SJ Establishment (“we”, ”us” or “us”) is committed to protecting and respecting your privacy and the protection of your Personal Information.
This policy sets out the basis on which any Personal Information (as defined in Australia’s Privacy Act (“Privacy Act”)) we collect from users, or visitors of our website, or that is uploaded to our website, will be processed by us.
Users and visitors of our website or owners of Personal Information collected by us (each, “you”) should read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it.
By providing any Personal Information to us, you consent to the collection, use, disclosure, and transfer of such Personal Information in the manner and for the purposes set out below.
What are the relevant legal bases for processing your data?
In accordance with the Privacy Act processing your data is only allowed when we have a sufficient legal basis to do so and unless the legal basis is not specifically mentioned, the following applies:
- Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
- Contract – This is where we process your information to fulfil a contractual arrangement, we have made with you.
- Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
- Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
- Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
The Australian Privacy Principles
The Privacy Act requires adherence to the following Australian Privacy Principles:
- APP 2: Anonymity and pseudonymity. Requires App entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
- APP 3: Collection of solicited Personal Information. Outlines when an App entity can collect Personal Information that is solicited. It applies higher standards to the collection of sensitive information.
- APP 4: Dealing with unsolicited Personal Information. Outlines how App entities must deal with unsolicited Personal Information.
- APP 5: Notification of the collection of Personal Information. Outlines when and in what circumstances an App entity that collects Personal Information must tell an individual about certain matters.
- APP 6: Use or disclosure of Personal Information. Outlines the circumstances in which an App entity may use or disclose Personal Information that it holds.
- APP 7: Direct marketing. An organisation may only use or disclose Personal Information for direct marketing purposes if certain conditions are met.
- APP 8: Cross-border disclosure of Personal Information. Outlines the steps an App entity must take to protect Personal Information before it is disclosed overseas.
- APP 9: Adoption, use or disclosure of government related identifiers. Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier or use or disclose a government related identifier of an individual.
- APP 10: Quality of Personal Information. An App entity must take reasonable steps to ensure the Personal Information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the Personal Information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
- APP 11: Security of Personal Information. An App entity must take reasonable steps to protect Personal Information it holds from misuse, interference, and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify Personal Information in certain circumstances.
- APP 12: Access to Personal Information. Outlines an App entity’s obligations when an individual requests to be given access to Personal Information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
- APP 13: Correction of Personal Information. Outlines an App entity’s obligations in relation to correcting the Personal Information it holds about individuals.
With regard to your Personal Information, you have the following rights:
- Right to information about the Personal Information concerned.
- Right to rectification of inaccurate Personal Information.
- Right to erasure of Personal Information.
- Right to restriction of processing.
- Right to object to processing.
- Right to object at any time to the processing of your Personal Information for the purposes of advertising and data analysis.
- Right to withdraw consent if you have given us consent to process your data.
If you wish to assert one of the above rights, you can contact us using firstname.lastname@example.org at any time.
Information we may collect
We may collect and process the following data which may contain Personal Information:
- information that you provide by filling in forms on our website, including information provided at the time of registering to use our website, subscribing to our newsletter, posting content in our blog, reporting a problem with our website, or requesting further services;
- information, data, documents or images that you upload onto our website;
- details of transactions you carry out through our website;
- details of your visits to our website, resources that you access and actions you are working on through the website;
- if you contact us, a record of that correspondence.
We may also collect and process information about your device, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our business partners. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
To provide our website, we use a web hosting service, who process the data mentioned below and all other data that is processed in connection with the operation of our website on our behalf in Australia, using the services of MSB Solutions.
Collection of access data and log files
We, or rather MSB Solutions on our behalf, collect data on every access to our website on the basis of our legitimate interest. The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address and the requesting provider. Log file information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 7 days and then deleted.
Data storage, Security and Breach Notification
We only store Personal Information for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 10 years, irrespective of the processing purposes.
All information you provide to us is stored on our secure servers and we use State-of-the-art internet technologies to ensure the security of your data. In addition, technical and organisational security measures are used to protect the Personal Information you have provided against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.
Nonetheless, databases or data sets that include Personal Information may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Information may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after which the breach was discovered.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Uses made of the information
We use information held, including Personal Information, in the following manner:
- to ensure that content from our website is presented in the most effective manner for you and for your device;
- to provide you with information or services that you request from us, and to otherwise carry out our obligations arising from any contracts entered into between you and us;
- to provide you with information, listings or services which we feel may interest you, where you have consented to be contacted for such purposes;
- to allow you to participate in interactive features of our service, when you choose to do so;
- to notify you about changes to our services;
- to investigate any complaints relating to the use of our website or any suspected unlawful activities;
- complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;
- any other purposes for which you have provided the information; and
- carrying out whatever else is reasonable or related to or in connection with the above and our provision of goods and/or services to you.
Disclosure of your information
We may disclose your Personal Information to third parties:
- for the purposes of providing the services that you request from us, fulfilling our obligations arising from any contracts entered into between you and us, processing payments in connection therewith or otherwise in connection with your use of our website;
- where a third-party claims that any content posted or uploaded by you to our website constitutes a violation of their rights under applicable law, in which case we may disclose your identity to that third party;
- in the event that we sell or buy any business or assets, in which case we may disclose your Personal Information to the prospective seller or buyer of such business or assets; or
- if we or substantially all of our shares or assets are acquired by a third party, in which case Personal Information held by us about our customers will be one of the transferred assets.
Integration of third-party services and content
We use content or service offers of third-party providers on the basis of our legitimate interests in order to integrate their content and services (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content.
Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information such as visitor traffic on the pages of our website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our website, as well as being linked to such information from other sources.
The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:
- Tag Management: Google Tag Manager and Google Site Tag by Google LLC
- Content Management System: Automattic Inc
- Newsletter, E-Mail Marketing and Analytics: Klaviyo, Inc
- Booking Meetings: Calendly
- Payment Services: GoCardless
Where any Personal Information relates to a third party, you represent and warrant that the Personal Information is up-to-date, complete, and accurate and that you have obtained the third party’s prior consent for our collection, use and disclosure of their Personal Information for the Purposes. You agree that you shall promptly provide us with written evidence of such consent upon demand by us.
You may withdraw your consent and request us to stop using and/or disclosing your Personal Information for any or all of the Purposes by submitting your request to us in writing to
Should you withdraw your consent to the collection, use or disclosure of your Personal Information, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
We endeavour to ensure that all decisions involving your Personal Information are based upon accurate and timely information. However, we rely on you to disclose all relevant information to us and to inform us of any changes in your Personal Information. As such, please disclose all relevant information necessary for us to provide services to you and ensure all information submitted to us is up-to-date, complete, and accurate. Kindly inform us promptly if there are any changes in your Personal Information.
Online presence in social media
We maintain online presences within social media currently on the basis of our legitimate interests as, in order to be able to communicate with our customers, interested parties and users active there and to inform them about our services. We process the data of users if they communicate with us within the social networks and platforms, e.g., write posts on our online presences or send us messages.
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Personal Information and children
Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose Personal Information from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.
Concerns and Contact