Protecting Your Information
Thomson Reuters (Professional) Australia Limited (us/we) is part of the global Thomson Reuters group of companies (the Thomson Reuters Group). We recognise that protecting your personal information is a fundamental part of our successful engagement with you.
- Why we collect, hold and use personal information
- The types of personal information about you that we collect and hold
- How we collect and hold personal information
- When we disclose personal information including when we disclose it overseas
- How and when you can ask to see it or have it corrected
- What you need to do if you have a complaint about the way we have collected, used, held or disclosed your personal information
Why we collect hold use or disclose your personal information
Information that personally identifies you may be used by us to:
- provide you with the product or service you have ordered;
- manage your account with us;
- inform you about other products and services that we think might be of interest to you;
- improve the products and services we offer; or
- otherwise better meet your needs and preferences.
It should be clear each time you are asked to provide information, why that information is being collected. For example, you may be asked to supply an address so that a product can be shipped to you. In some instances, if you do not provide the personal information we have requested from you, we may not be able to provide you with access to our products or services.
This policy applies generally to our customers, suppliers and business partners. However we may also use personal information provided by supplier organisations to:
- to manage our accounts payment and order systems;
- to improve our internal procurement management processes;
- to otherwise improve our relationship with our suppliers.
We may use your personal information for the purposes of direct marketing if you gave us that information directly, it is reasonable to expect that you would receive this type of information from us and you have not already asked us to stop.
If we collect personal information about you from someone else or you are not aware that we have collected personal information about you, we will take reasonable steps to notify you or otherwise ensure that you are aware that we have collected your information and the circumstances of that collection. We will ensure that in our direct marketing communications, you can tell us to stop sending you marketing communications and we will make it easy for you to tell us to stop.
If you provide us with your home, mobile telephone number or your email address; you agree that we can contact you by calling you or using email, SMS or MMS on that number or via that email address until such time as you to tell us to stop.
At any time, you can tell us to stop sending you information about our products and services by contacting us via LTA.Privacy@thomsonreuters.com. and we will stop.
If we receive unsolicited personal information about you from a third party and it is clear to us that we should not have collected that information (as long as it is lawful and reasonable) we will destroy or securely delete that information.
The types of personal information that we collect and hold
In the course of doing business, we may collect and hold information about the organisations with whom we engage as customers, partners or suppliers. We may also collect and hold information about individuals within those organisations or individuals with whom we or our customers engage directly.
Please note that the type of personal information we collect and hold depends on the nature of our interaction with you. We only collect and hold personal information that is reasonably necessary depending on the nature of the interaction. The types of information we collect and hold typically include name, address, telephone number and email address. In certain circumstances we also collect and hold credit card and bank account information, mostly from customers and suppliers where we either make or receive a payment.
In more limited circumstances (e.g. our web based solutions about which there are more details below or for credit purposes), we may collect or hold date of birth, tax file or other equivalent identifying numbers, bibliographic information, employment history, association membership, passport information, photographs and driver’s licence details.
We will not collect from you any sensitive information revealing your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships or details of health or disability.
Exceptions to this include:
- where you have given us express consent and the information is reasonably necessary for us to carry out our functions or activities;
- the use of this information is required or authorised under Australian law or a court or tribunal order; or
- when the information is necessary for the establishment, exercise or defence of a legal claim.
How we collect and hold your personal information
In general, our policy is that we only collect and hold personal information for the purpose that was specifically or reasonably apparent at the time of collection.
Our websites record standard information such as time, date and URL of request, your IP address (or in some cases the IP address of your company or your Internet service provider’s Internet gateway), referrer URL (the web page you arrived from) and details of your Internet browser. This information is recorded by all web servers and is used to improve the functionality, structure and performance of our web sites. It is also used as an audit trail to ensure security and integrity of our web servers.
We also track the pattern of visitor usage across the sites by issuing an anonymous user ID via a cookie. A cookie is a small data packet given to your web browser by our web servers that the browser stores in a text file on your computer. This user ID is sent back to our servers each time you view a page from our servers. This ID is deleted at the end of your session. In addition, we use a persistent cookie to hold user preferences on site operation. These preferences are accessed by your browser to configure the operation of the site to your requirements.
Cookies can make using the sites easier for you by storing information about your preferences on the web sites. This will enable you to take full advantage of the services and features that our sites offer. If you prefer not to receive cookies, you may be able to change the settings of your Internet browser to disable cookies or to warn you when cookies are being used. This may preclude you from using some services or enhanced functionality.
Cloud Based Solutions
In some cases, you might provide personal information to us by entering it into our cloud based solutions because you want us to host that information for you or your information may be disclosed to us by an organisation with whom you interact and to which we provide a cloud based service.
Examples of such services include eRecruitment, some ONESOURCE solutions, BizActions, Cleardocs, InfinityLaw and Findlaw. When we collect or hold personal information in this way, it is only used or disclosed for the purpose contemplated by you or the organisation that has disclosed that information to enable us to provide the service sought. This information may be stored on our web servers, but will only be accessed by us to provide technical support or to carry out other functions reasonably necessary to provide the service. This information will not be disclosed in any other way without the individual’s express authorisation.
