Privacy Policy
Complete Office Supplies Pty Ltd ABN 92 001 634 715 (COS, we, our, us) is Australia’s largest family owned and operated workplace supplier. We recognise and respect the importance of your privacy and that you have a right to control how your Personal Information is collected and used by us.
This Privacy Policy outlines our commitment to protecting the privacy of Personal Information under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth). It applies to all interactions and dealings you may have with us, including but not limited to our suppliers, customers, and employees. By visiting or utilising our Online Platforms, making enquiries about (or utilising) our Services, or otherwise engaging with us, you acknowledge and agree to the terms outlined in this Privacy Policy. Consequently, you consent to our collection, use, disclosure, and handling of your Personal Information in accordance with the provisions detailed herein.
The purpose of this Privacy Policy is to provide you with information on how we collect, use, store and disclose your Personal Information. If you require any further information about our privacy practices, we welcome you to get in touch with us using the contact details set out in section 15 of this Privacy Policy below.
1. Definitions
In this Privacy Policy:
APPs means the Australian Privacy Principles under the Privacy Act which govern the standards, rights and obligations around the collection, use and disclosure of Personal Information, privacy governance and accountability, integrity and correction of Personal Information and the rights of individuals to access their Personal Information.
Online Platforms means the online platforms we operate including cos.net.au and any of our other websites or social media pages (including Facebook, Instagram and LinkedIn) managed by us.
Personal Information has the meaning given to it under the Privacy Act.
Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Privacy Officer means our first point of contact for all privacy related inquiries and matters, who can be contacted using the details set out in section 15 below.
Privacy Policy means this document setting out the policy of COS relating to the privacy and handling of your Personal Information.
Sensitive Information has the meaning given to it under the Privacy Act.
Services means the services provided by us to our customers including the provision of office products for workplaces to organisations throughout Australia.
2. What is Personal Information?
Personal Information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.
Sensitive Information is a subset of Personal Information that is afforded higher levels of protection under the Privacy Act. It includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation, criminal record or health information.
3. Types of Personal Information we collect
In order to provide you with our Services, we often need to collect your Personal Information. If we do not collect the Personal Information or if any of the Personal Information you provide is incomplete or inaccurate, we may not be able to provide the Services, or those Services may be compromised.
Depending on the nature of our interaction with you, the Personal Information we collect may include:
(a) contact details (such as your name, date of birth, address, email and phone details);
(b) prospective employee applications;
(c) health information volunteered by employees through communications such as emails or information provided by contractors not directly related to the employee records;
(d) trade references;
(e) information required for you to do business with us including bank account details, credit card information and any other relevant financial information;
(f) contractor name, address, licence, contact and emergency contact details which are used for the purposes of managing our various contractors in accordance with the requirements of our customers and our business requirements;
(g) information on prior dealings with us; and
(h) any other Personal Information relevant to the Services we provide.
4. How we collect Personal Information
We will always aim to collect Personal Information directly from you, where practicable. We may also sometimes collect Personal Information through:
(a) our Online Platforms (including your interactions with us on our social media platforms);
(b) forms (hardcopy and electronic) filled out by you when acquiring our Services;
(c) orders for our products and/or Services;
(d) third party service providers, including reservation services;
(e) requests to join our mailing or distribution lists or to be contacted for further information about our products and/or Services;
(f) provision of customer service and support;
(g) responses to surveys or research conducted by us or on our behalf;
(h) registration or attendance for events, webinars and workshops organised and/or sponsored by us;
(i) information held by entities we have acquired or merged with; and
(j) entries into competitions or trade promotions conducted by us or on our behalf.
From time to time, we may collect Personal Information about you from third parties, public sources (including your public social media pages) and as otherwise permitted by law. However, please note that we will only collect Sensitive Information (including health information) with your consent and directly from you, where possible.
We only collect and handle your Personal Information that is provided by you, with your consent or where otherwise permitted by law. We will assume that you have consented to us collecting all information that is provided to us in accordance with this Privacy Policy unless you tell us otherwise at the time you provide it to us.
Please note that if you provide us with Personal Information about a third party, you represent to us that the person agrees to us collecting and handling their Personal Information in accordance with this Privacy Policy, and we will collect it on this basis.
