This Privacy Policy describes how we at Invision Marketing Services (IMS) collect, use, and manage Personal Information (PI) that is collected and stored using Entrytab.

Introduction

Entrytab is used to collect and collate information about visitors, staff, contractors, students and others (Registrants) who arrive at and/or depart from premises of an organisation.

Entrytab has an Administrator and a Visitor Module. The Administrator can access PI via web browser-enabled devices, including computers, tablets, and smartphones. The Visitor Module is used to record arrivals, departures, and movements of Registrants.

How we collect PII

We collect PI when we create a Entrytab Administrator. We collect:

a. Account name
b. Email address
c. Password
d. Organisation name and address
e. Contact Phone Number
f. Contact Name

We also collect PI when a Registrant uses the Visitor Module to register arrival or departure from premises. The Administrator (not IMS) determines what information is collected; depending on category of Registrant, it may typically include:

a. Arrival and departure time
b. Category of Registrant
c. The access point for arrival and departure
d. A PIN associated with a Registrant
e. Employer (if a contractor)
f. Reason for visit
g. Electronic signature
h. Photo image
i. Phone number
j. Certificate expiry date
k. Items booked out to the Registrant

How we use PI

We use Administrator-related PI to manage, service, and invoice our accounts.

We monitor PI relating to Registrants to maintain optimum system performance.

In addition, Administrators (not IMS) use PI they have collected to manage their facility. This includes managing emergencies by allowing Administrators and delegated staff to view the database of Registrants who are on or off the premises.

How we manage PI

PI is stored on a secure server provided by Amazon Web Service that is physically located in Australia. Communication between the Administrator account and the server is encrypted in transit. Access to the secure server is restricted to authorised IMS personnel.

We do not combine PI with other data, modify it, or disclose it to third parties. When an account is closed, we delete its PI after one month.

We manage the passwords for Administrators. Administrators have password-protected access to all PI relating to Registrants. Administrators can also delegate password-protected access to other people. Registrants do not have access to PI when using the Visitor Module.

Administrators can view, download and store PI. Security for viewed and downloaded data is the responsibility of Administrators. It is also the responsibility of Administrators to advise Registrants of their privacy policy in relation to viewed and downloaded data, and if necessary this Privacy Policy.

Reporting Breaches of Privacy

We are committed to ensuring the privacy of all PI we collect. Certain compulsory obligations have been placed on organisations under the Privacy Act 1988 (Cth) to notify specific types of data breaches (Notifiable Data Breaches “NDB”) to individuals affected by the breach as well as to the Office of the Australian Information Commissioner (OAIC). A NDB is one that is likely to result in serious harm to any individual to whom the information relates.

The requirements under the NDB do not apply to IMS however, we are committed to ensuring the protection of all PI and we have therefore committed to comply with the obligations and have updated our internal privacy program accordingly.

In the event of a PI data breach of either Administrator Information or Registration Information, IMS will notify the party affected within 7 days of IMS becoming aware of the breach, and provide:

a. Our identity and contact details;
b. A description of the data breach;
c. The kinds of information that is suspected of being obtained;
d. Recommendations about the steps you should take to limit the impact of the breach; and
e. Advice as to whether we have contacted the OAIC about the breach.

How to access your PI

You have a right to access your PI that we hold and ensure that it is correct. For information on how to access your PI at IMS please contact our privacy officer with your request:

Laura Hunt
Operations and Data Protection Manager
Invision Marketing Services Pty Ltd
Suite 8, 410 Burwood Highway, Wantirna South, Victoria, 3152
Within Australia: 03 9800 1489
Outside Australia: +61 3 9800 1489
Email: laurahunt AT invision.net.au (Replace AT with @)

We will endeavour to respond to your request within three business days.

Changes to our Privacy Policy

Our Privacy Policy complies with the Privacy Act 1988 (Cth) as amended in March 2014. We may amend this Privacy Policy to reflect changes in legislation or our business. If we amend the policy we will post the change on our website.

Response to Requests

If you are not satisfied with our response to your request for information you may wish to contact the the Office of the Australian Information Commissioner:
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
www.oaic.gov.au

This privacy statement was updated on: 21/02/2018