Company Policy
1.Summary
1.1. This policy sets out Caring for You (C4U) Pty Ltd position in relation to the collection, storage, disclosure or transfer of employee and member information as required by the Privacy Amendment (Private Sector) Act (Cth) 2000, Health Records Act (Vic) 2001 and NSW Health Records & Information Privacy Act 2002 No. 71.
1.2. The policy refers to employees and members of Caring for You, third party paid contractors and independent contractors.
2. Privacy Statement
2.1. Caring for You recognises the importance of its employees, members, contractors and subcontractors’ privacy and understands their concerns about the security of the personal information provided to Caring for You.
2.2. Caring for You complies with the Australian Privacy Principles (APP’s) as contained in the Privacy Act (Cth) 1988, the Health Privacy Principles (HPP’s) as contained in the Health Records Act (Vic) 2001 and NSW Health Records & Information Privacy Act 2002 No.71. The Australian Privacy Principles (APP’s) detail how personal information is collected, used, stored, and destroyed and how an individual may gain access to personal information held about them.
2.3. Caring for You respects the privacy of its employees, members, contractors and subcontractors. Any personal information will only be collected with prior knowledge where possible, and no information will be disclosed to another institution or authority except if required by law or with their consent. Furthermore, Caring for You will take all reasonable steps to protect personal information from unauthorised access, improper use, or alteration.
3. Responsibility
3.1. Responsibility and authority to implement and enforce this policy is placed with Caring for You and People & Culture, however all employees, members, contractors, and subcontractors have a legal obligation to comply with this policy.
3.2. Caring for You will ensure that we:
3.2.1. Only collect personal information if it is necessary to do to provide services.
3.2.2. Does not use or disclose personal information about an individual for a purpose other than:
- The purpose for which it was collected.
- A related purpose for which it was collected.
- A purpose required or permitted by law.
- A purpose for which they have obtained the consent of the individual.
- In accordance with clause 9 of this policy.
3.2.3. Take all reasonable steps to ensure that the personal information collected, used, or disclosed is accurate and up-to-date and is protected.
3.2.4. Provide individuals with access to their personal information, except in circumstances as outlined in Clause 8 of this Policy.
3.3. Any personal information collected from third parties during recruitment or engagement for the purposes of verification of information provided, may be disclosed to a third party which may include:
- Recruitment or People & Culture service providers.
- Health professionals.
- Nominated referees.
- Any government or department body (or their agents) to verify your work rights status.
- Any person with a lawful entitlement to obtain the information.
3.4. Personal information collected during recruitment or engagement for unsuccessful candidates will be destroyed immediately. All other personal information collected will be held by the company whilst the information is required.
3.5. At the end of this period, People & Culture will dispose of the documentation in accordance with Australian Privacy Principals (APP’s) and the Health Privacy Principles (HPP’s) (where the information is health related) by either destroying or de-identifying the documentation.
4. Collecting Personal Information
4.1. In the course of the employment relationship, Caring for You collects a variety of information including personal information. Caring for You endeavours to only collect personal information that is necessary for the employment relationship and the management and administration of employees, members, contractors and subcontractors.
4.2. The type of personal information collected will depend upon the nature of the relationship between Caring for You and the individual, but at a minimum will include name, address, telephone numbers, date of birth and next of kin.
4.3. While Caring for You endeavours to collect personal information from the individual involved, in some instances Caring for You may also receive personal information about an individual from third parties. Where Caring for You receives (and retains), or use personal information from third parties, Caring for You will contact the individual involved and advise them that this information is retained while it is required for any of its functions, or for any other lawful purpose.
5. Employee Information
5.1. Caring for You collects employee records for the purpose of an employment relationship.
5.2. While Caring for You endeavours to collect personal information from the individual involved, in some instances Caring for You may also receive personal information about an individual from third parties. Where the company receives, (and retains) or uses personal information from third parties, the company will contact the individual and advise that it holds this information.
5.3. Most information held for the purposes of an employment relationship is exempt under the Privacy Act 1988 as employee records, therefore, although Caring for You is not obliged to maintain the contents of employee records under the National Privacy Principles (NPP’s) and the Privacy Act 1998, Caring for You will use its best endeavours to do so.
5.4. Employee records are defined as:
- Information in relation to a current or former employment and member relationship.
- The engagement, training, disciplining, resignation or termination of employment of an employee, member, contractor or subcontractor.
- The terms and conditions of employment of an employee, member, contractor or subcontractor.
- The employee, member, contractor or subcontractor’s performance or conduct, hours of employment, salary and wages, personal and emergency contact details.
- The employee, member, contractor or subcontractor’s membership of a professional or trade association, or trade union membership.
- The employee, member, contractor or subcontractors leave entitlements.
- The employee, member, contractor or subcontractors, taxation, banking or superannuation affairs.
5.5. Caring for You complies with the Health Privacy Principles (HPP’s) in maintaining employee and members health information contained in employee records.
6. Health Information
6.1. Where an employee or member has consented to providing health related information to the company or health information has been provided by a third party, that information shall only be disclosed to a third party in the event of an emergency to prevent or lessen a serious and imminent threat to life or health of the individual.
7. Data Security And Storage
7.1. The security of employee and member information is important. All employees and members must take reasonable steps to protect any personal information they hold from the misuse, unauthorised access, modification, or disclosure to a third party.
