Scope
Who does this policy apply to?
This policy applies to any individuals in respect of whom the Company currently holds, or may in the collect, personal information, including clients. The Company will be fair and open about the way we collect information about you and what we intend to do with the information we collect
What information does this policy refer to?
This Policy applies to personal information and sensitive information.
What is personal information?
“Personal Information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.
Sensitive Information
In this Policy there are also references to sensitive information, which is a subset of personal information. “Sensitive Information” is information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a Trade Union, sexual orientation or practices, criminal record, or health, genetic or biometric information.
What is not personal information?
Information where the Company has removed any references to a person, so that the person cannot be reasonably identifiable from the information, is not personal information.
The Company may use this information for its own purposes and gain. For example, that fact that x jobseekers aged 20-40 have accessed our services, is not personal information.
Collection of personal information
The Company collects information in a variety of ways in the course of running our business, including:
- Providing services to job seekers, trainees and other parties;
- Engaging suppliers, contractors, labour hire workers and other personnel;
- Responding to questions about our services and our business;
- Responding to complaints and enquiries via our online complaints process;
- Interacting with people via our website or via social media and related platforms;
- Conducting trade promotions and information sessions;
- Via security processes at our sites including our sign in registers
The kinds of personal information that the Company collects and holds depends on the circumstances, but can include names, addresses and other contact details, details about a person’s work experience and other qualifications, date of birth, driver’s licence details, bank account details and photographs.
Means of collection
The Company collects most personal information directly from the person unless the person consents to the collection of information by someone else other than them, or the Company is required or authorised under Australian law, or a court/tribunal order, to collect the information from someone other than the individual. Third parties may also share information with us about people, including the Government, Centrelink and other related parties. Where reasonable and practicable, the Company will collect personal information directly from you and inform you that this is being done.
At or soon after the time when the Company collects personal information, the Company will take reasonable steps to ensure that the person is aware of:
- the collection;
- the purpose of the collection;
- the main consequences (if any) if the information is not collected;
- the types of organisations (if any) to which the information may be disclosed (including those located overseas);
- any law that required the particular information to be collected; and
- the fact that this Policy contains details on access, correction and complaints.
Personal information collected by the Company is held in a variety of formats including hardcopy and on our computer systems.
If the Company received socilitated information (personal information that the Company has not requested) and the Company determines that they could not have collected this information, if requested, under the Australian Privacy Principles, and the information is not contained in a Commonwealth record, the Company shall destroy or de-identify the information if it is lawful and reasonable for the Company to do so.
Where practicable, you may deal with the Company anonymously or by pseudonym, however in some circumstances, this may not be practicable and the Company may need to request personal information.
Collection of sensitive information
The Company only collects, holds and handles information about you that is necessary for the Company to perform the services that are requested of the Company, that is otherwise reasonably necessary for business activities or if required by an Australian law or court. The Company will not collect sensitive information unless the person to whom it relates consents to the collection and, the information is reasonably necessary for one or more of the Company’s business functions or activities. The exception to this is where collection is required or authorised by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) life or health or is necessary in relation to legal proceedings (current, anticipated or potential), or another permitted exception in the Act applies.
Cookies
The Company uses ‘cookies’ and other similar technologies in electronic communications to help us collect information about the way you interact with our content online and help the Company to improve your experience when visiting the Company website.
Cookies are data files that your browser places on your computer or device. They remember the type of browser that the visitor is using and which additional browser software the user has installed. They remember preferences such as languages and region, which remain as your default settings when you next revisit the website. The cookies also allow the user to rate pages and fill in comment forms on the website.
Cookies cannot collect any information stored on your computer or files. Users can visit www.allaboutcookies.org for more information and details on how to delete or reject cookies.
Additional information regarding credit information
In connection with the operation of the Company, including within our Labour Hire business FastTrack employees, the Company collects and uses credit information of individuals.
The types of credit information that the Company collects and uses for the purposes of assessing an application for credit include:
- names, addresses and other contact details of account holders and guarantors (both prospective and current);
- bank account details
- driver’s licence details
- financial information
Such information is collected from the relevant individual and from credit reporting bodies, as well as from publicly available information. The Company uses the information collected to create an internal credit assessment report.
