Privacy Statement - RYCO Hydraulics

Privacy Statement

RYCO Hydraulics Pty Ltd ACN 085 527 724

This statement sets out how RYCO HYDRAULICS PTY LTD 085 527 724 and its associated entities (RYCO, we, our, us) manages your personal information. In handling your personal information, we will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles in the Privacy Act.

As a global organization, we strive to provide a high level of privacy protection across all of our businesses and services and to deploy consistent, rigorous policies and procedures.

This statement does not apply to third-party applications, products, services, websites or social media features that may be accessed through links that we provide on our websites and interfaces. Accessing those links may result in the collection of information about you by a third party. We do not control or endorse those third-party websites or their privacy practices. We encourage you to review the privacy policies of such third parties before interacting with them.

1. What kinds of personal information does RYCO collect?

Personal information is information or an opinion about an identified, or reasonably identifiable, individual. In the course of our business, we may collect the following types of personal information about you:

  • contact and identification information such as name, telephone numbers and relevant addresses (including personal, business and/or email addresses);
  • information about any prior dealings with RYCO, whether in your personal capacity or in connection with a business you represent;
  • account number, account activity, files accessed or used by you, transaction data and any information your provide during a transaction or other transaction-based content that you generate or connected to your account as a result of your transaction;
  • financial data such as logistics and billing data (i.e. customs ID and tracking number);
  • your chat and service history with us;
  • where you are applying for a position with us, criminal record and health information where relevant to our assessment of whether you are able to perform the inherent requirements of the particular role; and
  • where you are applying for, or seeking to guarantee, credit from us, credit-related personal information about you. Please refer to RYCO credit information policy at the RYCO Terms of Sale page for more information.
2. How does RYCO collect personal information?

Generally, we collect your personal information directly from you:

  • whenever you become our customer;
  • whenever you register to use our online services (each time you log in or each time you use them);
  • whenever you fill in forms and contracts that we send to you;
  • whenever you use our services and products;
  • whenever you opt-in to our marketing measures and activities; and
  • whenever you contact us via the various channels we offer you.

There may be occasions when we collect your personal information from other sources such as from:

  • your employer or business associates, where you act as a representative of your employer or business and it is necessary for us to provide our products and/or services to your employer or business;
  • an information services provider;
  • a publicly maintained record or other publicly available sources of information including social media and similar websites; or
  • if for recruitment purposes, an external recruitment or background screening services provider and/or your nominated referees.

Generally, we will only collect your personal information from sources other than you if it is unreasonable or impracticable to collect your personal information from you, or otherwise with your consent.

3. Why does RYCO need your personal information?

We collect, hold, use, record, organise, structure, store, alter, retrieve, transmit, disseminate and disclose your personal information where it is reasonably necessary for, or related to, the following purposes:

  • providing you, or your business, with hydraulic hose, couplings and fittings products and all other products and services provided by RYCO;
  • providing you, your employer or business with commercial credit (see our credit policy at the RYCO Terms of Sale page);
  • accounting, billing and other internal administrative purposes, including communicating with you, responding to your requests, managing your account, customizing your service experience with us, improving our products and services, and personalizing marketing measures and activities;
  • to share your contact details with our affiliate offices around the world within our group companies, for the purposes of internal administration and back-office support, to ensure our network security, and to prevent fraud;
  • to maintain the integrity and safety of our data technology systems which store and process your personal information;
  • to share your contact details with our logistics partners, distributors, and integrators so that they can assist us to deliver our services and products to you;
  • to enforce or defend our policies or contract with you;
  • to detect and investigate data breaches, illegal activities, and fraud;
  • informing you, and communicating with you, about products and services that may be of interest to you, your employer or business, from us or selected third parties;
  • assessing your application for employment with us or otherwise for the purpose of engaging you as a contractor or consultant; and
  • any other legal requirements.

We may also use your personal information for other purposes with your consent or where required or authorised by law.

You are under no obligation to provide your personal information to us. However, without certain information from you, we may not be able to provide our products and/or services to you, your employer or business.