5. Use of Personal Information
Our main purposes for collecting, holding, using and disclosing Personal Information are the following:
(a) to supply products or Services to our customers;
(b) performing the necessary credit checks in accordance with our credit application processes;
(c) to notify our customers about our new or existing products and Services;
(d) manage our accounts payment and ordering systems;
(e) managing our business, such as assessing insurance requirements and business processes;
(f) improve our internal procurement management processes;
(g) assisting in the running our business, including quality assurance programs, billing, improving our services, implementing appropriate security measures and training personnel;
(h) improve our relationship with our suppliers;
(i) to distribute material and general information relating to our Services;
(j) to obtain products and services from our suppliers;
(k) to respond to enquiries from existing or prospective customers seeking information about our products or Services;
(l) to enforce agreements between you and us;
(m) to undertake research and surveys and analyse statistical information;
(n) to comply with contractual, legislative and policy requirements including in relation to occupational health and safety and environmental matters; and
(o) as otherwise permitted or required by law.
6. Disclosure of Personal Information
We will generally only use or disclose your Personal Information for the purpose for which it was collected (known as the “primary purpose”). This might be to provide you with our Services. We may, however, also use or disclose Personal Information for another purpose related to the primary purpose where you would reasonably expect it to be used or disclosed for such related purpose (known as the “secondary purpose”) or with your consent (which may be express or implied).
Sometimes, we may be required to disclose your Personal Information to third parties in certain circumstances including:
(a) where disclosure is required or permitted by law;
(b) to our related entities, in accordance with the Privacy Act;
(c) if disclosure will prevent or lessen a serious or imminent threat to someone’s life or health; or
(d) where it is reasonably necessary for an enforcement related activity.
In regards to Sensitive Information, for the primary purpose for which it was collected or for another purpose directly related to the primary purpose where you would reasonably expect it to be used or disclosed for such a directly related purpose.
In some circumstances, we may disclose your Personal Information to overseas recipients including those located in the United States of America, the Philippines and other countries that COS may seek to disclose to from time to time, subject to the APPs. This disclosure is primarily for the purpose of processing customer and supplier payments among other operational needs. Otherwise, generally we will not disclose your Personal Information to overseas recipients, except we are required or authorised to do so by law.
7. Storage and security
At COS we will take all reasonable steps to store your personal information securely. After all, it is in our interests to make sure you feel confident shopping with us. We take security of your Personal Information seriously. Your Personal Information is stored in a manner that strives to protect it from misuse and loss and from unauthorised access, modification or disclosure. Those who work with us are aware of the importance we place on protecting your privacy and their role in helping us to do so.
When the Personal Information that we collect is no longer required, we will remove or de-identify the Personal Information as soon as reasonably possible. We may, however, retain Personal Information for as long as is necessary to comply with any applicable law, for the prevention of fraud, for insurance and governance purposes, in our IT back-up, for the collection of any monies owed and to resolve disputes.
Here are some examples of the things we do to protect your information.
Method |
Examples |
Staff obligations and training |
· Only authorised team members within each department have access to our customers’ and suppliers’ personal information. Their access is subject to strict controls and procedures. · We regularly train and assess our staff in how to keep your Personal Information safe and secure. · Our staff are required to keep your Personal Information secure at all times and are bound by internal processes and policies that confirm this. · Access to Personal Information is controlled through access and identity management systems. · We have security professionals who monitor and respond to (potential) security events across our network. |
System security |
· We store your Personal Information in secured systems which are in protected and resilient data centres. · We have technology that prevents malicious software or viruses and unauthorised persons from accessing our systems. |
Services providers and overseas transfers |
· When we send information overseas or use service providers that handle or store data, we require them to take steps to keep your information safe and use it appropriately. · We control where information is stored and who has access to it. |
Building security |
We use a mix of ID cards, alarms, cameras, guards and other controls to protect our offices and buildings. |
Our websites and apps |
When you log into our Online Platforms, we encrypt data sent from your computer or device to our system so no-one else can access it. |
Destroying or de-identifying data when no longer required |
· We aim to keep Personal Information only for as long as we need for our business or to comply with the law. · When we no longer need Personal Information, we take active steps to destroy or de-identify it. |
8. Access to and correction of Personal Information
At COS, we seek to keep your personal information accurate, complete and up to date. Our team are dedicated to maintaining customer profiles daily. You are always welcome to request that we provide you with access to the Personal Information we hold about you by contacting us using the details listed in section 15 below. Generally, we will provide you with access to the information unless applicable laws allow us to refuse, or prevent us from giving you, access to the Personal Information we hold about you. We will never unreasonably refuse requests to access Personal Information.
Where we agree to provide you with access to your Personal Information, sometimes we may make this conditional on us recovering our reasonable costs of doing so. No fee will be incurred for requesting access, but if your request for access is accepted, you will be notified of the fee payable (if any) for providing access if you choose to proceed with your access request.
You may also lodge a request to correct Personal Information we hold about you if you believe it is inaccurate, incomplete, irrelevant, misleading or out of date. There is no fee for doing this. To do so, please contact us at the contact details listed in section 15 below.