The Company does not disclose credit information to credit reporting bodies, except for an individual’s identity in order to obtain a credit check from the credit reporting body.
Use or disclosure of personal information
The use to which the Company can put personal information depends on the reason for which it was collected. The Company may use personal information for its primary purpose of collecting the information, or for a related secondary purpose that we could reasonably be expected to use the personal information for.
The Company respects the privacy of personal information and will take reasonable steps to keep it strictly confidential.
The Company will disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose if the disclosure could be reasonably expected. Where such disclosure is necessary, the Company will require that the third party undertake to treat the personal information in accordance with the APP.
Otherwise, the Company will only disclose personal information to third parties without the consent of the person to whom the information relates if the disclosure is:
- necessary to protect or enforce Asuria Training’ rights or interests or to defend any claims;
- necessary to prevent or lessen a serious threat to a person’s health or safety;
- required or authorised by law;
- permitted by another exception in the Act
If the Company uses or discloses personal information to third parties in accordance with the above, the Company must make a written note of the use of disclosure. The Company may disclose personal information to a related Asuria Training company in Australia or overseas, subject to the provisions of the Act. In such circumstances, the related company will only use the personal information for the same purposes that the disclosing Asuria Training Company is authorised to use the personal information for and take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Direct Marketing
Under no circumstances shall the Company sell personal information.
Information Security
The Company will take all reasonable steps to ensure that all personal information held by the Company is secure from any unauthorised access or disclosure. The Company stores personal information in archive systems for a period the Company considers reasonable depending on the primary purpose for which the information was collected. Only properly authorised people who have a need to access personal information to perform their job will be able to see or use that information.
Personal information will be de-identified, destroyed (such that it cannot be re-identified at a later date) or returned to relevant funding bodies as per any Records Management Instructions or Guidelines.
The Company will ensure that its employees receive training about the management of personal information relevant to their respective roles and responsibilities in accordance with the Company’s Information Security Policy.
Adoption of government related identifiers
The Company will not adopt a government related identifier of an individual as its own identifier of the individual unless the adoption of the government related identifier is required or authorized by or under an Australian law or court/tribunal order.
The Company will not use or disclose a government related identifier of an individual unless:
- the use or disclosure of the identifier is reasonably necessary for the organisation to verify the identity of the individual for the purposes of the organisation’s activities or functions; or
- the use or disclosure of the identifier is reasonably necessary for the organisation to fulfil its obligations to an agency or a State or Territory authority; or
- any other exception provided for in subclause 9.2 and 9.3 of the Act
Accessing personal information
A person may request to access personal information about themselves held by the Company. Such a request must be made in writing and addressed to the Asuria Training Privacy Officer at the address below:
Asuria Training Privacy Officer
Level 17, Tower A, 821 Pacific Highway, Chatswood NSW 2067
Dealing with requests for access
The Asuria Training Privacy Officer, or delegate of the Company, must respond to the request for access to personal information within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Refusal to give access
If the Company refuses to give access to the information, or to give access in the manner requested by the individual, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators,
- and take steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
Correction to personal information
The Company will take reasonable steps to ensure the accuracy and completeness of the personal information they hold. However, if the Company is satisfied that, having regard to a purpose to which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or the individual requests the Company to correct the information, the Company must take steps (if any) as are reasonable in the circumstances to correct the information to ensure, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. If a person believes that any personal information that the Company holds about them is inaccurate or out of date, then they should contact the Asuria Training Privacy Officer.
If the Company corrects personal information and the individual requests the Company notify a third party of the correction; the Company must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
If the Company refuses to correct personal information, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators
Complaints
If a person wishes to complain about any breach by the Company of this policy, the Australian Privacy Principles, Privacy Act or another code or law which binds the Company (if any), a complaint may be lodged in writing by post or email to the address provided, addressed to the Asuria Training Privacy Officer.
Asuria Training Privacy Officer
Level 17, Tower A, 821 Pacific Highway, Chatswood NSW 2067