Home > Privacy Policy

Privacy Policy

Ingram Micro Pty Ltd - Privacy Policy

Last updated: July 2024

1. Background

This document sets out the Privacy Policy of Ingram Micro Pty Ltd (ABN 45 112 487 966) and all its related companies (Ingram Micro, us or we) in relation to its operations in Australia.  Ingram Micro is a distributor and reseller of information technology products and services and is a subsidiary of its United States headquartered parent entity.  The Ingram Micro group of entities operates all around the world, including countries in North America, Europe, Middle East and Africa, Latin America and Asia Pacific.  We are a global leader in IT supply chain, cloud aggregation, cybersecurity solutions, data centre management, logistics, technology distribution, mobility device life-cycle, and training to our enterprise customers.

Ingram Micro is committed to protecting the privacy of the personal information it collects and receives. This Privacy Policy seeks to explain how we collect, hold, use and disclose your personal information when you visit our websites, portals, apply for or use our services or products through us or our authorised third parties, or communicate with us in any way in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APP). 

Ingram Micro provides enterprise customers with the ability to purchase a wide variety of technologies (offerings) provided by third party vendors both directly from Ingram Micro and through resellers and distributors. Each offering may be subject separate privacy policies issued by Ingram Micro or the Vendor. 

A copy of this Privacy Policy is available on the Ingram Micro website. A printed copy can be obtained free of charge by contacting our Privacy Officer (details under heading 14 below).

2. What personal information do we collect and hold?

“Personal Information” as defined under the Privacy Act means information or an opinion about an identified individual, or an individual who is reasonable identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. The kinds of personal information we collect and hold about you depends on the circumstances of collection and the nature of your dealings with us.

We may collect and hold the following kinds of personal information about you including:

  • ID information such as your name, postal or email address, telephone numbers, date of birth or other information requested and/or provided by you and people nominated by you when you made your application for our products and/or services;
  • information (including credit information, as defined in the Privacy Act) relevant to the provision of products or services to you, including information about your and/or your guarantor’s (if appliable) financial position, assets and liabilities,  income and proof of financial position;
  • financial details such as your tax file number;
  • other information relevant to our relationship with you, including name and contact details of your professional advisers or representatives such as your solicitor or accountant; your referees or guarantors; and information contained in identity documents that you may provide to us;
  • If you apply for a job at Ingram Micro, we will collect the information you include in your application for employment, including your name, email address, telephone number, address, financial details (including banking details, date of birth, citizenship, employment references, criminal records, driver licence, education and employment history;
  • Publicly available information such as through public registers; and
  • any other information as notified to you from time to time.

3. What sensitive information do we collect and hold?

Sometimes we need to collect sensitive information about you, for instance in relation to some insurance applications or applications for employment with Ingram Micro.  This could include things like medical checks, medical consultation reports or other information about your health.  Unless required by law, we will only collect sensitive information with your consent or as set out in this Privacy Policy.

4. How we collect personal information

We collect information through the following means:

  • our websites and platforms as set out in section 8 below, and through interaction with online ads, content or emails we send to you;
  • our vendor and customer portals;
  • orders for our products or services;
  • use of social media;
  • employment applications;
  • requests for brochures, to join a mailing list or to be contacted for further information about our products or services;
  • responses to surveys or research conducted by us or on our behalf;
  • entries into competitions/ trade promotions;
  • third party service providers; and
  • provision of customer service and support.

We may also supplement the information that you provide to us with other personal information (including credit information) that we obtain from our dealings with you, your guarantor(s) (if you are a customer who makes a credit application as part of our services) or which we receive from other organisations, such as:

  • credit reporting bodies (CRBs) in relation to certain credit information (for example, relating to the officeholders of your business) where you are a customer and you sign a credit application with us in relation to the purchase of products or services from us and/or you agree to provide a guarantee in favour of us in connection with the above; and
  • publicly available sources, including public registers and social media platforms.

Further, we may collect personal information about an individual from third parties who have applied for a product or service, for example:

  • where a company is an applicant and details of the company’s officeholders or account signatories are provided to us by the individual(s) applying on behalf of the company;
  • where a trustee is an applicant and details of the trustees and beneficiaries are provided to us by the individual(s) applying on behalf of the trust.

Where practicable, we will collect personal information directly from you.  If we receive information about you from someone else (for example from someone who supplies goods or services to us), we will take reasonable steps to ensure you are aware that we have collected personal information about you and the circumstances of the collection.

