CIVIL FORM GROUP (CIVILFORM) does from time to time collect personal information relating to clients, contractors and employees alike.
The purpose of this policy is to protect the privacy of individuals and organisations about whom CIVILFORM collects and/or holds information.
This policy outlines the guidelines which must be observed when collecting, storing and using personal and confidential information.
This document is designed to assist CIVILFORM in considering ways in which it can protect other people’s personal information. It also provides a broad overview of some of the rights afforded to individuals and obligations required of organisations under the Privacy Act 1988 (Cth).
Policy Procedure / Clarification
- Lawful – when CIVILFORM collects personal information, the information must be collected for a lawful purpose, and it must be collected by lawful and fair means. It must also be reasonably necessary for one or more of CIVILFORM’s business functions or activities.
- Direct – as far as is reasonable and practical, information must be collected directly from the individual, unless they have given consent otherwise. Parents and guardians can give consent for minors.
- Open – CIVILFORM must inform why the information is being collected, and who will be storing and using it. CIVILFORM should also advise how it can be viewed.
- Relevant – CIVILFORM must ensure that the information is relevant, accurate, up-to-date and not excessive. The collection should not unreasonably intrude into personal affairs.
- Unsolicited – Unsolicited information will be either de-identified or disposed of immediately.
- Examples – Personal information collected may include, but is not limited to: name, address, date of birth, driver’s licence, tax file number, bank account details, insurance details, registration certificates or training records.
- Secure – information must be stored securely, not kept any longer than legally necessary, and destroyed or de-identified when no longer required for the purpose it was collected. It should be protected from unauthorised access, use or disclosure. As such all subcontractor, personnel and client files must be kept in individual files and stored securely, to avoid unnecessary disclosure of private information. Storage may be as a hardcopy and/or an electronic file saved in the company’s server.
- Transparent – CIVILFORM must provide enough details about what personal information they are storing, why they are storing it and what rights are given to access it.
- Accessible – CIVILFORM must allow access to personal information without unreasonable delay or expense and in harmony with restrictions and standards provided in the Privacy Act 1988 (Cth).
- Correct – CIVILFORM encourages and welcomes individuals to correct or update their personal information.
- Accurate – CIVILFORM will ensure that information is up to date, accurate and complete when collected and up to date, accurate, complete and relevant when used.
- Limited – CIVILFORM will only use information for the purpose for which it was collected, for a directly related purpose, or for a purpose to which you have given your consent. It can also be used without your consent in order to deal with a serious and imminent threat to any person’s health or safety.
- Restricted – CIVILFORM will only disclose your information for another unrelated purpose with your consent or if you sign a consent to disclose. Your information can also be used without your consent in order to deal with a serious and imminent threat to any person’s life, health or safety.
- Safeguarded – CIVILFORM will not disclose your sensitive personal information without your consent, for example information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, health or sexual activities or trade union membership. It can only disclose sensitive information without your consent in order to deal with a serious and imminent threat to any person’s life, health or safety.
- Direct Marketing – CIVILFORM will not disclose personal information to any person/s or business involved in direct marketing.
- Disclosure to overseas recipients – CIVILFORM will not disclose personal information to any person or business outside Australia or its territories.
- Hardcopy – CIVILFORM will ensure that all hardcopies [paper] of personal information are shredded and disposed of in a secure manner once the retention period has expired.
- Electronic records – CIVILFORM will ensure that all electronic files containing personal information are deleted securely and permanently once the retention period has expired.
Responsibilities for managing privacy
- Responsibilities for the management of personal information are the domain of any individual within CIVILFORM with access to, or responsibilities for, such information. However CIVILFORM promotes specific responsibilities to certain individuals / positions. Those individuals will then be in a position to ensure that all staff are suitably instructed as to their obligations in relation to the protection and handling of personal information. This instruction can be provided directly through training or the introduction of policies and procedures.
- Any concerns over personal privacy matters can be directed to either the Human Resources Officer or a Company Director.
- CIVILFORM will investigate all concerns raised in relation to breaches of this Policy and the Australian Privacy Principles found in the Privacy Act 1988 (Cth). Any recommendations resulting from such an investigation will be applied through, but not limited to, the issuing of bulletins and staff training.