Privacy policy

Privacy Policy

1.               Purpose of this Policy

This privacy policy (Policy) applies to the activities of Quintis (Australia) Pty Ltd (ACN 626 970 821) and its related entities (Quintis) (referred to in this document as Quintiswe, us or our).  We recognise that your privacy is very important, and we are committed to protecting the personal information we collect from you.  This Policy explains how we comply with the requirements of the Privacy Act 1988 (Cth) (Privacy Act), Australian Privacy Principles and certain registered privacy codes that govern the way in which we collect, use, disclose and otherwise manage personal information about you.

Quintis is an ​Australian company that specialises in growing, processing and distributing high quality Indian sandalwood products. We manage the world's largest sustainable plantations of this endangered species and produce the world's only pharmaceutical grade Indian Sandalwood Oil.  We collect information from the management of sandalwood plantations, managed investments schemes, institutional investors, growth, harvest, distillation and sale of sandalwood products.

2.               Collection of Information
2.1             Types of information we collect

We primarily collect and hold personal information about you, that is, information that can identify you to enable us to provide product sales, investment services and related services to you, inform you of different product offerings and to comply with our legal and regulatory obligations. The kinds of information we typically collect include name, address, gender, date of birth, age, contact details like phone numbers and email addresses, your image, bank details and payment information, loyalty program membership numbers as well as electronic information from your use of our website (see further below).

Under the Privacy Act, “sensitive information” includes but is not limited to information or an opinion about an individual’s racial or ethnic origin, religious belief, or criminal record and includes health information about an individual. Generally, we do not collect or hold sensitive information about you. However, in certain circumstances and provided we have obtained your consent or where it is required or authorised by or under an Australian law or court/tribunal order, we may collect and hold sensitive information (including, among other things, information about health, medical history or specific conditions, criminal records and professional memberships).  Sensitive information will only be processed by us if such processing is necessary to comply with occupational health and safety, equal opportunity laws and regulations. 

If you apply for products, services or credit from us, we may also collect and hold various information in connection with your assets and financial position, including credit information or credit eligibility information about you. We will comply with the Credit Reporting Code of Conduct in relation to the collection and use of your credit information.

2.2             How we collect personal information

Personal information will generally be collected directly from you using any of our standard forms, over the internet, via email, or through a telephone conversation with you. 

There may, however, be some instances where personal information about you will be collected from a third party, including:

  • regulatory authorities;
  • third parties acting on your behalf, as advised by you to us; and
  • third parties that run promotions for us or provide us with marketing information.

Where personal information about you has been collected from a third party, we will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.

If we receive unsolicited personal information (including sensitive information), about you, we will assess whether we could have collected the information and, if not, we will destroy or de-identify the information. 

2.3             Purpose of collection

The personal information that we collect and hold about you, depends on your interaction with us.  Generally, we will collect, use and hold your personal information if it is reasonably necessary for or directly related to the performance of our functions and for the purposes of:

  • providing and administering products, services, credit and customer support to you or someone else you know;
  • monitoring, auditing and evaluating our products and services;
  • providing and operating (including through third party service providers) promotions, events, competitions and marketing (including newsletters and other communications);
  • providing you with marketing information about other services that we, our related entities and other organisations that we have affiliations with, offer that may be of interest to you;
  • facilitating our internal business operations (including modelling data, maintaining our relationship with you, data testing and security);
  • facilitating your participation in any loyalty programs that we operate;
  • complying with any record keeping, legal or regulatory requirements; and
  • dealing with any complaints or enquiries.

Without If we don’t have your personal information, we may not be able to do these things. For example, we may not be able to deliver the products or services that you have asked for or respond to your questions.

2.4             Remaining ANONYMOUS

You may choose to remain anonymous when dealing with us, however if you wish to remain anonymous with us, we not be able to provide you with some information or services. In many cases it will not be possible for us to assist you with your specific needs if you wish to remain anonymous.

2.5             Privacy and the internet

If you access our websites (quintis.com.au, quintis.net.cn, co-lab.quintis.com.au and thesandalwoodshop.com.au), we may collect additional personal information about you in the form of your IP address and domain name which may include the use of cookies.

Our website uses cookies. We use cookies to monitor usage of our website and to create a personal record of when you visit our website and what pages you view so that we may serve you more effectively. Cookies do not identify you personally, but they may link back to a database record about you.  If you do not wish to receive any cookies, you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on the website.

Our website may contain links to other websites.  We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.

We may contact you at the email or other address that you have provided to us to provide you with updated information about product sales, investments or our business.  We will not use your email address for spam purposes.  If you are receiving information from us and you do not want to receive this information, please contact us at the email address below.

3.               Disclosure of information
3.1             Disclosing personal information

We will only use or disclose your personal information about you for the purposes for which it was collected. We may use and disclose your personal information for another purpose (secondary purpose) if you have consented to the disclosure or the secondary purpose is related to the primary purpose and might reasonably be expected by you.   When we do this, we take steps to keep your information safe.