9. Direct marketing
Like most businesses, marketing is important to our continued success and viability. We may use Personal Information we hold about you, from time to time, to send marketing materials to current or prospective customers. We only do so where allowed by applicable laws. Our communications to you may be sent in various forms such as by post or by electronic means (including email and SMS).
If you wish to cease receiving this marketing information, please contact us directly on the contact details listed in section 15 below asking to be removed from our mailing lists, or use the “unsubscribe” or “update your preferences” facilities included in all our marketing communications.
Please be assured that we will never use your Sensitive Information for direct marketing purposes.
10. Our Online Platforms
We sometimes use cookie technology on our Online Platforms. Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. We use them because cookies are useful to estimate our number of visitors and determine overall traffic patterns through our websites.
We may also collect statistical information regarding the use of our Online Platforms, including the domains from which website users visit, IP addresses, the dates and times of visits, activities undertaken on our Online Platforms and other clickstream data. In addition, we sometimes use web beacon technology to monitor email and internet activity on our websites. A web beacon is a clear-pixel image that generates an anonymous de-identified notice of a websites visit when viewed. A web beacon usually works in conjunction with a cookie.
If you do not wish to receive any cookies you may set your browser to refuse cookies. However, this may mean you will not be able to take full advantage of the services on our Online Platforms. If you set your browser to refuse cookies, a web beacon may still be able to generate a notice of your visit but it will not be associated with the information contained in cookies.
11. Third parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information about you by third parties. In such cases, we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party and about your rights under this Privacy Policy.
Our Online Platforms may sometimes contain links to other websites operated by third parties for your convenience. We cannot provide any guarantees regarding third-parties’ information handling policies or the content of third-party websites you may visit. Before disclosing your Personal Information on any other platform, we recommend that you examine the terms and conditions and privacy policy of the relevant platform. Please note that we are not responsible for any practices on linked platforms that might breach your privacy.
12. Employment and recruitment
If you send us an application to be considered for an advertised position (or unsolicited), this information may be used to assess your application or suitability for employment with us. This information may be disclosed to our related bodies corporate and service providers for purposes such as aptitude and psychological testing or other human resources management activities.
As part of the application process, you may be asked for your consent to the use and disclosure of certain Personal Information about pre-employment testing. We may also ask you to consent to the disclosure of your Personal Information to those people who you nominated to provide references. A refusal to provide any of this information, or to consent to its proposed disclosure, may affect the success of the application.
This Privacy Policy does not apply to our handling of information about our employees. Our handling of employee records is exempt from the APPs under the Privacy Act if the act or practice is directly related to:
- either a current or former employment relationship between us and the individual; and
- an employee record held by us relating to the individual.
For information about our practices relating to employee records, please contact us at the contact details listed in section 15 below.
13. Notifiable data breaches
A notifiable data breach scheme is currently in place in Australia. We are committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.
A “data breach” means unauthorised access to, or disclosure, alteration, loss, or destruction of, Personal Information—or an action that prevents us from accessing Personal Information on either a temporary or permanent basis. An “eligible data breach”, in accordance with the Privacy Act, occurs when there is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates and we are unable to prevent the likely risk of serious harm with remedial action.
We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:
(a) take any necessary immediate action to contain the breach and reduce the risk of harm;
(b) determine the cause and extent of the breach;
(c) consider the types of information involved, including whether the personal information is sensitive in nature;
(d) analyse the nature of the harm that may be caused to affected individuals;
(e) consider the person or body that has obtained or may obtain personal information as a result of the breach (if known); and
(f) determine whether the Personal Information is protected by a security measure.
If we believe an eligible data breach has occurred we will, as soon as practicable, notify the Commissioner and all affected individuals or, if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).
14. Changes to our Privacy Policy
Over time, aspects of our business may shift as we respond to changing market conditions and legislative obligations. This may necessitate our policies to be reviewed and revised. We reserve the right to change this Privacy Policy and notify you by posting an updated version of the policy on our Online Platforms. Considering this, we strongly recommend that you review our Privacy Policy each time you visit or use our Online Platforms or provide us with any of your Personal Information.
15. Contacting us
If you have any inquiries or complaints about how we handle your Personal Information, or if you have any questions about this Privacy Policy, we welcome you to get in touch with us by contacting our Privacy Officer at:
Attention: Privacy Officer
Email: timw@cos.net.au
We will endeavour to assess and respond to your query within 30 days. More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Australian Information Commissioner at:
Website: www.oaic.gov.au
Post: GPO Box 5218
Sydney NSW 2001
Email: enquiries@oaic.gov.au