5. The purposes for which we collect, hold, use and disclose personal information

5.1 General.
The main purposes for which we collect, hold, use and disclose personal information are:

  • to provide products and services to our customers in the course of carrying out our business, including when assessing you’re and/or your guarantor(s)’ (as applicable) credit worthiness;
  • to obtain products and services from our suppliers and distributors/vendors;
  • to respond to enquiries from existing or prospective customers seeking information about our products or services; and
  • to process and assess employment applications

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or where:

  • required or authorised by or under law (including, without limitation, privacy legislation);
  • necessary to provide you with a product or service which you have requested;
  • is necessary to protect the rights, property or personal safety or any of our customers, any member of the public or our interests;
  • the assets and operations of our business are transferred to another party as a going concern; 
  • performing other administrative tasks including staff training, undertaking planning, research and statistical analysis, systems development and testing; 
  • conducting data analytics to help us improve our products and services; 
  • facilitating our internal business operations, including audits; 
  • managing any overdue payments owed from you or your related parties; 
  • detecting and preventing fraud, security threats or other illegal or malicious behaviour or managing disputes; or
  • for which the individual has provided their consent.

5.2 Disclosure of personal information to third parties

During the course of our business, we may appoint other organisations to carry out data processing activities on our behalf. Third parties who we may disclose personal information to include to for the purposes set out above include:

  • organisations that we are affiliated with; 
  • financial institutions for payment processing;
  • referees whose details are provided to us by job applicants; and
  • contracted third party service providers, including:
    • information technology service providers;
    • mailing houses, freight and courier services;
    • printers and distributors of direct marketing material; 
    • external business advisers (such as recruitment advisers, auditors and lawyers); our insurer(s) if applicable, including in relation to your payment plan with us;
    • entities we propose to merge with or be acquired by; 
    • relevant authorities or enforcement bodies where we reasonably believe that such disclosure is necessary to bring legal action against anyone who has breached our terms and conditions or engaged in any unlawful activity; and
    • any other person where we are otherwise required or permitted to by any law, including under the Privacy Act.

In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

5.3 Disclosure of credit information to CRBs

The CRB that we currently use is Equifax: www.equifax.com.au. The law requires us to advise you or otherwise ensure that you are aware of certain ‘notifiable matters’. The CRB in which we use contain their own credit reporting policies outlining how they deal with your information. Such policies are outlined on their respective websites and via the details provided below:

Equifax Australia Information Services and Solutions Pty Limited
Mail: PO Box 964, NORTH SYDNEY NSW 2059
Phone: 138 332 
Website: https://www.equifax.com.au/

A copy of Equifax's credit information management policy may be obtained by contacting them by filling out their form. You have the right to request CRBs not to:

    • use your credit-related information to determine your eligibility to receive direct marketing from credit providers; and
    • use or disclose your credit-related information, if you have been or are likely to be a victim of fraud.

6. Disclosure of your personal information overseas

Ingram Micro operates in a number of international jurisdictions. We may need to share some of your information with organisations (including our related bodies corporate) outside Australia which are located in the following countries:

  • United States of America
  • New Zealand
  • Singapore
  • Philippines
  • India
  • China

We may store your information in cloud or other types of networked or electronic storage.  As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held.  If your information is stored in this way, disclosures may occur in countries other than those listed. Overseas organisations may be required to disclose information we share with them under a foreign law.

A third party to whom we give your personal information may not be in your country of residency or may transfer and store that information outside that country (Overseas Recipient).

If you are a resident in Australia, we will take reasonable steps to ensure that an Overseas Recipient does not breach the APPs. Overseas Recipients are not bound by the APPs and you agree that subclause 8.1 of the APPs does not apply to the disclosure of your personal information to an Overseas Recipient. If an Overseas Recipient handles your information in breach of the APPs, you will not be able to seek redress under the Privacy Act. The practical effects or risks associated with the disclosure may include that you may not be able to seek redress in the jurisdiction of the Overseas Recipient or the Overseas Recipient is subject to a foreign law that could compel the disclosure of personal information to a third party, such as an overseas authority.

7. Collection of information other than personal information through our website

Each time you visit one of our websites, our server collects some anonymous information such as the type of browser and system you are using, the date and time of your visit, the address of the website you have been directed from and your server’s IP address. We may use this information to evaluate and improve our website performance.

Where you visit our website, use or services or products for which we provide online, we may use cookies from time to time. A cookie is a small string of information that a website transfers to your browser for identification purposes. Cookies are text files placed in your computer's browser to store your preferences. However, once you choose to furnish us with personally identifiable information, this information may be linked to the data stored in the cookie.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any personal identifiable information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of our website.

8. What if you don't want to provide your personal information to us?

Our policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.