 In some circumstances we may disclose information about to another organisation.  When we do this, we take steps to require these parties protect your information. We may disclose personal information about you to:

  • our related entities to facilitate our and their internal business processes;
  • third party service providers, who assist us in operating our business when we believe it is necessary to provide you with a service which you have requested (including credit reporting bodies, professional advisers, financial advisers and dealers, marketing service providers, market research bodies, share registry service providers and information technology service providers), and these service providers may not be required to comply with our privacy policy;
  • our related entities and other organisations with whom we have affiliations so that those organisations may provide you with information about services and various promotions; and
  • governmental and regulatory bodies to comply with laws or their directives (including, for example, the disclosure to the Australian Taxation Office of certain investor information).

In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (including law enforcement or public safety).

The grower registries for the various managed investment schemes operated by a subsidiary of Quintis (Australia) Pty Ltd are available for inspection by the public in accordance with the provisions of the Corporations Act 2001 (Cth).

4.               Storage and security of information

We store your personal information in different ways, including in paper and in electronic form.  If no longer required, we will destroy or de-identify personal information. We only keep your information for as long as we need it, or we are required by law to keep it.

The security of your personal information is important to us.  We take all reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.

The security of personal information is important to us and we take reasonable steps to keep secure and protected from unauthorised access, modification or disclosure, any information which we hold about you.  Your personal information will be stored in servers located in Australia and using cloud service providers for the purposes set out above. 

We use a number of means to protect your personal information, including:

  • training selected staff on how to keep your information safe and secure where those staff hold positions which require them to have access to personal information;
  • external and internal premises security measures designed to restrict access to personal information and ensure that your information is not capable of being seen or modified by unauthorised persons;
  • regular review and testing of our technology to improve the level of security; and
  • physical controls to prevent access to our offices by unauthorised persons.

Despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.

If there is a data breach, we will deal with it without delay and take immediate steps to assess, remediate and where necessary make notifications in respect of any potential or actual breach.  The Privacy Act requires us to notify you and the Office of the Australian Information Commissioner (OAIC) of certain data breaches and recommend steps you can take to limit the impacts of a breach (for example, a password change). There are exceptions where notification is not required.  For example, where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and the OAIC as soon as practicable and keep in close contact with you about the nature of the breach, the steps we are taking and what you can do to reduce the impacts to your privacy.

If you believe that any personal information we hold about you has been impacted by a data breach, you can Contact us using the contact details below.

We operate across Australia, but we also have entities in China and the United States of America and at times, may utilise international service providers.  As such, some disclosures may occur outside the state or territory in which you reside and may, from time to time, include disclosures to related entities, service providers or shareholders overseas. We will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.

5.               Access and correction
5.1             Accessing your personal information

You may access the personal information we hold about you, by making a written request and sending it to privacy@quintis.com.au.  Before providing you with your information we will need to confirm your identity.

We will try to make your information available within 30 days but sometimes we might need more time to process your request.  We will let you know if it will take longer. We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).

In some cases, we may refuse a request for access to personal information or only give you access to certain information.  We will only do this in the circumstances prescribed by the Privacy Act, and if we do, we will provide you with the reasons for the refusal and the exceptions we have relied on for refusing access (unless it would be unreasonable to provide those reasons).

If the personal information you provide to us is incomplete or inaccurate, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking.

If at any time you would like to change your personal information because you believe the personal information we hold about you is inaccurate, incomplete or out of date, please let us know at privacy@quintis.com.au.  We will take reasonable steps to correct the information so that it is accurate, complete and up to date. If we don’t consider it is necessary to correct the information, you will be provided with an explanation of the reason why.  You can ask us to include a statement in our records that says you believe our record about you is inaccurate, incomplete, misleading or out of date.

6.               Complaints and feedback

If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a particular privacy code that applies to us, please contact us as set out below and we will take reasonable steps to investigate the complaint and respond to you.  We will aim to resolve to your complaint within five business days from when we receive your complaint in a fair and reasonable manner.  There may be times when we need a bit longer to investigate the complaint and respond to you, but we will contact you within five business days to give you an update and let you know when we think we'll find the answer or solution. 

If you are concerned about how we have handled your information, let us know and we’ll try to fix it. If you are unsatisfied with the handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).  For more information about making a complaint to OAIC, visit http://www.oaic.gov.au/privacy/making-a-privacy-complaint.

6.1             Contact us

If you have any queries or concerns about our privacy policy or the way we handle your personal information, please contact us at privacy@quintis.com.au.

If you wish to make a complaint, please provide us with your contact details and information regarding the complaint.  We may need to contact you to obtain further information.  We will investigate the complaint and provide the outcome of that investigation in writing.

We will seek to resolve complaints as soon as practicable.  If you are not satisfied with the outcome of your complaint to us, you can refer the complaint to the Office of the Australia Information Commissioner.

For more information about privacy in general, you can visit the Information Commissioner’s website at www.oaic.gov.au

6.2             About this policy

This policy was updated on 1 November 2019.  We will update this policy from time to time including when our information handling practices change, and any amendments will apply to the information we hold at the time of the update. We will post a copy of this policy on our website.  We encourage you to check our website from time to time to view our current policy.