Privacy Commitment: This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth) and the Information Privacy Act 2009 (Qld). Your privacy is important to us, and we are committed to transparent and responsible data handling practices.
1. About This Privacy Policy
1.1 Policy Scope
This Privacy Policy applies to the Strata Help Desk digital building management system ("System") operated by the Body Corporate for building residents, management, contractors, and authorized users.
1.2 Definitions
- "We," "us," "our" refers to the Body Corporate and its authorized representatives
- "You," "your" refers to users of the System, including residents, contractors, and building management personnel
- "Personal Information" has the meaning defined in the Privacy Act 1988 (Cth)
- "Sensitive Information" includes health information, financial details, and other sensitive personal data as defined by applicable privacy legislation
1.3 Regulatory Framework
This Policy ensures compliance with:
- Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) 1-13
- Information Privacy Act 2009 (Qld) and Information Privacy Principles
- Body Corporate and Community Management Act 1997 (Qld)
- Spam Act 2003 (Cth) for electronic communications
2. Personal Information We Collect
APP 1 & APP 3 Compliance: We only collect personal information that is reasonably necessary for our building management functions and with your consent or as otherwise authorized by law.
2.1 Information Collected Directly
| Information Type |
Examples |
Collection Purpose |
| Contact Information |
Name, phone number, email address, lot number |
Authentication, communication, emergency contact |
| Building Access Information |
Unit/lot ownership, tenancy details, authorized occupants |
Access control, security, building management |
| Service Requests |
Maintenance requests, facility bookings, renovation applications |
Building maintenance, service coordination, compliance |
| Contractor Information |
Trade licenses, insurance details, work qualifications |
Contractor verification, compliance, quality assurance |
| Communication Records |
Messages, notifications, support interactions |
Service delivery, record keeping, dispute resolution |
2.2 Information Collected Automatically
- Technical Information: IP address, device type, browser information, access timestamps
- Usage Information: System navigation patterns, feature usage, session duration
- Security Information: Login attempts, authentication events, security incidents
- Performance Data: System response times, error logs, technical diagnostics
2.3 Information from Third Parties
We may receive personal information from:
- Property Management Companies: Tenancy information, owner details, building records
- Contractors and Service Providers: Work completion reports, compliance certificates
- Government Authorities: Regulatory compliance information, safety notices
- Emergency Services: Incident reports, safety-related information
APP 3 Compliance: When we collect personal information from third parties, we take reasonable steps to ensure you are aware of the collection and the purposes for which the information is collected.
3. How We Use Personal Information
APP 6 Compliance: We only use personal information for the purposes for which it was collected, or for related purposes that would be reasonably expected, or with your consent.
3.1 Primary Purposes
- Building Management: Coordinating maintenance, facility bookings, and building operations
- Communication: Sending notices, updates, emergency alerts, and service notifications
- Access Control: Managing building security, key card access, and visitor management
- Service Delivery: Coordinating contractor services, repairs, and building improvements
- Compliance: Meeting Body Corporate governance requirements and regulatory obligations
- Safety and Security: Emergency response, incident management, and building safety
3.2 Secondary Purposes
We may also use personal information for:
- System Improvement: Analyzing usage patterns to enhance System functionality
- Quality Assurance: Monitoring service quality and contractor performance
- Record Keeping: Maintaining historical records for legal and administrative purposes
- Dispute Resolution: Investigating complaints and resolving conflicts
- Financial Management: Processing Body Corporate fees and building-related transactions
3.3 Essential Building Communications
We send essential communications including:
- Safety and Security Alerts: Emergency notifications, security updates, and critical safety information
- Building Operations: Maintenance schedules, facility closures, and operational updates
- Compliance Notices: Body Corporate requirements, regulatory notifications, and policy updates
- Service Notifications: Contractor schedules, repair updates, and service delivery information
Essential Communications: Due to life-and-limb safety requirements and duty-of-care obligations, building management and security personnel require emergency contact access to all residents. Opt-out is not available for essential safety, security, and compliance communications.
4. Disclosure of Personal Information
APP 6 Compliance: We only disclose personal information for the purposes for which it was collected, to related parties as reasonably expected, or with your consent, except where disclosure is required or authorized by law.