In some cases however, if you do not provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking. For example, you must identify yourself to be able to make purchases through our website.

9. Unsolicited information

Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).

We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, Ingram Micro’s policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

10. Data quality and security

10.1 General

Your personal (including credit information) may be held in physical or electronic form on our systems or the systems of our service providers.  Paper files may also be archived in boxes and stored offsite in secure facilities. No information transmitted over the Internet can be guaranteed to be secure. The transmission and exchange of information is carried out at your own risk. However, we do take measures to mitigate against un-authorised disclosures of information.

10.2 Security

The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.

10.3 Payment security

Ingram Micro processes and accepts payments using methods such as EFTPOS payments, internet bank transfers and other online payment technologies. Our policy is to ensure that all transactions processed by us (including via our payment service providers) meet industry security standards to better ensure that payment details are protected.

10.4 Website security

While we strive to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk.

Please notify us immediately if there is any unauthorised use of your account by any other Internet user or any other breach of security. For the purposes of viewing our Web site you will have a user name and password. You are responsible for the security and confidentiality of your password and log-in information.

10.5 Third party websites

Our website may contain links to other third-party websites for your convenience. These linked sites are not under the control of Ingram Micro, and we are not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

11. Direct marketing

We may use your personal information, including your name and relevant contact details, to let you know about our services and those of third-party partners/contractors/suppliers of ours. 

We and/or our partners/contractors/suppliers may contact you for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile. By providing us with your personal information you consent to us and/or our partners, contractors and suppliers contacting you for such purposes unless you notify us otherwise in accordance with the below methods.

11.1 Opting out

You can opt out at any time from receiving direct marketing from us, in the following ways:

  • send a letter to the Ingram Micro Privacy Officer, Ingram Micro Pty Ltd, 61 Dunning Ave, Rosebery NSW 2018 or send an email to privacy@ingrammicro.com.au
  • advise us if they receive a marketing call that they no longer wish to receive these calls; and
  • use the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.

11.2 Notification of source

If we have collected the personal information that we use to send you direct marketing material from a third party (for example a direct mail database provider), you can ask us to notify you of our source of information, and our policy is to do so unless this is unreasonable or impracticable.

12. Access and correction of your personal information

12.1 Accessing your personal information

If at any time you want to know exactly what personal information Ingram Micro holds about you, you can access your record by contacting us at privacy@ingrammicro.com.au. 

We‘ll always give you access to your personal information unless there are certain legal reasons why we cannot do so. We will give you access to your information in the form you want it where it is reasonable and practical. We may charge you a small fee to cover our costs when giving you access, but we’ll always check with you first.

Some of the situations where we do not have to give you access include when:

    • there is an unreasonable impact on other individuals;
    • the information wouldn’t be ordinarily accessible because of legal proceedings;
    • it would prejudice negotiations with you;
    • it would be unlawful; or
    • it would harm the confidentiality of our commercial information.

If we cannot provide your information in the way you have requested, we will tell you why in writing. If you have concerns, you can contact our Privacy Officer.

12.2 Correction

If your personal information is inaccurate or out of date, you can email us at privacy@ingrammicro.com.au and ask us to correct it. If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, our policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity.

12.3 Timeframe for access and correction requests

Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.

12.4 What if we refuse your request for access or correction?

If we refuse your access or correction request, or if we refuse to give you access in the manner you requested, Ingram Micro’s policy is to provide you with a written notice setting out:

    • the reasons for our refusal (except to the extent that it would be unreasonable to do so); and
    • available complaint mechanisms

In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.

13. Complaints

If you have a complaint about how Ingram Micro has collected or handled your personal information, please contact our Privacy Officer (details are set out below).

Our Privacy Officer will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.

If your complaint cannot be resolved at the first instance, we will ask you to complete a form which details (for example) the date, time and circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how would you like your complaint resolved.

13.1 Complaints process

We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.

In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.

    • Our response will set out:
    • whether in the Privacy Officer's view there has been a breach of this Privacy Policy or any applicable privacy legislation; and
    • what action, if any, Ingram Micro will take to rectify the situation.

If you are unhappy with our response or if we fail to respond to your complaint in a timely manner, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies.

14. Further Information

For more information on how we handle the personal information that we hold about you, please contact:

Privacy Officer
Ingram Micro Pty Ltd
61 Dunning Ave
Rosebery NSW 2018
Australia

E: privacy@ingrammicro.com.au
P: + 61 2 9381 6000

15. Changes to this policy

Over time aspects of our business may change. This may require our policies to be reviewed and revised. Accordingly, we may amend this Privacy Policy at any time by posting an updated version on our website and where required, obtain your consent.