PRIVACY POLICY

OUR PHILOSOPHY
Delta Heavy Machinery Supplies (ABN: 29670749658) is committed to protecting and respecting your privacy, handling all personal information safely and carefully in accordance with the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth) (“the Act”). The APPs regulate the collection, use, disclosure, storage, access, correction, and destruction of personal information.
We have adopted this Privacy Policy to ensure our compliance with the APPs. The Policy provides an overview of the types of information we collect and our methods, procedures, and systems for processing such information. Please read this Policy carefully to understand how we manage any information you disclose to us.

WHAT INFORMATION DO WE COLLECT?
We only collect and store information reasonably necessary for us to perform our functions and services and provide you with what you need or what we recommend. The type of personal and sensitive information we collect depends on the services we provide to you, but generally includes your basic contact details and other relevant information. Typically, this includes your name, mailing address, email address, and similar data.

HOW WE COLLECT AND STORE CONFIDENTIAL INFORMATION
When providing our services to you, we may collect your confidential information either verbally or by requiring you to complete forms and documents needed to provide services. We take reasonable steps to store information securely, using a combination of physical and technical safeguards.
Printed information is kept in locked filing cabinets. Electronic information is stored on a local server, secure cloud storage, and/or on password-protected computers kept in secure locations.
We take all reasonable steps to ensure the security of your confidential information, including using appropriate technology and restricting staff access to only those who require it. We also regularly train our staff in the collection, storage, and processing of your confidential data to minimize human error.

WHAT HAPPENS IN THE EVENT OF A DATA BREACH?
A data breach occurs when personal or confidential information is lost or accessed, modified, disclosed, or otherwise misused without authorization.
Examples include: loss or theft of devices containing client data, hacking incidents, or accidental disclosures.
Data breaches may also constitute a breach of the Privacy Act depending on the nature of the incident.
We have a Data Breach Response Plan in place. Our response in the first 24 hours after detection is critical.
While we take all reasonable steps to protect your information, we cannot guarantee absolute security. To the extent permitted by law, we disclaim liability for any loss resulting from a data breach unless otherwise required by law.

THIRD-PARTY PERSONAL AND CONFIDENTIAL INFORMATION
We may request personal or confidential information about other individuals, such as your family members. If you provide this information, you are expected to inform them that you are sharing their details with us and refer them to this Policy.

HOW WE USE YOUR PERSONAL AND CONFIDENTIAL INFORMATION
We may use your data to:

• confirm your identity;
• provide nanny employment services;
• contact you about our services;
• share data with affiliates, subsidiaries, and specialized service providers;
• comply with legal or regulatory requirements;
• conduct internal research, planning, and direct marketing (unless you opt out).
• We won’t use your information for other purposes without your consent unless required for legal or public safety reasons permitted under the Act.

DISCLOSURE AND TRANSFER OF PERSONAL INFORMATION
We may outsource business functions to third parties, meaning your information may be disclosed to or accessed by other entities to help us provide services.
Overseas disclosure may occur when necessary.
While we strive to comply with cross-border data flow requirements, we cannot guarantee foreign recipients follow APPs.
To the extent permitted by law, we disclaim liability for non-compliance by overseas recipients.
You should also be aware that:

• foreign recipients may not be bound by confidentiality obligations;
• legal remedies in foreign jurisdictions may be limited;
• foreign laws may compel disclosure to third parties (e.g., government agencies).

EU GENERAL DATA PROTECTION REGULATION (GDPR)
If we receive personal data from EU residents, we are subject to the GDPR.
We affirm that:

• we process your data lawfully, fairly, and transparently;
• collect only for specified, legitimate purposes;
• ensure data is relevant and limited to what is necessary;
• keep data accurate and up to date;
• retain data only as long as necessary;
• implement appropriate security measures;
• take full accountability for GDPR compliance.
• We require your explicit consent via a signed document. Without it, we may be unable to provide you with certain goods or services.

COOKIES AND WEB BEACONS
If you access this Policy via our website, we may use cookies to store preferences. Cookies don’t reveal personal information unless you provide it voluntarily.
We may also use web beacons (clear GIFs) to track user behavior and analyze page visits.

LINKS TO OTHER WEBSITES
Our website may contain links to third-party sites. We do not control or endorse these sites and are not responsible for their privacy practices.

CHANGES TO THIS PRIVACY POLICY
This Policy reflects our current privacy practices. It may be revised or updated at any time without prior notice. We will endeavor to notify you of changes when practical.

ACCESS AND CORRECTION OF YOUR INFORMATION
You can request access to the personal/confidential information we hold about you and request corrections if the data is inaccurate or outdated.
Please contact our Privacy Officer (details below).

COMPLAINTS
If you wish to make a complaint regarding the handling of your data or this Policy, please submit a written complaint to our Privacy Officer.
We will acknowledge receipt within 14 days and provide a full response within one month.
You may also escalate the matter to the Office of the Australian Information Commissioner if you believe your rights under the APPs were breached.