4.1 Routine Disclosures
We regularly share personal information with:
| Recipient |
Information Shared |
Purpose |
| Building Committee |
Resident information, service requests, compliance matters |
Governance, decision-making, policy development |
| Property Managers |
Maintenance requests, tenant information, building operations |
Day-to-day building management and coordination |
| Contractors and Service Providers |
Contact details, access requirements, work specifications |
Service delivery, project coordination, quality assurance |
| Security Personnel |
Resident identification, access privileges, incident reports |
Building security, access control, emergency response |
| Professional Services |
Relevant information for legal, accounting, insurance matters |
Professional advice, compliance, risk management |
4.2 Emergency and Legal Disclosures
We may disclose personal information without consent when:
- Emergency Situations: To emergency services, medical personnel, or safety authorities
- Legal Obligations: To comply with court orders, subpoenas, or statutory requirements
- Law Enforcement: To police or regulatory authorities investigating suspected criminal activity
- Public Safety: To prevent or mitigate serious threats to public health or safety
- Regulatory Compliance: To building inspectors, safety authorities, or compliance officers
4.3 Third-Party Service Providers
We may engage third-party service providers who may access personal information, including:
- Cloud Storage Providers: For secure data storage and backup services
- Email Service Providers: For communication and notification delivery
- IT Support Companies: For system maintenance and technical support
- Data Analytics Services: For system optimization and performance monitoring
All third-party service providers are required to:
- Comply with Australian privacy laws and this Privacy Policy
- Use personal information only for authorized purposes
- Implement appropriate security measures to protect personal information
- Return or destroy personal information when services are completed
5. Data Security and Storage
APP 11 Compliance: We take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure.
5.1 Security Measures
We protect personal information through:
- Technical Safeguards: Encryption, secure servers, firewalls, and access controls
- Administrative Safeguards: Staff training, access policies, and regular security reviews
- Physical Safeguards: Secure facilities, locked storage, and restricted access areas
- Authentication Systems: Multi-factor authentication and secure login procedures
5.2 Data Storage
- Location: Personal information is stored on secure servers located in Australia
- Backup: Regular backups are maintained with equivalent security measures
- Access Control: Access is restricted to authorized personnel on a need-to-know basis
- Monitoring: System access is logged and monitored for unauthorized activity
5.3 Data Location and Storage
All personal information is stored and processed within Australia:
- Server Location: All data is stored on secure servers located within Australia
- Data Processing: All processing activities occur within Australian jurisdiction
- Backup Systems: All backup and disaster recovery systems are located in Australia
- No International Transfers: Personal information is not transferred outside Australia
5.4 Data Breach Response
In the event of a data breach, we will:
- Immediate Response: Contain the breach and assess the risk to individuals
- Notification: Notify the Office of the Australian Information Commissioner and affected individuals if required
- Remediation: Take steps to prevent further unauthorized access and mitigate harm
- Review: Investigate the cause and implement measures to prevent recurrence
6. Data Retention and Destruction
APP 11 Compliance: We retain personal information only as long as necessary for the purposes for which it was collected or as required by law.
6.1 Retention Periods
| Information Type |
Retention Period |
Legal Basis |
| Contact Information |
Duration of residency + 2 years |
Ongoing communication needs, dispute resolution |
| Service Records |
7 years from completion |
Body Corporate record keeping requirements |
| Financial Information |
7 years from transaction |
Taxation and financial record requirements |
| Safety and Security Records |
10 years from incident |
Safety compliance and legal protection |
| Contractor Information |
10 years from last engagement |
Warranty claims, quality assurance, compliance |
| Legal Documents |
Permanent or as required by law |
Legal and regulatory compliance |
6.2 Secure Destruction
When personal information is no longer required, we:
- Digital Records: Securely delete files and overwrite storage media
- Physical Records: Shred or incinerate documents in secure facilities
- Backup Systems: Ensure destruction across all backup and archive systems
- Third-Party Storage: Require service providers to securely destroy information
6.3 Exceptions to Destruction
We may retain personal information beyond standard retention periods when:
- Required by law or court order
- Necessary for ongoing legal proceedings
- Needed for safety or security purposes
- You have specifically consented to extended retention
7. Your Privacy Rights
APP 12 & APP 13 Compliance: You have the right to access and correct your personal information. We are committed to ensuring the accuracy and completeness of personal information we hold.
