Quintis is an Australian company that specialises in growing, processing and distributing high quality Indian sandalwood products. We manage the world's largest sustainable plantations of this endangered species and produce the world's only pharmaceutical grade Indian Sandalwood Oil. We collect information from the management of sandalwood plantations, managed investments schemes, institutional investors, growth, harvest, distillation and sale of sandalwood products.
We primarily collect and hold personal information about you, that is, information that can identify you to enable us to provide product sales, investment services and related services to you, inform you of different product offerings and to comply with our legal and regulatory obligations. The kinds of information we typically collect include name, address, gender, date of birth, age, contact details like phone numbers and email addresses, your image, bank details and payment information, loyalty program membership numbers as well as electronic information from your use of our website (see further below).
Under the Privacy Act, “sensitive information” includes but is not limited to information or an opinion about an individual’s racial or ethnic origin, religious belief, or criminal record and includes health information about an individual. Generally, we do not collect or hold sensitive information about you. However, in certain circumstances and provided we have obtained your consent or where it is required or authorised by or under an Australian law or court/tribunal order, we may collect and hold sensitive information (including, among other things, information about health, medical history or specific conditions, criminal records and professional memberships). Sensitive information will only be processed by us if such processing is necessary to comply with occupational health and safety, equal opportunity laws and regulations.
If you apply for products, services or credit from us, we may also collect and hold various information in connection with your assets and financial position, including credit information or credit eligibility information about you. We will comply with the Credit Reporting Code of Conduct in relation to the collection and use of your credit information.
Personal information will generally be collected directly from you using any of our standard forms, over the internet, via email, or through a telephone conversation with you.
There may, however, be some instances where personal information about you will be collected from a third party, including:
Where personal information about you has been collected from a third party, we will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
If we receive unsolicited personal information (including sensitive information), about you, we will assess whether we could have collected the information and, if not, we will destroy or de-identify the information.
The personal information that we collect and hold about you, depends on your interaction with us. Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and for the purposes of:
Without If we don’t have your personal information, we may not be able to do these things. For example, we may not be able to deliver the products or services that you have asked for or respond to your questions.
You may choose to remain anonymous when dealing with us, however if you wish to remain anonymous with us, we not be able to provide you with some information or services. In many cases it will not be possible for us to assist you with your specific needs if you wish to remain anonymous.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.
We may contact you at the email or other address that you have provided to us to provide you with updated information about product sales, investments or our business. We will not use your email address for spam purposes. If you are receiving information from us and you do not want to receive this information, please contact us at the email address below.
We will only use or disclose your personal information about you for the purposes for which it was collected. We may use and disclose your personal information for another purpose (secondary purpose) if you have consented to the disclosure or the secondary purpose is related to the primary purpose and might reasonably be expected by you. When we do this, we take steps to keep your information safe.
In some circumstances we may disclose information about to another organisation. When we do this, we take steps to require these parties protect your information. We may disclose personal information about you to:
In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (including law enforcement or public safety).
The grower registries for the various managed investment schemes operated by a subsidiary of Quintis (Australia) Pty Ltd are available for inspection by the public in accordance with the provisions of the Corporations Act 2001 (Cth).
We store your personal information in different ways, including in paper and in electronic form. If no longer required, we will destroy or de-identify personal information. We only keep your information for as long as we need it, or we are required by law to keep it.
The security of your personal information is important to us. We take all reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
The security of personal information is important to us and we take reasonable steps to keep secure and protected from unauthorised access, modification or disclosure, any information which we hold about you. Your personal information will be stored in servers located in Australia and using cloud service providers for the purposes set out above.
We use a number of means to protect your personal information, including:
Despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.
If there is a data breach, we will deal with it without delay and take immediate steps to assess, remediate and where necessary make notifications in respect of any potential or actual breach. The Privacy Act requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change). There are exceptions where notification is not required. For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.
If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.
If you believe that any personal information we hold about you has been impacted by a data breach, you can Contact us using the contact details below.
We operate across Australia, but we also have entities in China and the United States of America and at times, may utilise international service providers. As such, some disclosures may occur outside the state or territory in which you reside and may, from time to time, include disclosures to related entities, service providers or shareholders overseas. We will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
You may access the personal information we hold about you, by making a written request and sending it to firstname.lastname@example.org. Before providing you with your information we will need to confirm your identity.
We will try to make your information available within 30 days but sometimes we might need more time to process your request. We will let you know if it will take longer. We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
In some cases, we may refuse a request for access to personal information or only give you access to certain information. We will only do this in the circumstances prescribed by the Privacy Act, and if we do, we will provide you with the reasons for the refusal and the exceptions we have relied on for refusing access (unless it would be unreasonable to provide those reasons).
If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking.
If at any time you would like to change your personal information because you believe the personal information we hold about you is inaccurate, incomplete or out of date, please let us know at email@example.com. We will take reasonable steps to correct the information so that it is accurate, complete and up to date. If we don’t consider it is necessary to correct the information, you will be provided with an explanation of the reason why. You can ask us to include a statement in our records that says you believe our record about you is inaccurate, incomplete, misleading or out of date.
If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a particular privacy code that applies to us, please contact us as set out below and we will take reasonable steps to investigate the complaint and respond to you. We will aim to resolve to your complaint within five business days from when we receive your complaint in a fair and reasonable manner. There may be times when we need a bit longer to investigate the complaint and respond to you, but we will contact you within five business days to give you an update and let you know when we think we'll find the answer or solution.
If you are concerned about how we have handled your information, let us know and we’ll try to fix it. If you are unsatisfied with the handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For more information about making a complaint to OAIC, visit http://www.oaic.gov.au/privacy/making-a-privacy-complaint.
If you wish to make a complaint, please provide us with your contact details and information regarding the complaint. We may need to contact you to obtain further information. We will investigate the complaint and provide the outcome of that investigation in writing.
We will seek to resolve complaints as soon as practicable. If you are not satisfied with the outcome of your complaint to us, you can refer the complaint to the Office of the Australia Information Commissioner.
For more information about privacy in general, you can visit the Information Commissioner’s website at www.oaic.gov.au
This policy was updated on 1 November 2019. We will update this policy from time to time including when our information handling practices change, and any amendments will apply to the information we hold at the time of the update. We will post a copy of this policy on our website. We encourage you to check our website from time to time to view our current policy.