4. To whom does RYCO disclose your personal information?

We disclose your personal information for the purpose for which we collect it (ie. a purpose set out at paragraph 3). This may include disclosing your personal information to:

  • our affiliated entities within our global group of companies worldwide to provide you services such as facilitating order processing and shipping, for internal administration purposes, to detect and deal with data breaches, illegal activities, and fraud, and to maintain the integrity of our information technology systems;
  • relevant regulatory bodies, courts, or law enforcement agencies, to comply with our obligations under relevant laws and regulations, enforce or defend our policies or contract with you, respond to claims, or in response to a verified request relating to a government or criminal investigation or suspected fraud or illegal activity that may expose us, you, or any other of our customers to legal liability;
  • third party service providers whom we sub-contract to work on our behalf or for us and therefore may have access to your personal information only for purposes of performing these tasks on our behalf and under obligations similar to those described in this statement, who perform functions such as conducting customer research or satisfaction surveys, payment processing and invoice collection support, informational systems technical support, to help us provide, analyze, and improve our services and to assist us in detecting and dealing with data breaches, illegal activities, and fraud; and
  • third parties involved in a legal proceeding, if they provide us with a court order or substantially similar legal document requiring us to do so.

We may also disclose your personal information with your consent or if disclosure is required or authorised by law.

5. Overseas disclosure

We may disclose personal information to our related bodies corporate located in New Zealand, USA, Canada, Singapore, Malaysia, China, Peru, South Africa, West Africa and Europe.

We take steps reasonable in the circumstances to ensure any overseas recipient complies with the Australian Privacy Principles or is otherwise bound by a substantially similar privacy scheme.

6. Opting out of receiving marketing communications

In the event you do not wish to receive any marketing communications from us, you can opt-out by contacting us via the contact details set out in paragraph 13 or through any opt-out mechanism contained in a marketing communication.

7. Security of your personal information

We take steps reasonable in the circumstances to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. Some of the safeguards we use are data pseudonymization, data encryption, firewalls, and data access authorization controls. We take our maintenance of security of your personal information very seriously. The security mechanisms used to protect your data are checked and updated regularly to provide effective protection against abuse.

For your confidentiality and security, we use ID and password protection to secure your personal information. It is important for you to protect your ID, password, or any personal information. Do not disclose your password to anyone.

We will destroy or de-identify personal information in circumstances where it is no longer required, unless we are otherwise required or authorised by law to retain the information.

8. Cookies

The RYCO website uses ‘cookies’ which are small pieces of information sent from the website and stored by your browser on your computer’s hard drive. Cookies that we use enable our systems to provide features of our services and allow you to visit our website without re-entering your username and/or password, verify that you have the authorization needed for the services to process your requests, personalize and improve your experience, record your preferences, customize functionalities for your devices, and to improve the functionality and user-friendliness of our services and monitor how our website is used through your computer. This information is used by RYCO to improve and tailor our website functionality and better understand how you interact with our services and to monitor aggregate usage and web traffic routing on our website. You can modify your browser setting by editing your browser options to reject our cookies or to prompt you before accepting a cookie. However, if a browser does not accept cookies or if you reject a cookie, some portions of our services may not function properly.

9. Use of Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. (Google). Google Analytics uses cookies or IP-addresses to help the website analyze how users use the site, to monitor and analyze use of our services. The information generated by the cookie or IP-address about your use of the website will be transmitted to, and stored by, Google on servers. Google will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity, and providing us with other services relating to website activity and internet usage. The IP-address that your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our website. You can also opt-out from being tracked by Google Analytics by contacting us on the contact details below.

10. Access, correction and complaints

RYCO takes steps reasonable in the circumstances to ensure personal information it holds is accurate, up-to-date, complete, relevant and not misleading. Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by RYCO. If at any time you would like to access or correct the personal information that RYCO holds about you, or you would like more information on RYCO's approach to privacy, please contact RYCO’s Privacy Compliance Officer on the details set out in paragraph 13 below.

RYCO will grant access to the extent required or authorised by the Privacy Act or other law and take steps reasonable in the circumstances to correct personal information where necessary and appropriate.

To obtain access to your personal information:

  • you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
  • RYCO requests that you be reasonably specific about the information you require; and
  • if RYCO refuses your request to access or correct your personal information, RYCO will provide you with written reasons for the refusal and details of complaint mechanisms. RYCO will also take steps reasonable in the circumstances to provide you with access in a manner that meets your needs and the needs of RYCO.

RYCO will endeavour to respond to your request to access or correct your personal information within 30 days from your request.

All privacy complaints should be directed to RYCO’s Privacy Compliance Officer. At all times, privacy complaints:

  • will be treated seriously;
  • will be dealt with promptly;
  • will be dealt with in a confidential manner; and
  • will not affect your existing obligations or affect the commercial arrangements between you and RYCO.

RYCO’s Privacy Compliance Officer will commence an investigation into your complaint. You will be informed of the outcome of your complaint following completion of the investigation. In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.

11. European data protection laws

Section 11 applies if you are based in the European Union (EU) during your interactions with us and sets out the additional information that we are required to provide to you under European data protection laws.

