THE COMPANY is an `organisation’ within the meaning of the Privacy Act 1988 (Commonwealth). The Privacy Act regulates how organisation’s collect, use, keep, secure and disclose personal information.
This policy aims to ensure that THE COMPANY holds information about people responsibly.
1.1. Privacy compliance
This policy is to comply in all respects to privacy obligations.
This policy is binding on THE COMPANY as an organisation and all staff associated with THE COMPANY.
Under the Privacy Act 1988 personal information is defined as:
‘information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.’
Within this definition there is no distinction as to the source of the information or the forms in which it is held. It is personal information whether it is provided by an individual, an organisation or generated by THE COMPANY.
1.3. Collection, use and control of personal information
THE COMPANY collects and uses personal information:
- only where it is necessary
- when collecting personal information, will do so only by lawful and fair means and not in an unreasonably intrusive way
- when collecting information that is regarded under the Privacy Act as sensitive or health information, will collect it only from the person concerned and with his or her consent at or before the time WHS general induction (online) to be completed
- collect personal information (or if that is not practicable, as soon as practicable thereafter) will provide the person it concerns with a statement outlining basic facts about us and information handling practices as required by the Privacy Act take reasonable steps to ensure that the personal information the COMPANY collect, store, use or disclose is accurate, complete and up to date will take reasonable steps to protect personal information from misuse and loss, and unauthorised access, modification and disclosure in accordance with this Policy and the Privacy Act.
1.4. Storage of collected information
The security of personal information is important to the COMPANY.
When sensitive information (such as credit card numbers) is entered, the COMPANY encrypt that information using secure socket layer technology (SSL). When Credit Card details are collected, the COMPANY simply pass them on in order to be processed as required.
The COMPANY will never permanently store complete Credit Card details. The COMPANY follows generally accepted industry standards to protect the personal information submitted to the COMPANY, both during transmission and once when it is received.
When purchasing a product or service from the COMPANY, it may be requested that certain personally identifiable information is provided.
Information that may be requested may include name, email, postal address, and financial information. The COMPANY may use this information for billing purposes and to fill orders.
1.6. Requests for access to and correction of personal information
Anyone who has provided information to the COMPANY has a right of request access or copies of the personal information that held on file. These requests must be done in writing to the COMPANY or contacting the COMPANY during usual office hours.
If such a request is made, the COMPANY may ask for a form to be completed .There is no charge for lodging a request for access to information, but the COMPANY may make a small charge for the time involved in providing this access and for associated costs such as photocopying.
Access may be withheld, or provided in particular ways, where the Privacy Act allows this to be done. If the personal information the COMPANY holds is out of date, incomplete or inaccurate, please advise the suitable departments as soon as possible.
The COMPANY will correct any incorrect personal information and will not refuse to make a correction without providing suitable reasons.