What is a privacy statement and why does Grapevine have one?
Grapevine Ventures ("Grapevine") is committed to the protection of your personal information. We have developed a number of detailed policies and procedures to assist you in understanding how we manage this information.
This privacy statement summarises what general and personal information Grapevine collects, what it is used for and what measures are in place to store it securely.
How seriously does Grapevine take the privacy of our customers?
Grapevine attaches a high importance to protecting the privacy of its customers, who use Grapevine and Grapevine websites, and securing their personal information.
We take all reasonable steps to secure the personal information of a customer. Such information is protected by online registration and passwords, and secure servers. Credit card numbers are encrypted for additional security during transmission to a customer's financial institution.
What are Grapevine's privacy obligations under the law?
We hold a telecommunications carrier licence granted under the Telecommunications Act 1997. As a condition of this licence we are subject to a number of statutory obligations that regulate the collection, use and disclosure of customer information.
We are also subject to the National Privacy Principles, which are included as Schedule 3 to the Privacy Act 1988 (Cth).
What are Grapevine's specific privacy obligations under the Privacy Act?
Grapevine is subject to the National Privacy Provisions (NPP) and other provisions of the Privacy Act 1988 (Cth) ("Privacy Act"). One NPP is of particular relevance to Grapevine as follows.
NPP 2 which prohibits the use or disclosure of personal information, for any purpose ("secondary purpose") other than the purpose for which the information was obtained ("primary purpose"), unless an exception is applicable.
The exceptions in the Privacy Act are as follows:
- where the secondary purpose is related to the primary purpose and the individual would reasonably expect the organisation to use or disclose the information for the secondary purpose (exception NPP 2.1(a))
- where the individual concerned has consented to the use or disclosure of the information (exception NPP 2.1(b)).
- where the secondary purpose is direct marketing to the customer if the customer is able to "opt out" of receiving further material and consent is impracticable (exception NPP 2.1(c))
- where the record keeper reasonably believes that the use or disclosure of the information is necessary to protect against a serious and imminent threat to a person's life or health, or a serious threat to public health and safety (exception NPP 2.1(e))
- where the use or disclosure of the information is required or authorised by law (exception NPP 2.1(g))
- where the use or disclosure is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of the public revenue (exception NPP 2.1(h)).
Does Grapevine collect general information?
Yes. When someone visits the Grapevine website, Grapevine makes a record of and logs the following information:
- the IP address as given by the user's ISP (for example, yahoo, bigpond), proxy server, or firewall
- the user's top level domain name (for example, .com, .gov, .au, .uk)
- the date and time of the visit to the site (arrival and/or departure)
- the pages accessed ("clickstream" data) and documents downloaded
- the type of browser used.
How does Grapevine use this general information?
Such information is usually aggregated, so that it cannot be used to personally identify, or contact the user. Aggregate information allows Grapevine to monitor general trends in website usage. An example of such non-identifying aggregate information is "50 per cent of Grapevine customers view the site during evening hours".
No attempt will be made to identify users or their browsing activities from the general information except where this is permitted by the Privacy Act. For example, where the police exercise a warrant to inspect our logs for the enforcement of a criminal law.
Grapevine may use this general information to inform users of any improvement in the useability and accessibility of the Grapevine website.
Does Grapevine collect personal information?
Yes, but not without your consent. Apart from the general information described above, Grapevine only collects personal information that is voluntarily provided by the website user, to access a service on the website.
You are entitled to have access to personal information that is kept about you, and to make changes to this information.
How does Grapevine use this personal information?
Personal information will only be used for the purpose you provided it for; in line with the privacy principles of the Privacy Act; and as required by law.
Will my personal information be shared with any other companies?
Only as agreed by you or as necessary to operate the specific service. Otherwise Grapevine will not share your name or other personal information with third parties at any time except to fulfil legal and regulatory obligations.
Does ActewAGL have access to information regarding Grapevine customers?
The epayplus website (https://secure.actewagl.com.au/epayplus) is hosted by ActewAGL. ActewAGL manages the encryption of personal information supplied by Grapevine customers using the epayplus service (such as credit card details for account payments). ActewAGL processes the epayplus payments of Grapevine customers as an agent for Grapevine.
Grapevine and Net Connect customer information, such as account payments and previous payment history is retained by Grapevine and not disclosed by Grapevine to ActewAGL for the purposes of ActewAGL providing the epayplus service to Grapevine customers.
How secure is the epayplus site?
The epayplus site uses a 128-bit Verisign digital certificate. This ensures the confidentiality of your information. If any other internet user intercepts the communication they will only be able to see it in an encrypted form. Further information about this feature can be found at the Verisign website.
When you connect to a secure web server you ask that server to authenticate itself. This authentication is quite a complex process involving public keys, private keys and a digital certificate. The certificate tells you that an independent third party has agreed that the server belongs to the company it claims to belong to.
The epayplus site uses secure socket layer (SSL) encryption for its forms and payment details that are transmitted using the internet. SSL encrypts web communication, allowing us to take credit card orders and protect sensitive personal information. SSL security makes eavesdropping on secure web traffic almost impossible.
The security of your personal and payment information is paramount. All reasonable steps are taken by ActewAGL to protect your personal information, in particular credit card details. ActewAGL uses Verisign Digital Certificate Services (128-bit encryption) to ensure your details are encrypted and stored securely. Not all (internet) browsers support 128-bit encryption and it is your responsibility to ascertain whether 128-bit encryption is supported by your browser.
Grapevine does not recommend the use of older browsers for secure transactions. If you are using a browser version older than those listed you may experience error messages when using the epayplus website. The browser you are using may be incompatible with the Verisign SSL certificate that we use to ensure the security of your information. If this occurs Verisign can supply you with instructions to assist.
How can I access my personal information to correct or update it?
Personal information provided to Grapevine via the epayplus website may be modified online. There is a link called "Personal details" in the left-hand menu of the epayplus website (https://secure.actewagl.com.au/epayplus). Click on this to open the "Edit details" page, where you can make changes to your personal profile.
Only changes to your personal file can be made.
Other personal information provided to Grapevine may be accessed by contacting Grapevine customer service on 13 35 00.
Grapevine customer service can be contacted Monday to Friday between 8.00am and 6.00pm and is closed on weekends and public holidays.
Cookies are simple text files stored on your computer by your web browser. They identify and recognise your computer, but not the person using it. Grapevine only uses "session" cookies. The text file that is sent to your computer is only there for the time you are on the Grapevine website. It is important to log off when you are finished with your session on the site. If you stayed logged on, and leave your computer, someone else can use the open session to access your account.
What happens if I forget to log off?
A session is only valid for a certain period of time after your last activity with the server. If no activity is detected in the set time frame (for example 30 minutes), then your session is logged off and the cookie (log-in token) is no longer valid. Once your session expires, you will have to log-on again to authenticate yourself for another session.
Grapevine provides online services as part of its commitment to customer satisfaction. If you would like any further information about our privacy statement, please contact us.