2. We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. This commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated.
3. This policy applies to any person for whom we currently hold, or may in the future collect, personal information.
4. This policy does not apply to acts and practices which relate directly to the employee records of our current and former employees.
5. In broad terms, ‘personal information’ is information or opinions relating to a particular identifiable individual. Information or opinions are not personal information where they cannot be linked to a particular individual.
6. We manage the personal information we collect by:
(a) providing team members training on privacy issues;
(b) implementing procedures such as providing privacy statements when dealing with a client’s personal information;
(c) regularly reviewing our privacy compliance, including privacy audits;
(d) implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information and security cards to access on-site information; and
(e) appointing a designated privacy officer to monitor privacy compliance and be a contact for any privacy complaints and access or correction requests.
7. Generally, the types of information that we may collect and hold include:
(a) contact information;
(b) financial information;
(c) business circumstances;
(d) employment history;
(e) date and place of birth;
(f) insurance history;
(g) banking and credit card details;
(h) driver’s licence and other photographic information; and
(i) information otherwise required by law.
8. Sensitive information is a subset of personal information and includes personal information that could have serious ramifications for the individual concerned if used inappropriately.
9. We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.
10. Where reasonable and practicable, we will collect personal information directly from the individual to whom the personal information relates.
11. We hold personal information:
(a) physically, on our premises;
(c) through internal servers and websites; and
(d) on electronic storage devices, including DVD and USB.
12. We will take all reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
13. Some of the methods we use to store and secure information include:
(a) using unique usernames, passwords and other protections on systems that can access personal information;
(b) restricting access to information on a “needs to know basis”.
14. We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is to enable us to assess credit eligibility.
15. In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.
16. Personal information may also be used or disclosed by us for secondary purposes which are within the individual’s reasonable expectations and related to the primary purpose of collection.
17. For example, we may use personal information for the following secondary purposes:
(a) To process payment of invoices.
18. We will only disclose personal information to third parties with the relevant individual’s consent or if the disclosure is permitted by the Privacy Act.
19. We do not disclose personal information to overseas recipients.
20. The main kind of credit information we collect is an individual’s identification information.
21. We do not collect an individual’s credit information from credit reporting bodies, banks or other credit providers unless or we have been expressly authorised to do so. If we have been given such authorisation, we may request and be given (and subsequently hold) the following other kinds of credit information:
(a) information about any credit that has been provided;
(b) repayment history;
(c) information about overdue payments;
(d) if terms and conditions of credit arrangements are varied;
(e) if any court proceedings have been commenced in relation to the individual’s credit activities;
(f) information about any bankruptcy or debt agreements;
(g) any publicly available information about credit worthiness; and
(h) any information about whether an individual may have fraudulently or otherwise committed a serious credit infringement.
22. Other sources we may collect the credit information from include:
(a) banks and other credit providers; and
(b) an individual’s suppliers and creditors.
23. We store and hold credit information in the same manner as outlined in paragraph 13 above.
24. Our usual purpose for collecting, holding, using and disclosing credit information is to enable us to assess credit eligibility.
25. We will not disclose an individual’s credit information to overseas entities unless expressly requested, apart from the extent that it is necessary or desirable to make such a disclosure to obtain payment of money owed to us.
26. An individual can access and correct his/her credit information, or complain about a breach of privacy in the same manner as set out in paragraphs 28 to 36 of this policy.
27. It is important the information we hold about individuals is up-to-date. Individuals should contact us if their personal information changes.
28. Individuals may request access to the personal information we hold or ask for their personal information to be corrected.
A request by an individual to access or correct personal information about the individual must be made to the following contact officer:
29. We will grant an individual access to their personal information as soon as possible, subject to the request circumstances.
30. In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.
31. We may deny access to personal information if:
(a) the request is impractical or unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) there are other legal grounds to deny the request.
32. We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
33. If an individual is able to establish that personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
34. If a person wishes to complain about an alleged privacy breach, they must follow the following process:
(a) The complaint must be firstly made to us in writing.
(b) We will have a reasonable time to respond to the complaint.
35. In the unlikely event the privacy issue cannot be resolved between us and the individual, the individual may take their complaint to the Office of the Australian Information Commissioner.
A person can complain about a breach of privacy by contacting us using the contact details below: