The Company is committed to safeguarding the privacy of information provided to us and information about visitors to our website and any other associated websites under our control.
1.1. From time to time the Company is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to prospective employees, clients, suppliers, investors, referees, contractors and employees) in the performance of its business activities.
1.3. The APPs regulate the handling of personal information.
WHAT IS PERSONAL INFORMATION
2.1. Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
3.2. An employee record is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee. Please see the Act for further examples of employee records.
3.3. The exemption applies to current or former employees. It does not apply to contractors, volunteers or prospective employees. Despite this exemption, the Company may have other obligations regarding employee records, for example under the Fair Work Act 2009 (Cth) and the Fair Work Regulations 2009 (Cth).
KINDS OF INFORMATION THAT THE COMPANY COLLECTS AND HOLDS
4.1. The Company collects personal information that is reasonably necessary for one or more of its functions or activities.
4.2. The type of information that the Company collects and holds may depend on your relationship with the Company. For example:
- Prospective Employee: if you are someone seeking employment with the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details.
- Client: if you are a client of the Company, the Company may collect and hold information including your name (including name prefix or title), contact details (such as your postal address, email address and phone number(s)), nationality, identification, gender, organisation, business interests, employment, positions held, billing and financial information (such as billing address, bank account and payment information) and enquiry/complaint details. We may also collect personal information about your other dealings with us and our clients, including any contact we have with you in person, by telephone, email or online.
- Supplier: if you are a supplier of the Company, the Company may collect, hold, use and disclose information including your name, address, email address, contact telephone number, business records, billing information, information about goods and services supplied by you.
- Referee: if you are a referee of a prospective employee, the Company may collect and hold information including your name, contact details, current employment information and professional opinion of the prospective employee.
4.3. Sensitive information: the Company will only collect sensitive information where you consent to the collection of the information (unless one of the exceptions to the APPs apply) and the information is reasonably necessary for one or more of the Company’s functions or activities. Sensitive information includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preferences, criminal record, health information or genetic information.
HOW THE COMPANY COLLECTS AND HOLDS PERSONAL INFORMATION
5.1. The Company will only collect personal information by lawful and appropriate means. The Company will collect personal information directly from you if it is reasonable or practicable to do so.
5.2. The Company and any Group Company may collect personal information in a number of ways, including without limitation:
a. through application forms;
b. by email or other written mechanisms;
c. over a telephone call;
d. in person;
e. through transactions;
f. through our website;
g. through surveillance cameras;
h. by technology that is used to support communications between us; from third parties, including but not limited to:
i. from past and present employers and referees when conducting reference checks, clients of the Company and contract management services in relation to assignments;
ii. through publicly available information sources (which may include telephone directories, the internet and social media sites); and
iii. direct marketing database providers;
- by the disclosure of the personal information between the Group Companies.
5.3. When the Company collects personal information about you through third parties, it will manage such information in accordance with the APPs.
5.5. Unsolicited personal information is personal information that the Company receives which it did not solicit. Unless the Company determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified.
5.6 Monitoring of telephone calls
When the Company speaks to you on the phone, calls may be recorded for security, training and quality assurance purposes.
PURPOSES FOR WHICH THE COMPANY COLLECTS, HOLDS, USES AND/OR DISCLOSES PERSONAL INFORMATION
6.1. The Company will collect personal information if it is reasonably necessary for one or more of its functions or activities.
6.2. In most cases, you will be required to identify yourself when you deal with us, such as when you (or an associated company or other entity) become a client of ours. If you do not provide us with the personal information detailed above, some or all of the following may happen:
- we may not be able to accept you (or your associated company or other entity) as a client or provide our services to you or your associated company or other entity;
- we may not be able to provide you with our publications, brochures and newsletters; and
- we may be unable to tailor the content of our website to your preferences and your experience of our website may not be as relevant or useful as it could be.
6.3. We will normally hold your personal information in a database. We collect, hold, use and disclose your personal information for some or all of the following purposes:
- administering our relationship with you, including providing services, responding to enquiries and obtaining payment for our services;
- processing applications for employment;
- business development – to provide you with information about the Company’s and the Group Company’s existing and new products and services (including for direct marketing purposes as described in clause 7 below, sending legal and other updates, publications, and details of events and tracking and recording your opening of our email communications and clicking on any links in our email communications);
- providing and administering legal and consulting services;
- meeting legal or other regulatory obligations imposed on us;
- auditing and managing the usage of our website;
- to update our records and keep your contact details up to date;
- to provide necessary information to the NDIS or to JAS-ANZ in respect of compliance with their respective schemes;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or other governmental authority.
6.4. The Company may also collect, hold, use and/or disclose personal information if you consent or if required or authorised under law. For example, the Company may be required or authorised to collect your Tax File Number, if you choose to provide it, by the Income Tax Assessment Act 1936 (Cth).
