1. General

Summerset Group Holdings Limited is an NZX and ASX listed New Zealand company. This privacy policy (Policy) outlines the types of information that we usually collect and how we manage the personal information we collect, use, store and disclose, including the purpose for which we collect it, to whom we disclose it, how we hold and keep it secure and your rights in relation to your personal information, including how to complain and how we deal with your complaints.

We, us, our, and Summerset mean Summerset Group Holdings Limited and its subsidiaries and Agents.

We are committed to dealing with your personal information in a manner that complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles, confidentiality requirements set out in the Aged Care Act 1997 (Cth), and relevant State and Territory privacy laws.

In this Policy, ‘Personal information’ is information or an opinion (whether true or not and whether recorded in a material form or not) about an identified person, or a person who is reasonably identifiable. It does not include information that is de-identifiable. ‘Sensitive information’ is a subset of personal information and includes your health information, information about your religion, ethnicity and criminal records.

This Policy does not apply to the personal information of our staff.

 

  1. Collection – How we collect information about you

Who we collect information about

We may collect and hold personal information about:

  • current, potential and former purchasers
  • individuals we deal with in the course of carrying on our business; and
  • other people who come into contact with Summerset.

Information we collect

We collect personal information where it is reasonably necessary to manage and conduct our business, to provide and market our services and to meet our legal obligations. We will only collect your personal information (including sensitive information) with your consent or where we are legally permitted to collect the information.

Depending upon the nature of your relationship with Summerset, the type of personal information we collect and hold may include:

General

  1. a) information as required for us to identify and establish and maintain a relationship with you, such as:
  • your name, address, contact details, date of birth, and documents that verify your identity and other personal details;
  • any other information which assists us in conducting our business, providing and marketing our services (provided you have consented to direct marketing and not later opted-out of this service) and meeting our legal obligations;
  • information that we create in the course of our relationship with you, such as details or evaluations of your interactions with us.

For current or prospective purchasers

  1. b) information to help us assist you with the buying process and to enable us to deliver the best support and service for your needs. This may include:
  • name and contact details for your attorneys, next of kin, emergency contacts and others acting on your behalf. We may also collect copies of any relevant enduring powers of attorney.

In some cases, if personal information we request is not provided, we may be unable to supply the relevant service or to perform our obligations to you.

If we receive unsolicited personal information (i.e. information that we have not requested from you) that we could not have obtained by lawful means, we will destroy or de-identify it as soon as practicable and in accordance with the law.

Who we collect personal information from

Whenever it is reasonable and practicable to do so, we will collect your personal information directly from you. 

From time to time, we may collect personal information:

  1. from you indirectly (including through the use of services and facilities available through our websites and social media channels);
  2. from third parties in some instances, for example, we may use third parties to analyse traffic at our websites and social media channels, which may involve the use of cookies (where you have not set your browser to refuse cookies).

In some circumstances we might collect personal information about you from a third party. Other third parties may include:

  1. from CCTV cameras that may be placed on our premises, which includes our construction sites, retirement villages and aged care facilities;
  2. from publicly available sources including websites; and
  3. from artificial intelligence (AI) systems that we use to assist in providing our services

In most cases we will obtain your consent before collecting any of your personal information other than from you directly.

If you have provided us with information about another person, you must have that person’s permission to do so.

  1. Use — How we use and disclose information that we collect about you

In general, we collect, hold, use and disclose your personal information for the following purposes:

General

  • to communicate with you;
  • to conduct our business and help us manage and enhance our services;
  • to provide and market our services to you, provided you have consented to direct marketing and have not asked us to stop providing you with this type of information;
  • to process, administer, collect payments from or make payments to you, and if applicable, make appropriate taxation deductions;
  • to ensure health and safety on our premises;
  • to engage third parties on your behalf (where authorised);
  • to provide joint marketing initiatives with other service providers, provided you have consented to direct marketing and not asked us to stop providing you with this type of information;
  • to perform data analysis for the purposes of monitoring and enhancing our services;
  • to perform market research (provided that your personal information is first de-identified);
  • to identify, prevent or investigate any complaints, incidents, actual or suspected fraud, unlawful activity or threats to our systems or any person;
  • to protect or enforce our legal or contractual rights; and
  • to comply with our legal obligations, including our reporting obligations.

