Braeside Mills Operations Pty Ltd trading as Armstrong Flooring ABN 57 659 692 421 and its subsidiaries including Armstrong Flooring NZ Limited value and respect the privacy of all individuals who have dealings with us, such as customers, suppliers and prospective employees. We are committed to protecting your privacy and complying with the Privacy Act 1988 (Aust) and the Privacy Act 2020 (NZ) (“Acts”) and other applicable privacy laws and regulations.

This policy describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

This policy does not limit or exclude any of your rights under the Acts. If you wish to seek further information on the Acts, see www.oaic.gov.au (for Australia) or www.privacy.org.nz (for New Zealand).

What is Personal Information?

Personal information is a term which is defined in the Acts – but generally means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.

Personal Information We Collect

The personal information we collect and hold about you depends on the nature of your dealings with us or what you choose to share with us.

The personal information we may collect and hold about you may include:

• ID, contact and organisational details such as your name(s), date of birth, addresses, drivers licence number, telephone phone, email addresses and job titles
• Business information
• If you complete a financial transaction with us, financial details as bank account and/or credit card numbers
• Employment history and educational qualifications (which in some circumstances may include sensitive information as health information)
• Images, photos or videos of you
• Communication and marketing preferences and interests
• Details of your interactions with us, including records of your trading history and access and attendance at our premises and any communications we have had with you in person or by telephone, email or online and any other information voluntarily provided to us

You do not have to provide us with your personal information. Where possible, we will give you the option to interact with us anonymously or by using a pseudonym. In your interactions with us, we may include links to various third party websites. If we do that, the third parties will be responsible for their content and what they do with any personal information they collect.

How Do We Collect Personal Information?

We usually collect personal information directly from you where reasonably practical to do so or unless otherwise expressly authorised by you. This may include when you register on line or place an order for any products or services (including samples), interact with us over the phone, in person or online, participate in surveys or questionnaires, attend events, use our websites or social media, subscribe to our mailing list or apply for a position with us as an employee or contractor. If you contact us, we may retain a record of that contact.

The collection of personal information on our website, via promotions or our social media pages will be clear from the context (e.g. request to complete information fields) or will state that personal information is being collected at the point of collection. We may also collect information through click tracking (in relation to your use of one of our websites including the content you access and any services you utilise) and through log files or cookies (as further detailed below).

We may also collect your personal information indirectly from third parties or through publicly available sources, for example:

• From your representatives
• From persons we have contacted at your request or for whom you have specifically granted to us consent to contact
• From our customers from whom you may purchase any of our products
• From third parties providing services to us related to our relationship with you
• From credit providers, credit reporting agencies, trade references etc contacted by us when seeking credit reports or verifying information provided by you
• Reference checking from referees or your peers
• Data matching activities conducted by us or our trusted service providers

How Do We Use Personal Information?

We use your personal information to conduct our business and do not trade, rent or sell your personal information to any third parties.

The purposes for which we use your personal information will depend upon the type of information collected and your relationship with us. However, in the course of our dealings with you, the primary purposes for which we may collect, hold, use and/or disclose your personal information include:

• To provide products or services to you
• To verify your identity, personal details and maintain and update our records
• To provide you with information, products or services that your request from us in a timely manner
• Maintain relationships with suppliers, contractors, service providers, customers and product users
• To personalise the manner in which we engage with you (eg analysing previous interactions to provide more tailored services and content)
• To deliver relevant advertising, promotions and other marketing and public relations activities
• To research, analyse and improve the quality of products and services we offer
• Website administration including data analysis, testing, research, statistical and survey purposes
• Internal administrative purposes, including processing of orders, invoicing and collecting debts, assessing credit worthiness and providing credit, processing and payment of invoices
• In connection with any suspected fraud, misconduct or unlawful activity
• For recruitment purposes and purposes related to managing employment of our employees
• Managing safety and security risks in our premises
• Dispute resolution including investigation of complaints in relation to our products and/or services
• Where required or permitted by law, regulation or rule and responding to potential or actual litigation
• Any other purpose made known to you at the time of collection

You do not have to provide personal information, but if we cannot collect your personal information, it may affect our ability to perform these functions.

