From time to time the Company is required to collect, use and disclose personal information relating to its customers, contractors, suppliers and employees in the performance of its business activities.
This policy sets out the guidelines to assist the Company and its employees comply with the requirements of the Privacy Act 1998 and the National Privacy Principles (NPP) in relation to the collection, storage, use and disclosure of records containing individuals’ personal information.
This policy applies to the collection, storage, use and disclosure by the Company (or a person acting on behalf of the Company) of records containing individuals Personal Information in Australia.
This policy does not apply to the collection, storage, use and disclosure of Personal Information where:
The collection, storage, use and/or disclosure of the employee record relates to the Company’s employment relationship with the employee.
Employee Record: means a record of Personal Information relating to the employment of a Company employee.
Personal Information: means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether records in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive Information: has the meaning set out in the Privacy Act.
Collection of Personal Information
The Company is entitled to collect personal information by lawful and fair means. Personal information must not be collected in an unreasonably intrusive way.
A person who collects Personal Information on behalf of the Company must comply with this Policy and the requirements of the Privacy Act.
Use and Disclosure of Personal Information
The Company will not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:
Both of the following apply:
1) The secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection
2) The individual would reasonably expect the Company to use or disclose the information for the secondary purpose; or
3) The individual has consented to the use or disclosure; or
The company has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the Personal Information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
– The use or disclosure is required or authorised by or under law; or
– The use or disclosure is not inconsistent with the requirements of the Privacy Act.
The Company will take reasonable steps to make sure that the Personal Information it collects, uses or discloses is accurate, complete and up to date.
The Company will take reasonable steps to protect the Personal Information it holds from misuse and loss from unauthorized access, modification or disclosure.
The Company will take reasonable steps to destroy or permanently de-identify Personal Information, (such as a job applicant’s resume) if it is no longer needed.
On request by a person, the Company will take reasonable steps to let the person know, generally what sort of Personal Information it is.
Holds, for what purposes, and how it collects, holds, uses and discloses that information.
Access and Correction
If the Company holds Personal Information about an individual, it will comply with legislative obligations to provide the individual with access to the information on request by the individual.
If the Company holds Personal Information about an individual and the individual is able to establish that the information is not accurate, complete and up to date, the Company will take reasonable steps to correct the information so that it is accurate, complete and up to date.
The Company will provide reasons for denial of access or a refusal to correct personal information. The Company has implemented generally accepted standards of technology and operational security in order to protect Personal Information from loss, misuse, alteration or destruction.
A person acting on behalf of the Company must not transfer Personal Information to an individual without first establishing the identity of the recipient through the use of a personal identifier and/or cross check.