Surveillance

In addition, CCTV footage specifically may be used for the following purposes:

  1. a) detecting and deterring criminal or inappropriate behaviour on our premises and at our construction sites, retirement villages and aged care facilities;
  2. b) monitoring the safety and security of our staff, residents, contractors, visitors and property, and completing incident investigations; and
  3. c) reviewing the actions of our staff or contractors.
  4. Who we may disclose your personal information to

We may disclose your personal information:

  1. a) to Summerset employees and independent contractors for the purposes of providing services to you;
  2. b) to Summerset Group Holdings Limited or other subsidiaries within the group for the purposes of operating our business, providing services to you, or managing service provision to us;

 

  1. c) to other third parties who provide services to or for Summerset (including, for example, our technology service providers) or who act on our behalf;
  2. d) to third party operators of artificial intelligence (AI) systems that assist Summerset to provide services
  3. e) to our professional advisers, insurers, auditors;
  4. f) to courts, tribunals, regulatory authorities, enforcement agencies and/or government agencies or any other person to the extent necessary to protect or enforce our legal or contractual rights;
  5. g) to anyone who assists us to identify, prevent or investigate any actual or suspected fraud, unlawful activity or threats to our systems or any person;
  6. h) to industry associations or other third parties, for benchmarking, statistical analysis and reporting purposes (provided your information is first anonymised);
  7. i) to anyone else to whom you authorise us to disclose it; and
  8. j) where we are required or permitted to do so by law.

When we disclose your personal information to third parties, we make reasonable efforts to ensure we disclose only relevant information and that it is accurate, complete and up-to-date.

Some of these organisations may be located overseas. For example, we are likely to disclose your personal information (including sensitive information) to Summerset Group Holdings Limited and related bodies corporate located in New Zealand.

5. Direct marketing

We may use your personal information to identify a product or service that you may be interested in or to contact you about an event or promotion. We may, with your consent, use the personal information we have collected about you to contact you from time to time whether by post, phone, email or SMS to tell you about new products or services and special offers that we believe may be of interest to you.

You can withdraw your consent to receiving direct marketing communications from us at any time by unsubscribing from the mailing list by clicking the link in the marketing communication or contacting the Privacy Officer.

  1. 6. Security and storage of your personal information

We store your personal information in hard copy and electronically. We take reasonable steps (including organisational and technological measures) to protect personal information held by us from misuse and loss and from unauthorised access, modification or disclosure, for example by use of physical security and restricted access to electronic records.

We will record and store your personal information in accordance with our internal policies and procedures as in effect from time to time.

We only keep your personal information for as long as it is required for the purpose for which it was collected or as otherwise required by applicable laws. Where we no longer require your personal information we will use reasonable endeavours to destroy or de-identify the information where it is lawful to do so. These steps may vary depending on the nature of the information, the way it was collected and how it was stored.

  1. 7. Access to, and correction of, your personal information

We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. We encourage you to contact us in order to update any personal information we hold about you. Contact details are set out below. You have the right to request access to, or correction of, any personal information we hold about you.

You may request access to, or correction of, the personal information which we hold about you by contacting our Head Office (Australia) Privacy Officer on privacy.officer@summerset.com.au.

We will require you to verify your identity and to specify what information you require. If the request is being made by someone on your behalf, evidence of your consent, the applicant’s authorisation and the applicant’s identity may be required.

The timeframe for actioning an access or correction request is usually 30 calendar days from the date the request is received. If your request is approved, you will be required to advise us of your preferred means of access to the personal information (e.g. receiving a copy by email or post).

Any access or correction request that is refused will be notified to you in writing along with why the request was refused and the avenues of how to complain.

A fee may be charged for providing access to your personal information. If a fee is to be charged, we will advise you in advance and the fee will not be excessive.

  1. 8. Changes to this Policy

This Policy will be reviewed periodically and may be amended from time to time. The most current version of this Policy will be published on the Summerset website located at https://www.summerset.com.au/privacy-policy/. We encourage you to check the Summerset website periodically to ensure you are aware of our current Policy. Alternatively, a printed copy can be obtained by contacting our Head Office (Australia) Privacy Officer on the details below.

  1. 9. How to contact us and complaints

If you have any questions about privacy related issues or wish to complain about the handling of your personal information by us, please contact our Head Office (Australia) Privacy Officer at privacy.officer@summerset.com.au. We may ask you to lodge your complaint in writing. Any complaint will be investigated by the Head Office (Australia) Privacy Officer and you will be notified of the decision in relation to your complaint as soon as practicable after it is made, usually within 20 working days of receipt.

If we are unable to satisfactorily resolve your concerns about our handling of your personal information, a complaint may be made to the Office of the Australian Information Commissioner (visit https://www.oaic.gov.au/about-us/contact-us for further information).