top of page

Privacy Policy

Introduction

DACA Advisory Services Pty Ltd (DACA) is a boutique consultancy based on the NSW Central Coast.

 

DACA offers its services across a range of subject matter areas including

  • Security, risk and privacy. 

  • Policy development, design, delivery and monitoring

  • Business process development and conceptual design

  • Procurement and grant administration

  • Identity and authentication

  • Business case development 

  • Legal and policy assurance 

  • Digital Transformation.

 

DACA also provides music tuition services (currently through the Newcastle Music Academy) and has established The Lakes Music Studio (ABN 28 621 779 851) to provide music tuition services in the Lake Macquarie, Central Coast and northern Sydney regions. This should be operational first quarter 2021. The Studio will collect personal  information consisting of basic personal information (name, address, date of birth [DOB]), a photograph of the student and videoed recordings.  Parental consent will be sought prior to any collection of personal and sensitive information. Given the nature of music tuition services a separate Privacy Policy is being developed for the Lakes Music Studio.

 

As a small business DACA is not normally covered by the Privacy Act, 1988 (Cth). However, DACA has chosen to be treated as an organisation for the purposes of that Act and therefore subject to the Australian Privacy Principles (APPs). 

 

If you have any enquiries about this privacy policy, or wish to make an access or amendment request, please email admin@dacaadvisoryservices.com.au.

 

This policy will be reviewed annually to ensure our information handling procedures remain compliant with Australian privacy law.

The kinds of personal information that DACA collects and holds

We hold personal information about DACA Directors as well as the contact details and resumes of professional Associates and contact details (including names, email addresses and mobile phone numbers) of DACA business clients. 

 

Resumes will generally contain basic personal information (name and address), a photograph of the person (recognising that this is regarded as sensitive information) and details of their qualifications and work experience.

 

This information forms a central component of bids and proposals that DACA prepares for potential clients. These documents are stored both locally (secured laptops) and “in the cloud” by our third party service providers, principally Google, Apple and Microsoft.

How DACA  collects  personal information

DACA only collects personal information if

  • it is reasonably necessary for us to have the information and 

  • it is for a lawful purpose that is directly related to one of our functions.

 

DACA

  • collects personal information directly from the individual concerned unless it is unreasonable or impractical

  • does not collect personal information by unlawful means

  • does not collect personal information that is intrusive or excessive

  • takes reasonable steps to ensure that the personal information it collects is relevant, accurate, up-to-date and complete.

 

If requested DACA will inform a person whether we are likely to hold their personal information, and if so

  • what type of information we hold about them

  • Who will have access to that information

  • the purposes for which it will be used, and

  • how they can access their own personal information.

 

How DACA holds personal information

DACA takes reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.

 

DACA takes reasonable steps to ensure personal information is  securely stored and disposed of appropriately when it is not longer required.

The purposes for which DACA collects, holds, uses and discloses personal information

We will only use or disclose personal information for the primary purpose for which it was collected.

 

Before using or disclosing personal information, DACA will take reasonable steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading.

 

The main manner in which personal information is used and disclosed by DACA is in the form of responses to requests for proposals (RFPs) and requests for quotes (RFQs).  These responses contain personal information of DACA Directors and its Associates, including details of the employment history and experience and qualifications of all individuals likely to be involved in any projects that DACA succeeds in winning through these processes.

How an individual may access and seek correction of their personal information  

DACA will respond within 30 days to requests from people for access to their personal information. DACA will not levy a charge for this access.

 

DACA will allow people to update, correct or amend their personal information where necessary, to ensure it is accurate, relevant, up-to-date, complete or not misleading.

How an individual may complain if DACA or a contractor breaches the APPs or a binding registered APP code

In the event that an individual wishes to complain that DACA has breached an APP the first point of contact will be either by:

 

  • Mail addressed to 

Director 

DACA Advisory Services

31 Bambara Ave

Summerland Point NSW 2259

 

In the event that DACA is unable to resolve the complaint to the person's satisfaction, we will arrange for the matter to be taken to a recognised complaint handling body for mediation. 

 

In the event that this process is also unsuccessful the individual has the right to take the matter to the Office of the Australian Information Commissioner (OAIC).

 

Whether DACA is likely to disclose personal information to overseas recipients (including a related body corporate), and the likely countries that information may be sent

DACA will generally not disclose personal information to overseas recipients.

 

The only circumstance where this would occur is where DACA is lodging a proposal in response to a request from a potential client. In such circumstances all individuals whose information is included in the proposal (Directors and Associates) will be requested to provide written consent for their personal information being disclosed to an overseas recipient.

 

Data Breach Response 

DACA maintains a separate Data Breach Response Plan 

 
 
 
 
 
 
 
 
 
 
bottom of page