Under European data protection laws, use of personal information must be based on one of a number of legal grounds and we are required to set out the grounds in respect of each use.

11.1. Legal grounds for use of personal information

The principal legal grounds for our use of your personal information are as follows:

  • Consent: where you have consented to our use of your information.
  • Contract performance: where we are required to collect and handle your personal information in order to provide you with the products that we have contractually agreed to provide to you.
  • Legal obligation: where we need to use your personal information to comply with our legal obligations.
  • Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

The legal grounds for our use of the sensitive categories of personal information are:

  • Consent: where you have explicitly consented to our use of your personal information. You may withdraw your consent to the use of your personal information.
  • Vital interest: where we need to process your personal information in order to protect the vital interests of you or another natural person where you or the other person is physically or legally incapable of giving consent.
  • Legal claims: where your personal information is necessary for us to establish, exercise or defend any legal claims.
  • Substantial public interest: where we need to process your personal information for reasons of substantial public interest set out in EU law.
11.2. Relevant grounds that apply to each purpose of data processing

In the table below, we have set out the relevant grounds that apply to each purpose of data processing that is mentioned in this Privacy Policy.

Purposes of the data processing Use bases
To provide you with RYCO products and services •   contract performance

•   legitimate interests (to allow us to perform our obligations and provide our products to you)

For sensitive Personal Data

•   consent

To provide you with commercial credit •   consent

•   contract performance

•   legitimate interests (to allow us to perform our obligations and provide our products to you)

For accounting, billing and other internal administrative purposes •   contract performance

•   legal obligation

•   legitimate interests (to allow us to correspond with you)

To maintain the integrity and safety of our data technology systems •   legal obligation

•   legitimate interests (to cooperate with law enforcement and regulatory authorities)

For sensitive Personal Data

•   legal claims

•   substantial public interest

Enforce or defend our policies •   legitimate interests

For sensitive Personal Data

•   legal claims

•   vital interests

•   substantial public interest

Investigation of data breaches •   legal obligation

•   legitimate interests (to cooperate with law enforcement and regulatory authorities)

For sensitive Personal Data

•   legal claims

•   substantial public interest

For marketing purposes •   legitimate interests (in order to market to you) and consent (which can be withdrawn at any time)
Assessing your application for employment or other arrangement •   contract performance

•   legitimate interests

11.3. Disclosure of information outside the EU

Your personal information will be transferred to, and accessed in, countries outside of the EU and we may be required by law to take specific measures to safeguard this personal information. Certain countries outside the EU have been approved by the European Commission as providing essentially equivalent protections to EU data protection laws and therefore no additional safeguards are required to export personal information from the EU to these jurisdictions. In countries which have not had these approvals, we will use appropriate safeguards to protect any personal information being transferred, such as enhanced IT security measures and entering into standard contractual clauses.

11.4. Retention period

Our retention periods for personal information are based on business needs and legal requirements. We retain personal information for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such information. When personal information is no longer needed, we either securely destroy it, or irreversibly anonymise the information (and we may further retain and use the anonymised information).

11.5. Additional Rights Under EU Law

In addition to the rights outlined elsewhere in this privacy statement, under certain conditions you may have the right under EU data protection law to ask us to:

  • provide you with further details on how we use and process your personal information;
  • delete personal information we no longer have grounds to process; and
  • restrict how we process your personal information while we consider an inquiry you have raised.

In addition, under certain conditions, you have the right to:

  • where processing is based on consent, withdraw the consent;
  • lodge a complaint with a supervisory authority;
  • object to any processing of personal information that we process on the ‘legitimate interests’ or ‘public interests’ grounds, unless our reasons for the underlying processing outweighs your interests, rights and freedoms; and
  • object to direct marketing (including any profiling for such purposes) at any time.

You can exercise these rights by contacting us at the details set out at section 13 below.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of client legal privilege).

12. Do not track signals

Certain web browsers send ‘Do Not Track’ signals to websites you visit, advising the recipient website that you do not want to have your online activity tracked. Our website does not currently take any action in response to such signals.

13. How to contact us

For further information or enquiries regarding your personal information, or if you would like to opt-out of receiving any promotional or marketing communications, please contact RYCO’s Privacy Compliance Officer at PrivacyOfficer@RYCO.com.au. Please note you may also contact the Office of the Australian Information Commissioner with any queries or concerns.

If your inquiry relates to European data protection laws you may contact RYCO’s European Representative at PrivacyOfficer@RYCO.eu.

The effective date of this policy statement is 20th June 2018 and it may be updated from time to time. When we change the policy in a material way, a notice will be posted on our website along with the updated privacy statement.