebook and LinkedIn), you can optout by writing to us via the contact details at the end of this Policy.

If you wish to install an advertisement blocking program, an example is provided at: https://chrome.google.com/webstore/ detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en

You may also opt out of our direct marketing emails and our other promotional or direct marketing activities by clicking on the link contained in any such emails or by writing to us via the contact details at the end of this Policy.

7. Credit Reporting

We may also collect, hold, use and disclose credit information and credit eligibility information about you to:
• assess and process credit related applications
• develop our credit assessment and credit worthiness rating system
• manage credit that we provide
• assist you to avoid defaults in relation to credit
• collect overdue payments in relation to credit
• report serious credit infringements
• assess the credit worthiness of an applicant to become a guarantor in relation to credit
• establish and operate our customers’ credit accounts
• obtain credit information about applicants for credit
• obtain credit references about individuals from their credit providers
• participate in the credit reporting system
• allow credit reporting bodies to create and maintain credit information files about individuals and notify defaults to other
credit providers, industry credit bureaus and debt collectors
• deal with complaints or regulatory matters relating to credit or credit reporting
• assign our debts or otherwise when required or authorised by law.
This includes collecting credit information from or disclosing credit information to credit reporting bodies. They in turn may
include it in credit reporting information they provide to other credit providers to assist them to assess your credit worthiness.
Credit reporting bodies may use the information in reports provided to credit providers to assist them to assess your credit
worthiness. In the event that you default on your payment obligations pursuant to the credit provided to you or commit a
serious credit infringement, we may be entitled to disclose this information to a credit reporting body.
Credit information can include:
• identification information
• details about information requests made about you to credit reporting bodies
• current and historical details about credit applications you have made and credit arrangements you have entered into
• information about overdue payments, default listings and about serious credit infringements and information about
payments or subsequent arrangements in relation to either of these
• various publicly available information like bankruptcy and credit-related court judgments
• credit scores or risk assessments indicating an assessment of your credit worthiness.
Credit information relates primarily to your dealings with other credit providers (for example, banks, other financial
institutions, or other organisations that may provide you with credit in connection with their products or services). It may also
include certain credit worthiness information that we derive from the data that we receive from a credit reporting body.
Sometimes we may collect this information about you from other credit providers.
You have the right to request credit reporting bodies not to:
• use your credit reporting information for the purposes of pre-screening of direct marketing from credit providers; and
• use or disclose your credit reporting information if you believe on reasonable grounds that you have been or are likely to
be a victim of fraud.
Currently we primarily use the following credit reporting bodies:
• Equifax (GPO Box 964 North Sydney NSW 2059)
• Creditor Watch Pty Ltd (GPO Box 4029 Sydney NSW 2001)
• Building Industry Credit Bureau (P O Box 2157 Fortitude Valley, BC Queensland 4006)
• QBE Insurance (Australia) Limited (qchecksupport@qbe.com)

8. Employees

We collect information in relation to employees as part of their job application and during the course of their employment, either from the employee directly or, in some cases, from third parties such as recruitment agencies, referees, government bodies (e.g. police checks, if required) and academic and professional bodies (e.g. to validate details and currency of qualifications).

The information we collect may include contact details, qualifications, resume, current and former employment details, pay rate and salary, bank details, feedback from supervisors, training records and logs of the employee’s usage of our equipment (e.g. phones, computers and vehicles). We may use various technologies to log employee usage of our equipment (such as GPS tracking devices in company vehicles).

We may also collect details of disabilities, allergies and health issues that may impact the employee’s role, or which arise while on our premises or in the performance of the employee’s duties, so we can accommodate and otherwise assist the employee with any such health requirements or incidents.

Under the Privacy Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship. We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.

9. Contact Us

If you have any questions about or would like a hard copy of this Policy, please contact us.
Evolve North
12 Industrial Road
Shepparton VIC 3632
Email: david@evolvenorth.com.au