Passtab is used to collect and collate information about visitors, staff, contractors, students and others (Registrants) who arrive at and/or depart from premises of an organisation.
Passtab has an Administrator and a Visitor Module. The Administrator can access PI via web browser-enabled devices, including computers, tablets, and smartphones. The Visitor Module is used to record arrivals, departures, and movements of Registrants.
We collect PI when we create a Passtab Administrator. We collect:
a. Account name
b. Email address
d. Organisation name and address
e. Contact Phone Number
f. Contact Name
We also collect PI when a Registrant uses the Visitor Module to register arrival or departure from premises. The Administrator (not IMS) determines what information is collected; depending on category of Registrant, it may typically include:
a. Arrival and departure time
b. Category of Registrant
c. The access point for arrival and departure
d. A PIN associated with a Registrant
e. Employer (if a contractor)
f. Reason for visit
g. Electronic signature
h. Photo image
i. Phone number
j. Certificate expiry date
k. Items booked out to the Registrant
We use Administrator-related PI to manage, service, and invoice our accounts.
We monitor PI relating to Registrants to maintain optimum system performance.
In addition, Administrators (not IMS) use PI they have collected to manage their facility. This includes managing emergencies by allowing Administrators and delegated staff to view the database of Registrants who are on or off the premises.
PI is stored on a secure server provided by Amazon Web Service that is physically located in Australia. Communication between the Administrator account and the server is encrypted in transit. Access to the secure server is restricted to authorised IMS personnel.
We do not combine PI with other data, modify it, or disclose it to third parties. When an account is closed, we delete its PI after one month.
We manage the passwords for Administrators. Administrators have password-protected access to all PI relating to Registrants. Administrators can also delegate password-protected access to other people. Registrants do not have access to PI when using the Visitor Module.
We are committed to ensuring the privacy of all PI we collect. Certain compulsory obligations have been placed on organisations under the Privacy Act 1988 (Cth) to notify specific types of data breaches (Notifiable Data Breaches “NDB”) to individuals affected by the breach as well as to the Office of the Australian Information Commissioner (OAIC). A NDB is one that is likely to result in serious harm to any individual to whom the information relates.
The requirements under the NDB do not apply to IMS however, we are committed to ensuring the protection of all PI and we have therefore committed to comply with the obligations and have updated our internal privacy program accordingly.
In the event of a PI data breach of either Administrator Information or Registration Information, IMS will notify the party affected within 7 days of IMS becoming aware of the breach, and provide:
a. Our identity and contact details;
b. A description of the data breach;
c. The kinds of information that is suspected of being obtained;
d. Recommendations about the steps you should take to limit the impact of the breach;
e. Advice as to whether we have contacted the OAIC about the breach.
You have a right to access your PI that we hold and ensure that it is correct. For information on how to access your PI at IMS please contact our privacy officer with your request:
Business Development Manager
Invision Marketing Services Pty Ltd
Suite 8, 410 Burwood Highway, Wantirna South, Victoria, 3152
Within Australia: 03 9800 1489
Outside Australia: +61 3 9800 1489
Email: jimcamm AT invision.net.au (Replace AT with @)
We will endeavour to respond to your request within three business days.
If you are not satisfied with our response to your request for information you may wish to contact the the Office of the Australian Information Commissioner:
Phone: 1300 363 992
This privacy statement was updated on: 21/02/2018