To Whom Do We Disclose Personal Information?

We understand the importance of keeping personal information private and only disclose such information to third parties in circumstances where you would reasonably expect us to disclose your information.

To the extent permitted by law, we may disclose personal information about you to our related body corporates and third parties engaged by us and business partners who assist us in delivery of our business functions. This may include:

• Our employees, other personnel, related companies and affiliates
• Contractors and third parties who provide operational services to us or help up provide our services to you from time to time
• Third parties which whom we are conducting joint promotions or undertaking other commercial activities
• Our professional advisors as solicitors, bankers, auditors etc
• Your authorised representatives
• Credit reporting agencies, our credit insurers, other credit providers and fraud checking agencies
• Third parties in connection with the sale of some or all of our business
• Government/regulatory authorities and other organisations as required or authorised by law
• Any other person whom you authorise us to disclose your personal information

Transfer of personal information overseas

Some parties to whom we may disclose personal information may be located in Australia, New Zealand and other countries including USA, China, Europe and the Pacific Islands. This may change from time to time, including as a result of change of provider, changes in data protection practices and processing efficiency. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach our privacy obligations relating to your personal information.

Cookies

Our websites and apps may use cookies which may collect data as your IP address, referral URL your browser type and version, your operating system, host name of the accessing computer and time of server request.  A cookie is a small file of letters and numbers the website puts on your device if you allow it. These cookies recognise when your device has visited our website(s) before, so we can distinguish you from other users of the website. This improves your experience when visiting our website. This information does not identify you personally and you remain anonymous and will not be combined with data from other sources.

If you do not wish to use the cookies, you can disable your web browser from accepting cookies. If you do so, you can still access our websites, but your browsing experience and our website’s functionality may be affected.

We may automatically collect general statistical information on our websites about visitors to them, such as IP addresses, browsers used, dates visited, pages visited and number of visitors. However, such information does not refer to you by name or your contact details. We use this data in aggregate to improve our websites. We may provide such aggregated data to third parties, but in so doing, we do not provide personal information without your consent.

Hyperlinks

Our websites or other online presence may contain links to a variety of advertising and third party websites. Some of these links may request or record information from users or use cookies or other methods to collect information from you. This policy only applies to our websites and does not describe information about collection practices on websites of other entities, including those linked. We have no control over the content or personal information management of these sites. We encourage you to review the privacy policies of these sites before engaging in any activity with them.

Direct Marketing

We may send you direct marketing communications and information about our products, services, opportunities, or events that we consider may be of interest to you if you have requested or consented to receive such communications. These communications may be sent in various forms, including email, SMS, fax and mail, in accordance with applicable marketing laws. You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. You have the right to opt-out of receiving marketing communications from us at any time by following the instructions to “unsubscribe'' set out in the relevant communication or by contacting us using the details set out in the “How to contact us” section below.

We do not provide your personal information to other organisations for the purposes of direct marketing

How Do We Protect Personal Information?

We will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure.

We store personal information at our own premises and the cloud and with the assistance of our trusted service providers. We maintain physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements and industry standards. We maintain strict procedures and standards to restrict access to only personnel who need that personal information to effectively provide services to you and take a range of steps to prevent unauthorised access to, or disclosure of, personal information and protect an individual’s information from misuse or loss, including appropriate technological measures to protect your personal information including anti-virus software and firewalls. In respect to provision of any personal information through our website, you should take all appropriate measures to protect yourself, including, keeping confidential all usernames and passwords.

Should we transfer information outside our group, our contract with the recipient will require them to protect your personal information.

Once any personal information is no required by us for the purpose(s) for which we collect it or as required by law, reasonable steps are taken to either securely destroy or anonymise it (and we may retain and further use the anonymised information).

What We Do If There’s A Breach

In the event of any data breach affecting personal information, we will comply with all our legal obligations in respect to notifying affected individuals, minimising the impact of such breach and reporting to relevant authorities.

If you believe there has been a privacy breach affecting you, please contact us as soon as possible.

Accessing and Updating Personal Information

We take all reasonable steps to ensure your personal information is accurate, complete and up-to-date.

