NTT ICT is committed to managing the personal information it collects from a person, in compliance with the Australian Privacy Principles of the Privacy Act 1988 (C’th) (Privacy Act). This document describes NTT ICT’s policy for the collection and management of personal information. Personal information is information which identifies an individual or from which a person’s identity can be reasonably ascertained.
In this document, 'NTT ICT', 'we', 'us' and 'our' mean NTT Com ICT Solutions (Australia) Pty Ltd ACN 059 040 998, NTT Com ICT DC Solutions (Australia) Pty Ltd ACN 100 796 405 and NTT Australia Pty Ltd ACN 081 031 432 (the NTT ICT entities).
Collection of personal information
NTT ICT collects personal information so it can inform its customers about its products and services and provide those products and services to its customers.
Directly from you: NTT ICT collects personal information directly from you when we deal with you in person, or when you send us correspondence or when you register to attend one of our conferences or events, including through our websites. Generally, the personal information we collect includes an individual’s name, contact details, customer details, job title, records of any communications and interaction with us, and the products or services you’re enquiring about or we believe may be of interest to you.
Where a person applies for a job with NTT ICT, in addition to your name, contact details, employment history and qualifications, we may also collect sensitive information about you, such as your criminal record. NTT ICT will only collect sensitive information with your consent and in compliance with the Privacy Act.
From a third party: NTT ICT may also collect your personal information from a third party, such as your work colleague or employer (a customer), so we can provide you with information, services or products in a business-to-business transaction for your employer. We may also collect your personal information for our direct marketing activities, from publicly available records or from an entity you’ve provided the information to for direct marketing.
Use of Personal Information
NTT ICT uses the personal information:
- to provide professional services to customers
- to provide technology services and software to customers
- to respond to requests from customers
- to maintain contact with customers and others
- to inform customers and others of its services, seminars and other events
- for business operations and administration
- for business to business direct marketing
Where NTT ICT uses personal information for business to business direct marketing, it does so relying on the exceptions in the Privacy Act. You may notify us if you wish to opt out of receiving any further direct marketing from NTT ICT. In each written communication, NTT ICT will set out its business address and telephone number and electronic contact details for you to contact us.
Disclosure of Personal Information
NTT ICT may disclose personal information to third parties:
- as permitted by law
- to our related bodies corporate or associated entities, or
- if you consent
NTT ICT does not disclose personal information to third parties for the purpose of their direct marketing. Disclosure to third parties will be in compliance with the purpose for which the personal information was collected, or a related or ancillary purpose. Such third parties receiving personal information may include:
- other NTT ICT entities
- third parties contracted as part of an engagement, including subcontractors
- our service providers
- our professional advisers such as accountants, lawyers, insurance brokers and bankers
DISCLOSURE OF PERSONAL INFORMATION TO OVERSEAS ENTITIES
NTT ICT may disclose personal information to overseas entities, such as related bodies corporate and associated entities and service providers. The overseas entities may be located in Japan, Singapore, France, Spain, United Kingdom, Germany, China, United Arab Emirates or the United States. This is not an exhaustive list of countries where personal information may be disclosed. NTT ICT takes steps to ensure that those overseas recipients are obliged to protect the privacy and security of your personal information and use it only for the purpose for which it is disclosed.
Notifiable Data Breach
A data breach is an occurrence where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals, or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure (for example, leaving the information on the bus);
In the case of any data breach or suspected data breach, NTT ICT will undertake an assessment to determine if an eligible data breach has occurred in accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017. In doing so, NTT ICT will consider if the incident is likely to result in serious harm to any individuals.
Reasonable steps will also be taken to ensure that the assessment is completed within 30 days from when it was first suspected that an eligible data breach may have occurred.
If an eligible data breach has occurred, a notification statement will be provided to the Office of the Australian Information Commissioner (OAIC), and the affected individuals. Notification statement will contain the following:
- Organisation and contact details
- a description of the eligible data breach that NTT ICT has reasonable grounds to believe has occurred
- the kind of information concerned
- recommendations concerning the steps that individuals can take in response to the eligible data breach and
- if NTT ICT believes that the eligible breach also affects other organisations, it will provide the identity and contact details of those organisations.
Security and Retention of Personal Information
NTT ICT places a high degree of importance on digital security. We take reasonable steps to protect any personal information that we hold from misuse and loss. We also take reasonable steps to protect it from unauthorised access, modification and disclosure. Any information or data provided to NTT ICT is stored in a secure environment, with access restricted to authorised NTT ICT employees. NTT ICT’s systems have up to date hardware and software security measures.
The personal information you provide to us will be retained only for as long as necessary for the purposes for which it was collected, as required by law or in compliance with our documentation retention policies.
Anonymity and Pseudonymity
You have the option of not identifying yourself or of using a pseudonym when dealing with NTT ICT. However, it will be impracticable for NTT ICT to provide you with information or business to business services if you choose not to identify yourself or use a pseudonym.
We use Google Analytics remarketing codes to log when users view specific pages or take specific actions on a website. This allows us to provide targeted advertising in the future. If you do not wish to receive this type of advertising from us can opt out using the DoubleClick opt-out page or the Network Advertising Initiative opt-out page.”
Access and Correction to Personal Information
You may request access to your personal information held by NTT ICT. If you notify NTT ICT that your personal information is not accurate, we will take reasonable steps to correct that information if we agree it is inaccurate. Under the Privacy Act, NTT ICT must provide its written reasons if it refuses your request for access to, or correction of, the personal information held by it.
How to contact us
General information about privacy may be obtained from the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992. You may also contact the Office of the Australian Information Commissioner if your concerns about access to and correction of personal information are not resolved to your satisfaction.