PART A: ABOUT THIS POLICY
1 Policy Statement
In all instances we will collect, use, and disclose only the personal information that is reasonably necessary for the proper operation and management of our business activities.
We are committed to ensuring compliance with the APPs and any registered APP codes by implementing relevant practices, procedures, and systems.
This Policy applies to the following people or categories or people in relation to their dealings with the us:
- All employees, volunteers, contractors and suppliers.
- Clients and customers.
- Visitors and Guests.
- Engaged third parties, including service providers.
APPs - means the Australian Privacy Principles.
‘Clients’ or ‘Customers’ - includes any person or organisation who engaged us in the provision of our services.
‘Employee’ - means any permanent, casual or temporary person employed directly by us.
‘Permitted Situation’ - means a permitted general situation or permitted health situation as described in the Privacy Act.
‘Privacy Act’ - means the Privacy Act 1988 (Cth).
Part A: About this Policy
Part B: How We Manage Your Personal Information
Part C: Access, Correction, and Changes to this Policy
PART B: HOW WE MANAGE YOUR PERSONAL INFORMATION
1 What We Collect and Why
1.1 We will only collect information which is directly relevant to our business activities. It is important for us to collect this information in order to provide a complete and comprehensive service. We will collect information about you in many circumstances, including the following:
- When you become a supplier of any goods or services to us.
- When you engage us for and/or purchase any of our products, services, or training.
- When you are a prospective Employee, and provide us with any personal and employment related information.
- When you provide us with contact details for any reason.
The personal information we collect in these circumstances may include:
- details such as your name, address, date of birth, and any other demographic information;
- contact details, including preferred method of communication;
- business contact information if you are a (for example) client, bank manager, accountant, legal advisor, or consultant;
- financial information; and/or
- employment information, including work history and contact details for references.
1.2 Sensitive Information
We may collect sensitive information where required to fulfil our business functions or activities. That collection must be consented to by you and reasonably necessary for the operation or management of our business activities. Sensitive information may also be collected in a Permitted Situation, or where otherwise required or authorised by law. Such information includes but is not limited to:
- information about your racial or ethnic origin;
- membership with professional, trade, or political association;
- membership with a trade union;
- political, philosophical, or religious opinions or beliefs;
- sexual orientation;
- criminal record; or
- health information.
1.3 Information About Vulnerable Persons
We may collect personal information about a vulnerable segment of the community (such as children, or persons with disabilities), to the extent that it is necessary for the proper management of our business activities. This may include, for example, if you are a community centre in a vulnerable community and engage us for the provision of any of our services.
2 How We Collect and Hold Information
2.1 How we collect personal information depends on each business relationship. We may collect it through telephone or internet contact, or in person through a visit. We will generally only collect your information directly from you; however, where appropriate, we may collect information indirectly from (for example) list purchases or referrals. Other ways in which we collect information may include:
- where the information is provided by one of our clients in the course of us providing a service (for example, where the information is in a form which a client requires assistance with);
- where the information is publicly available; and
- where the information is obtained through one of our associated entities.
2.2 We will not collect any personal information except where such information has knowingly been provided to us. If we come into possession of any unsolicited personal information, we will destroy it or de-identify it where (and if) appropriate, and if necessary in the circumstances, notify you as soon as practicable.
2.3 If we hold any personal information that we are no longer required to hold for any purpose, we will de-identity or destroy the information to the extent necessary to protect your privacy.
2.4 Our electronic database and manual information management facilities which are used to hold personal information are maintained secure at all times. Internal access will be controlled such that the relevant persons are authorised only for the minimum access that is required by them to enable them to carry out their job function. Other ways in which we hold information may include:
- in hard copy (for example, a printed document); and
- on our cloud-based databases.
2.5 Employee Records
Our acts and practices that are directly related to Employee records or any other information relating to the employment relationship between us and an individual who is or was an Employee is exempt from the Privacy Act. We will not share any of our Employees’ personal information with any person or other employer whatsoever unless authorised by the Employee or required by law, and will take all reasonable steps to otherwise respect the privacy of our Employees.
Web browsers may have the option to disable cookies. However, if cookies are disabled, our website may not operate in the most efficient or desired way.
2.7 Security of Information
The databases that store all of our information, including all personal information, are equipped with protection from illegal network access, as well as other appropriate security measures. Our security systems and measures are monitored and audited on a regular basis.
Any breaches of our security or unauthorised access to information will be thoroughly investigated and reported appropriately, in accordance with our reporting obligations under the Privacy Act.
3 Use and Disclosure
3.1 We will only use or disclose personal information for the purpose for which it was collected, such as those listed in Part B, paragraph 1.1, of this Policy. Other purposes for which we use personal information may include the following:
- To provide effective personal care, where necessary.
- To notify you of any information you require or may be interested in.
- To provide you with a specific good or service that you have engaged us for.
- To refer a matter to one of our associated entities.
- To refer a matter to an external service provider, if required.
3.2 Where personal information is used by us, that information will only be accessed by persons when and where access is required to enable them to carry out their job function. This may include our system assistants, training staff, and administrative staff.
3.3 We may disclose personal information in a Permitted Situation or if otherwise authorised or required by law, in which case we will make a written note of that use or disclosure.
3.4 Where we may Disclose Personal Information
We may disclose person information to various persons or bodies in the usual course of business, in a Permitted Situation, or as required by law. Examples of persons or bodies we may disclose information to include:
- our associated entities or affiliated companies;
- third party service providers;
- family members or emergency services in the event of an emergency; and
- any Government agencies, legal entities, or other bodies as required by law.
PART C: ACCESS, CORRECTION, COMPLAINTS, AND CHANGES TO THIS POLICY
1 Access and Correction
1.1 We are committed to the integrity, quality and security of all personal information that we hold. Information may be stored in hard copy or electronic files and can only be accessed for bona fide purposes according to established practices and as assessed by us at the time of a request.
1.2 You may make request to access or correct your personal information held by us. To make such a request, you may apply to:
Contact: General Manager
Phone: 1800 985 929
1.3 We will either provide access to the information—or in circumstances where access is not provided, provide a reason for not providing access to the information—within such a time frame as is reasonable in the circumstances.
1.4 A person other than you may make a request to access or correct personal information where that person is your parent or guardian, or has such powers as conferred by the relevant legislation pertaining to guardianship and/or powers of attorney, or has otherwise been given some form of authority by the law or you to receive your personal information.
1.5 Employees are entitled to access their personnel records (timesheets, wage and leave and superannuation details). We will provide copies of these records where the Employee makes a request for such access and provides us with sufficient notice.
2.1 If you believe that there has been a breach of the APPs, or a registered APP code that applies to us, you should contact us in writing using the details listed at part C, clause 1.2 (above).
2.2 We will respond to you within thirty (30) days or within such other time frame as is reasonable in the circumstances.
2.3 After thirty (30) days, you may refer your complaint to a recognised external dispute resolution scheme of which we are a member (if applicable).
2.4 You may lodge a grievance in relation to your complaint with us at any time.
2.5 If the complaint is not resolved using the above process, you may refer your complaint to the Office of the Australian Information Commissioner (OAIC).
3 Changes to this Policy
This Policy may be subject to change at any time, based on factors such as our operations and the current legislative requirements. You are encouraged to check this Policy frequently to stay up to date with any changes we may make.