Integrity and Security of your Information
Our obligation is to ensure that information about you that we collect, use and disclose is secure, accurate, up-to-date and complete. We employ a number of different strategies to protect personal information. These include, depending on the service and the nature of the personal information held in the relevant system:
- Secure Sockets Layer and other encryption technologies
- Firewalls and Intrusion Detection Systems
- Virus protection Back-ups
- Regular vulnerability and penetration testing
- Restricted access
- Security Policies and Staff Training
We strive to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure, however data transmission over the Internet cannot be guaranteed to be 100% secure because risks do change over time.
Where you are required to log in to access one of our products or services, we recommend that you always log out after each session and close the browser when finished; particularly when accessing the product or service from a public terminal. For obvious reasons, please do not send credit card information through unsecured electronic mail or share your passwords with anyone else.
If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it; we will take reasonable steps to destroy, de-identify or securely delete your personal information.
Disclosure to third parties and overseas
In some cases we engage other companies within the Thomson Reuters Group or we contract with a third party to perform services on our behalf. Further information about these types of services is detailed below. When we do this, we will only provide them with such information about you as they need to perform those services and we will make it clear how they should handle your personal information. They will not be permitted to use information about you for any purpose except to perform the services we have specifically asked them to provide.
Examples of Services provided by Third Parties on our behalf:
- technical support and development
- website monitoring and operations
- security audits and penetration testing
- data hosting
- financial services
- editorial and production services
- sending mail, faxes and emails
- processing orders
- providing marketing support and research
- debt collection
Sometimes the Thomson Reuters’ entity or third party provider is located overseas. The territories to which we currently disclose personal information are listed here. This list may change from time to time and we will update this information.
When we disclose personal information outside of Australia, we will take reasonable steps to require the overseas recipient to comply with Australian Privacy Principles unless the recipient is subject to laws that would protect your information in a substantially similar way to the Australian Privacy Principles. For example, if that country has laws that enable you to take action to enforce your rights in a similar way.
By providing your personal information to us, or to the third party with whom we contract, you consent to the transfer of that information to our third party service providers who are located outside of Australia for that purpose.
Such third party service providers may store and process information provided by you on servers located outside of Australia. Countries include New Zealand, Singapore, India, the Philippines, Canada, USA, United Kingdom, Costa Rica and Argentina.
Marketing by Thomson Reuters
We may share information about you with other business units across the Thomson Reuters Group so that they can tell you about other products and services offered by Thomson Reuters. This may involve providing your personal information to Thomson Reuters’ companies within and outside of Australia including in the countries listed above. We will require these other Thomson Reuters group companies to agree to strict conditions governing how this information will be used. By providing your personal information you consent to the transfer of that information to entities in the Thomson Reuters group of companies located outside of Australia. We do not share your personal information with third party organisations to market products and services to you unless you have provided your express consent.
If you are registered as a user of one of our e-recruitment services for the purpose of lodging job applications, your personal information will be made available to the organisation that you have specifically applied to. We provide that information to the relevant organisation for recruitment purposes only. In order to consider an application fully, your personal information may be forwarded to an organisation’s global offices.
Links to third parties
Access to information we hold about you
If you ask to see the personal information we hold about you, we will respond to your request as soon as we reasonably can and where feasible we will provide access to the information in the manner you request at no charge unless it involves a lot of work.
You can send requests for information to Privacy Officer, Thomson Reuters (Professional) Australia Limited 100 Harris Street, Pyrmont NSW 2009 or email at LTA.Privacy@thomsonreuters.com
Sometimes we cannot provide access, for example if:
- It would pose a serious threat to life, health or safety or unreasonably impact the privacy of another individual;
- your request is not serious or in good faith;
- information relates to existing or anticipated legal proceedings between us;
- giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations;
- denying access is required or authorised under Australian law or a court or tribunal order;
- giving access would reveal information generated by us in connection with a commercially sensitive decision making process; or
- providing access would be unlawful or would be likely to prejudice an enforcement related activity conducted by, or on behalf of, an enforcement body.
If we refuse to provide access because of an exception listed above, or to give you information in the manner you requested, we will take reasonable steps to give access in a way that meets our needs and your needs and we will give you written notice setting out the reasons for refusal (unless it is unreasonable to do so) and the mechanisms available to you to complain about the refusal.
Correcting your details
If you want us to correct information that we hold about you because it is inaccurate or out-of-date; you can send requests for corrections to the Privacy Officer, Thomson Reuters (Professional) Australia Limited 100 Harris Street, Pyrmont NSW 2009 or email at LTA.Privacy@thomsonreuters.com.
If we correct personal information that we previously disclosed to other entities, and you request that we notify those entities of the correction, we will take reasonable steps to notify those entities unless it is impracticable or unlawful to do so.
If we refuse to comply with your request for amendment of your details, we will give you written notice setting out the reasons for refusal (unless it is unreasonable to do so) and the mechanisms available to you to complain about the refusal.
If you are a registered user of a web based solution, you may be able to edit your information at any time directly in the service. For example, on our eRecruitment services, you can edit your contact details, academic results, email address, application information and password. However, once an application has been sent to an organisation in relation to a job application, information contained in that particular application cannot be altered and it is your responsibility to contact the organisation to make any corrections.
What to do if you have a problem or question
For further information about privacy issues and the protection of privacy, visit the Office of the Australian Information Commissioner web site at www.oaic.gov.au.
21 July 2014