What information do we collect about you when you engage with us?
When you engage with us, as a prospective client or client, we collect personal information that you provide to us, such as your name, email address and personal particulars. This enables us to review your situation, provide general advice, and offer relevant services to you.
When you browse our websites, we automatically receive your computer’s Internet Protocol (IP) address. This provides us with information that helps us to learn about your browser and operating system and improve your browsing experience.
What additional information do we collect about you when you become our Client?
If you become our client, while we are actively managing your case, we will be collecting detailed information about you and your family, your employer and other relevant parties as required to carry out the services for which you have engaged us. Such data may include your name, address, phone number, date of north, marital status, passport number, educational background and work history. We may obtain this information through questionnaires which you voluntarily complete, and through third party providers such as employers and educational institutions.
We use this information in order to provide you with migration and consulting services in accordance with the law of the day.
Sensitive personal data, which may include race or ethnic origin, sexual orientation, physical or mental health condition, character matters or prior convictions, may be collected if required to carry out our services to you; and such data is afforded the highest level of protection.
Your consent to receive information.
With your permission, we may send you emails about relevant information that you have requested; updates about changes in migration law, and marketing emails including access to free downloads and products; information about webinars and events, blog posts, you tube videos, and reports.
When you provide us with person information to complete a transaction, verify your credit card, or place an order, we understand that you consent to our collecting it and using it only for that specific reason.
If we ask for your information for a secondary reason, such as newsletter subscription or marketing emails, we will ask you directly for your expressed consent and provide you with an opportunity to withdraw your consent at any time through an “unsubscribe” button on each marketing email.
If you engage us to manage a case for you, you will receive important emails through both our automated customer relationship management system, and through direct, non-automated emails. You can withdraw your consent to receiving emails, however this may materially affect how we work with you as you may risk missing out on receiving mission critical information. In this case you would need to contact us as described below to discuss, as email contact is important to us in carrying out our contracted services to you.
You may withdraw your consent at any time by contacting us by email at firstname.lastname@example.org , or by sending mail to us at Ten Heads Migration and Education Consultants, 18 Meera Street, Spring Mountain, Queensland 4300 Australia.
Disclosure of Information
We do not sell, rent or otherwise disclose your personal information to any third parties, including but not limited to advertisers, strategic partners or vendors, unless we have your express consent to do so, or unless there is a legal requirement for us to do so.
Some of your data may be accessed by our appointed contractors for the purposes of managing our business operations such as websites. Before appointing a contractor we make inquiries with them and are satisfied that they have in place compliant systems for management of personal data. This is also mentioned under section 6.
We may share the information you have provided to us if we are required by law to do so, or as required to carry out the specific services that you have engaged us to provide. For example, we may disclose your information to government agencies, translators, education service providers, couriers or other necessary entities. We take steps to ensure that only the requisite information is provided.
How we Protect your Personal Information
To protect your personal information, we take reasonable precautions and follow industry best practice in terms of data storage and privacy, in accordance with the Migration Agents Registration Authority Code of Conduct. https://www.mara.gov.au/becoming-an-agent/professional-standards-and-obligations/code-of-conduct/
We seek to ensure the information that we hold about you is accurate, complete, and otherwise reliable, in the interests of providing you with comprehensive and accurate services.
We maintain appropriate administrative, technical and physical safeguards to protect against loss, misuse, unauthorized access, disclosure, alteration or destruction of personal information.
We educate our employees and strive to maintain appropriate standards of conduct with regard to protection of your data.
Accessing your Data
To protect your privacy, we take reasonable steps to verify your identity before giving you access to information. If you wish to find out what personal information we hold about you, please contact the Privacy Compliance Officer at Ten Heads, as detailed at the end of this document.
Data Storage, Security and Retention
As a client, we may store your data on our LEAP Migration Manager program and our secure server. Access to client files is restricted to registered migration agents and paralegals who may be working on your file; and is protected by password.
Our shopping cart and customer database is hosted and managed by Infusionsoft, which provides an e-commerce platform that allows us to sell services and products to you. Your data is stored through Infusionsoft’s data storage and databases, on a secure server behind a firewall. Further information about Infusionsoft’s compliance with GDPR can be found here: http://www.infusionsoft.com/legal
To enable us to carry out some client related functions, such as creating a Client Engagement Letter, we store some of your information on our own company website. Your data is stored on a secure server behind a firewall. The data is only stored for the time it is required to be kept for the purposes on file.
In general terms, we would retain your data while we have a legitimate reason to hold it or use it. Our obligations in law under the Migration Agents Registration Authority’s Code of Conduct require us to hold client files for seven years after the last entry on a person’s file, unless otherwise specified by law.
Third Party Services
To assist us to carry out our business activities in an effective and lawful manner, we use third party provided services for certain functions including payment gateways, CRM and specialist industry software.
In general, the third party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
Certain third party providers, such as payment gateways, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
When you click on links on our website, they may direct you away from our website. We are not responsible for the privacy practices of other sites and we encourage them to read their privacy statements.
If you complete your purchase through a direct payment gateway, then Infusionsoft will store your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is only stored as long as necessary to complete your transaction, and then it is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, and American Express.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Questions and Contact Information
If you would like to access, correct, amend or request that we delete any personal information we have about you, or if you require further information, please contact our Privacy Compliance Officer at email@example.com or by mail to: Ten Heads Migration and Education Consultants, 18 Meera Street, Spring Mountain, Queensland 4300 Australia