7.1. The Company or any of the Group Companies may use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing (for example, advising you of new goods and/or services being offered by the Company and the Group Companies).
7.2. The Company may use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
7.3. The Company or any of the Group Companies may use or disclose personal information (other than sensitive information) about you to the other Group Companies for the purpose of cross promotions and direct marketing of the other Group Company’s products and services.
7.4. You can opt out of receiving direct marketing communications from the Company by contacting our Privacy Officer in writing or if permissible accessing the Company’s website and unsubscribing appropriately.
DISCLOSURE OF PERSONAL INFORMATION
8.2. Disclosure will usually be internally, to related entities but may otherwise include third parties such as contracted service suppliers (CSP). Examples of CSPs include, but are not limited to, financial institutions for payment processing, information technology service providers, marketing and communications agencies, printers and distributers of direct marketing material and external business advisors.
8.3. Before the Company discloses personal information about you to a third party, the Company will take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information. While we take all reasonable steps to ensure the security of our system, we cannot provide any guarantee regarding security of the personal information and other data transmitted to the HRA Cloud platform or services and we will not be held responsible for events arising from unauthorised access of your personal information.
ACCESS TO PERSONAL INFORMATION
9.1. If the Company holds personal information about you, you may request access to that information by putting the request in writing and sending it to our Privacy Officer. The Company will respond to any request within a reasonable period, but no more than 30 days. The Company may charge a fee to provide access to the personal information.
9.2. There are certain circumstances in which the Company may refuse to grant you access to the personal information. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality or legal professional privilege.
9.3. In such situations the Company will give you written notice that sets out:
a. the reasons for the refusal; and
b. the mechanisms available to you to make a complaint.
CORRECTION OF PERSONAL INFORMATION
10.1 If you wish to access, verify, or correct of any of the personal information you have submitted to us, you may do so by contacting us via firstname.lastname@example.org. As soon as practicable after your request, we will take reasonable steps to allow for corrections to be made to this information unless an exception under the relevant privacy or data protection laws apply.
10.2. There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will give you written notice that sets out:
a. the reasons for the refusal; and
b. the mechanisms available to you to make a complaint.
10.3. If the Company corrects personal information that it has previously supplied to a third party and you request us to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
INTEGRITY AND SECURITY OF PERSONAL INFORMATION
11.1. The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it:
a. collects is accurate, up-to-date and complete; and
b. uses or discloses is, having regard to the purpose of the use or disclose, accurate, up-to-date and complete.
11.2. The Company will take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
11.3. If the Company holds personal information, it no longer needs the information for any purpose for which the information may be used or disclosed, the information is not contained in any Commonwealth record and the Company is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
ANONYMITY AND PSEUDONYMITY
12.1. You have the option of not identifying yourself, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply:
a. where the Company is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
b. where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
12.2. However, in some cases if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
OVERSEAS DISCLOSURE AND CLOUD
13.1. The Company may disclose Personal information about an individual overseas. This is likely to occur where the Company uses “cloud” service providers.
13.2. When disclosing Personal information, the Company will do so in accordance with the APPs.
NOTIFIABLE DATA BREACHES
What is a Notifiable Data Breach?
14.1. A Notifiable Data Breach occurs when Personal information of an individual held by the Company is accessed by, or is disclosed to, an unauthorised person, or is lost, and:
- a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual; or
b. in the case of loss unauthorised access or disclosure of Personal information is likely to occur, and a reasonable person would conclude that the unauthorised access or disclosure would likely result in serious harm to the relevant individual.
14.2.If the Company suspects that a Notifiable Data Breach has occurred, it will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that a Notifiable Data Breach has occurred.
14.3. The Company will take all reasonable steps to ensure that the assessment is completed within 30 days of becoming aware of the suspected Notifiable Data Breach.
14.4.Please refer to the Notifiable Data Breach Procedure if you suspect a breach has occurred.
14.5. Subject to any restriction under the Act, in the event a Notifiable Data Breach occurs, the Company will, as soon as practicable, prepare a statement outlining details of the breach, and:
a. notify the individual of the unauthorised access, disclosure or breach; and
b. notify the Office of the Australian Information Commissioner of the unauthorised access, disclosure or breach.
15.1. You have a right to complain about the Company’s handling of your personal information if you believe the Company has breached the APPs.
15.2. If you wish to make such a complaint to the Company, you should first contact the Privacy Officer in writing. Your complaint will be dealt with in accordance with the Company’s complaints procedure and the Company will provide a response within a reasonable period.
15.3. If you are unhappy with the Company’s response to your complaint, you may refer your complaint to the Office of the Australian Information Commissioner.
COMPANY AND PRIVACY OFFICER CONTACT DETAILS
The Company’s Privacy Officer can be contacted in the following ways:
Company Privacy Officer
Telephone number: 02 9922 5188
Email address: email@example.com
Postal address: Level 11, 83 Mount Street, North Sydney NSW 2060