7.2. An employee or member holding personal information relating to another employee, client or customer, must ensure that access is not provided to a third party in breach of this policy. All reasonable efforts must be made to ensure information is stored securely both in electronic and physical forms.
7.3. Caring for You does not support the use of USB storage devices, unless encrypted and password protected. Caring for You recommends all company documents are accessed via the G Drive to ensure latest versions are being accessed and used.
7.4. Personal information is stored electronically, on paper, or both. The company has physical, electronic, and procedural safeguards for personal information and takes reasonable steps to ensure that the information is protected. Data stored electronically is protected by both internal and external firewalls, and access to electronic records is limited by passwords. Only approved staff with a password have access to all information on the system and files can be designated no access.
7.5. Personal information is stored within secure premises. Externally, the premises have several barriers to unauthorised entry including secured entry and monitored alarms. Internally, steps are taken to ensure access to personal information is limited, including storage of all personal information electronically or on occasion via locked safes within a secured office or dedicated file room.
7.6. Caring for You uses secure methods to destroy or permanently de-identify personal information when it is no longer needed. Caring for You will retain personal information while it is required for any of its functions, or for any other lawful purpose.
Computer Based Information Systems
8.1. Caring for You systems are critical assets of the company that are intended for business use. Electronic information stored on company computers, company servers, electronic files and communications stored, sent or received through company systems, are the property of Caring for You.
8.2. Caring for You has the right to intercept, divert, discard, access or review the contents of electronic communications or files or any other information created on, transmitted over or stored in company or service provider systems at any time. Caring for You may conduct reviews of computer use for several reasons, including the management of its computer resources or communication facilities, assurance of systems security, verifying compliance of users with company policies or for other business reasons.
8.3. Caring for You may specifically monitor sites visited by users on the internet, chat rooms and news groups, as well as material downloaded or loaded by users from or to the internet.
8.4. Caring for You reserves the right to disclose information related to system usage for any of the foregoing purposes, as well as to comply with or assist law enforcement officials or legal authorities.
8.5. If an employee or members personal information is discovered because of electronic communications monitoring, this personal information would not be disclosed in line with the Privacy Act 1988 and company Privacy Policies, except if required by law or with the individual’s consent.
Access To Personal Information
9.1. When an employee or member requests access to their personal information Caring for You will, in most circumstances, make available any personal information collected. Requests for access to an employee’s personal information should be made in writing to the General Manager of People & Culture. Caring for You may provide an employee or member with this information verbally or in writing, as may be appropriate. In some instances, an employee or member may be permitted to review their personnel file while accompanied by a representative from our People & Culture team.
9.2. Caring for You will take reasonable steps to amend or correct personal information to keep it accurate and up to date. Employees and members should notify People & Culture of any changes to personal information.
9.3. Caring for You will respond to requests for access to personal information within 5 days of receipt of the written request.
9.4. Requests for access to personal information must include the employee or members name and address and identify the information the individual is seeking.
Refusal Of Access To Your Personal Information
10.1. In certain circumstances the General Manager of People & Culture may refuse an employee or member access to their personal information. These could be in circumstances where:
- There could be an unreasonable impact on the privacy of others.
- The information relates to legal proceedings.
- The information would reveal commercially sensitive decision-making process.
- Providing access to the information would prejudice certain investigations.
- Caring for You is required by law not to disclose the information.
10.2. Where Caring for You does not agree to provide an individual with details of personal information, the company will provide reasons why.
11. Disclosure And Transfer Of Information
11.1. Caring for You will not transfer personal information outside of Australia unless:
- It is necessary for the employment relationship and to provide necessary services, provided Caring for You believes on reasonable grounds that the organisation involved will only deal with personal information in a similar manner to the requirements under the Australian Privacy Principals (APP’s) and in the case of health information, the Health Privacy Principles (HPP’s).
- The employee or member has provided their consent (including for the purposes set out in this Policy, by the individual acknowledging and signing this Policy.
- Where otherwise allowed by the Privacy Act 1998 and the Health Records Act 2001 Vic and NSW Health Records & Information Privacy Act 2002.
- The information is provided to other related entities, which deal with personal information in a similar manner to the requirements under the National Privacy Principles (NPP’s) and, in the case of health information, the Health Privacy Principles (HPP’s).
11.2. Caring for You may disclose personal information to third parties, including third parties outside Australia for:
- The purpose for which it was collected
- A related purpose that the individual would reasonably expect.
- A purpose required or permitted by law.
- A purpose for which Caring for You has obtained the consent of the employee, member, contractor or subcontractor (including for the purposes set out in this Policy, by the individual acknowledging and signing this Policy).
- The purposes of payroll management, administration and superannuation plan administration.
12. Breaches Of This Policy
12.1. An employee, member, contractor or subcontractor found to be in breach of this Policy may be subject to disciplinary action that may result in:
- A formal warning being issued; or
- Summary dismissal (see Code of Conduct Policy).
13. Privacy Concerns
13.1. If you have any queries or concerns about your personal information, or would like to make a complaint, please contact the General Manager of People & Culture at Caring for You.
14. Policy Review
This policy will be reviewed on a biennial or as required basis by the General Manager of People & Culture. Any proposed changes to this policy must be approved by the CEO’s.