Right to Access
You can request access to personal information we hold about you, including:
- What information we collect
- How we use your information
- Who we share it with
- How long we retain it
Right to Correction
You can request correction of personal information that is:
- Inaccurate or outdated
- Incomplete or misleading
- Not relevant to our purposes
- Obtained unlawfully
Right to Complaint
You can make a complaint if you believe we have:
- Breached your privacy
- Mishandled your information
- Failed to respond to your requests
- Not followed this Privacy Policy
Right to Restrict Processing
You may request restriction of processing when:
- Accuracy of information is disputed
- Processing is unlawful
- Information is no longer needed
- You object to processing
7.1 Making a Privacy Request
To exercise your privacy rights:
- Submit a Request: Contact Your Body Corporate Manager or Committee using the details below
- Verify Identity: Provide identification to protect against unauthorized access
- Specify Requirements: Clearly describe the information or action you're requesting
- Response Timeline: We will respond within 30 days of receiving your request
7.2 Fees and Charges
We may charge reasonable fees for:
- Extensive requests requiring significant administrative effort
- Repeated requests for the same information
- Provision of information in specific formats
- Postage and handling for physical document delivery
We will notify you of any fees before processing your request.
7.3 Refusal of Requests
We may refuse requests when:
- Disclosure would pose a serious threat to safety or public health
- Information is subject to legal professional privilege
- Disclosure would prejudice law enforcement activities
- Information relates to existing or anticipated legal proceedings
- Disclosure would be unlawful or breach third-party rights
If we refuse a request, we will explain the reasons and inform you of your complaint options.
8. Cookies and Online Tracking
8.1 Cookies We Use
The System uses cookies and similar technologies for:
- Essential Cookies: Authentication, security, and basic system functionality
- Functional Cookies: User preferences, language settings, and accessibility features
- Analytics Cookies: System usage statistics and performance monitoring
- Security Cookies: Fraud prevention and account protection
8.2 System Access Technology
The System uses secure authentication technology including:
- Mobile-Based Authentication: Two-factor authentication via mobile phone and email
- Session Management: Secure session tokens for maintaining authenticated access
- Security Protocols: Encrypted connections and secure data transmission
- Access Logging: Monitoring and logging of system access for security purposes
The System does not use cookies or tracking technologies. All user preferences and session data are managed through secure server-side authentication.
8.3 Third-Party Tracking
We do not permit third-party tracking or advertising cookies on the System. Any analytics tools used are configured to:
- Anonymize IP addresses
- Disable data sharing with third parties
- Respect user privacy preferences
- Comply with Australian privacy laws
9. Special Categories of Information
9.1 Sensitive Information
We may collect sensitive information only when:
- Health Information: For emergency response, accessibility accommodations, or safety requirements
- Security Information: For building access control and incident response
APP 3 Compliance: We only collect sensitive information with your consent or when required or authorized by law. Additional protections apply to the handling of sensitive information.
10. Updates to This Privacy Policy
10.1 Policy Reviews
We review this Privacy Policy annually or when:
- Australian privacy laws change
- System functionality is significantly updated
- New data collection or processing activities commence
- Feedback indicates policy improvements are needed
10.2 Notification of Changes
Material changes to this Privacy Policy will be communicated through:
- System Notifications: Prominent notice upon login
- Email Alerts: Direct notification to registered users
- Building Communications: Notice boards and Body Corporate correspondence
- Website Updates: Updated version posted with change highlighting
10.3 Continued Use
Continued use of the System after notification of Privacy Policy changes constitutes acceptance of the updated terms, unless you specifically opt-out or request account termination.
11. Contact Information and Complaints
11.1 Privacy Contact
11.2 Making a Privacy Complaint
If you believe we have breached your privacy, you can:
- Contact Us Directly: Submit a complaint to Your Body Corporate Manager or Committee
- Internal Investigation: We will investigate and respond within 30 days
- External Complaint: Contact the Office of the Australian Information Commissioner if unsatisfied with our response
11.3 External Complaint Options
11.4 Complaint Resolution Process
Our complaint resolution process includes:
- Acknowledgment: Confirmation of complaint receipt within 7 days
- Investigation: Thorough review of the complaint and relevant records
- Response: Written response with findings and any remedial action
- Appeal: Option to escalate to Body Corporate Committee if unsatisfied
- External Review: Information about external complaint options
Privacy Acknowledgment: By using the Strata Help Desk system, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein.
Document Version: 2.0 | Effective Date: 28 February 2026
Last Updated: 28 February 2026 | Next Review: 28 February 2027