Generally, you have a right to request access your personal information and to request its correction. We handle all requests for access and/or correction of personal information held by us in accordance with the Act. If you wish to make a request to access and/or correct the personal information we hold about you, please contact us as set out below and we will seek to resolve these concerns. Please  note we will require proof of your identity before we can process your request.  We will take all reasonable steps to correct it within a reasonable time frame.

We reserve the right to charge an administrative fee to cover the cost of access to your information.

Complaints

For complaints about how we handle, process or manage your personal information, please contact our Privacy Manager (see contact details below).  Note we may require proof of your identity and full details of your request before we can process your complaint.

We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. We will endeavour to act promptly in response to a complaint.  Please allow up to 10 business days for us to respond to your complaint. In cases where further information, assessment or investigation is required, we will seek to agree an alternative timeframe with you.

While we always try to work with you to solve your issue directly, you may take your complaint to the relevant Privacy Commissioner at either the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or the Office of the Privacy Commissioner (NZ) at www.privacy.org.

Changes to this Privacy Policy

We aim to review this policy regularly to keep it current.  Any changes to this privacy policy will be updated by being posted on this website and effective when posted.

Contact Us

If you have a question or concern about your privacy or how your personal information is collected or used, you can contact us for assistance as set out below:

Australia

Privacy Manager
Armstrong Flooring
29-39 Mills Road
Braeside VIC 3195
Phone: +613 9586 5500
Email: privacymanager@armstrongflooring.au

New Zealand

Privacy Manager
Armstrong Flooring NZ Limited
PO Box 45187
Te Atatu Auckland 0651
Phone: +0800 449 649
Email: privacymanager@armstrongflooring.co.nz

Individuals in the European Economic Area (European Data Protection Laws)

In respect to personal data provided by individuals in a country that is a member of the European Economic Area (EEA), the following additional information is provided.

Under European Union privacy laws, we are lawfully able to process personal information as permitted by specific legal grounds. We are required to set out the grounds in respect of each use as set out below.

Data Controller – We are the data controller of personal data provided to us and can be contacted at our address set out in our general privacy policy.

Purposes of Processing and Legal Basis For Processing – As set out above, we use and process personal data for varying purposes in various ways depending upon the particular circumstances.   We will only process your personal data as set out in Article 6 of the General Data Protection Regulation being (1) with your consent for the specific purpose; (2) as necessary to perform a contract at your request prior to entering the contract; (3) as required by law; and (4) as necessary for our legitimate interests as set out above in our Privacy Policy (provided such interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data).

Your Data Protection Rights

The right to access – You have the right to request us for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request us to correct any information you believe is inaccurate. You also have the right to request us to complete information you believe is incomplete.

The right to erasure – You have the right to request us to erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request us to restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to us processing your personal data, under certain conditions.

The right to data portability – You have the right to request us to transfer the data we have collected to another organisation, or directly to you, under certain circumstances.

Direct marketing – You may opt out of receiving any direct marketing campaigns and at any time free of charge and without having to provide any justification you may request to no longer receive any promotional materials

Consent – To the extent we are processing personal data based on your consent, you have the right to withdraw the consent at any time.

To exercise any of these rights please contact our Privacy Manager (details above). We have one month to respond to you.

Lodging Complaints – If there is a breach of data protection legislation, you have a right to lodge a complaint with a relevant data protection authority (for example in the place you reside or you believe we breached your rights).

Transfers – Our premises at which personal data is stored is in Australia and the personal data will be subject to the laws of Australia. The European Commission has not determined that Australia ensures an adequate level of protection for personal data.  Your information may also be shared with the persons/entities set out in “To Whom Do We Disclose Personal Information” above, some of which may be in countries which the European Commission has not determined ensure an adequate level of protection for personal data. Regardless of where your personal information is processed or stored, it will be handled, processed and/or managed as set out in our privacy policy above.

Complaints – If you feel any query or complaint has not been resolved to your satisfaction upon raising it with us as set out above, you have the right to make a complaint to the data protection authority in the relevant EU Member State, which may be the state in which you reside or where the state in which you  believe your rights have been breached. Complaints relating to how we handled your access and/or correction requests may be raised directly with a relevant EU data protection agency without first seeking to resolve directly with us.