Privacy Policy
Privacy Policy
1. Aim of Policy
To ensure that all staff are aware of what information is collected by Watertight in respect of both employees and clients and to ensure everyone is aware of their obligations and responsibilities in respect of this information.
This policy is based on the 13 Australian Privacy Principles
1. Open and transparent management of personal information
2. Anonymity and Pseudonymity
3. Collection of Solicited Personal Information
4. Dealing with unsolicited personal information
5. Notification of the Collection of personal information
6. Use or disclosure of personal information
7. Direct Marketing
8. Cross-border disclosure of personal information
9. Adoption, use or disclosure of government related identifiers
10. Quality of personal information
11. Security of personal Information
12. Access to personal information
13. Correction of Personal Information
2. Company Commitment
Watertight is committed to ensuring that the information it collects about its employees and clients during the course of normal business operations is of an essential nature to the business and is used and stored consistently and responsibly.
As part of this commitment, Watertight requires that all staff comply with this policy at all times and treat any personal information handled in the course of their employment in a way that respects individuals’ privacy rights. You must:
• Refrain from gossip about personal details concerning others;
• Collect and handle personal information in accordance with this policy and
• Take reasonable steps to protect personal information in your care from misuse, loss, unauthorised access, modification and disclosure.
3. Background
Under current legislation, Watertight must adhere to the provisions in the Privacy Act 1988 (Cth) (the Privacy Act) including the related National Privacy Principles (NPPs) that affect all Australian private sector organisations. The legislation exists to ensure that information about people is handled consistently and responsibly as well as giving people some control over the way their personal information is handled. This policy provides the basic guidelines to deal with both internal and external personal information.
POL-031 Information Classification and handling provides guidance on both classification and handling of information.
4. Collection of Information
We may only collect personal information that is necessary for our business functions and activities, or to comply with legal or regulatory obligations. Any of the personal information collected will be used for the primary purpose for which it was collected – ie: the compilation of an accurate client database that allows us to contact and invoice our clients and pay contractors. This informationmay also be used for the related secondary purpose of marketing directly to existing clients.
5. Use of Information
Watertight does not disclose any personal information concerning our clients/relevant external parties to any other organisations. The only reasons we would disclose personal information without first obtaining consent would be in instances where the use is required or authorised by law. In such cases, the use of personal information must be authorised by the General Manager.
6. Access to Personal Information
Clients
Persons other than Watertight employees (e.g. client representatives, clients’ employees, job applicants, contractors etc) may have the right to access any personal information that we hold about them. There are exceptions to their general right of access and they are the same as those that relate to employees – refer below.
In Summary
If a client or external party asks how our privacy policy affects them, you should explain that:
• No sensitive information is ever collected about them
• The private information collected about them is restricted to their work contact details (job title, address, telephone, fax and email) as these are needed in order for us to be able to successfully provide them with our services and for subsequent invoicing/payment of bills
• While we may use their details so that we can market directly to them about the company, we always offer them the option not to receive such marketing materials in future.
Employees (and also clients/external parties) generally have the right to access any personal information that is held about them. However, the extent to which access is granted to an employee will depend on the circumstances, business needs and management discretion. Exceptions, albeit rare, to the general right of access to personal information include situations where:
• Providing access would pose a serious and imminent threat to the life or health of any individual
• Providing access would have an unreasonable impact upon the privacy of other individuals (e.g. information about other individuals is included on a file)
• The request for access is frivolous or vexatious
• The information relates to existing or anticipated legal proceedings where the information would not otherwise be discoverable
• Providing access would reveal the intentions of the organisation in relation to negotiation with the individual in such a way as to prejudice these negotiations
• Providing access would be unlawful, prejudice law enforcement and/or prejudice investigations of possible unlawful activity
• Denying access is required by law.
7. Employee Information Collected
As part of the ongoing employment relationship that exists between you and the company, Watertight needs to collect and store a variety of personal information about you. The following is a list of this information along with a description as to why it is collected, who has access to the information, who you should notify if the details change and the ramifications to you if the information is not provided.
8. Confidential Information
‘Confidential Information’ includes, but is not limited to, any information concerning the business, people, finances, operations, clients, techniques or methods of The Company, Intellectual Property Rights or any other of The Company’s’ proprietary rights, including trade connections or transactions of The Company, or any information disclosed or otherwise obtained by The Company under an obligation of confidentiality to a third party.
You agree that you will not directly or indirectly, whether as an employee, employer, partner, shareholder, director, consultant, supplier, or otherwise, make use of or disclose Confidential Information otherwise than in the normal course of your employment with The Company.
These obligations must be observed by you during your employment and continue after your employment with The Company has ceased. A breach of this term will constitute serious misconduct.
9. Workplace Surveillance
The Company may undertake workplace surveillance including surveillance of e-mails, texts and internet use on company property including company phone numbers and email addresses. In accordance with our Technology Usage Policy and Social Media policy logs and records will be made of all use and all incoming and outgoing correspondence through our IT network. The Company also undertakes permanent camera surveillance of all factory and office areas. Surveillance images are monitored and may be accessible by all senior management 24 hours, 7 days per week. The Company track all company owned and leased vehicle movements through GPS tracking and your vehicle (if provided with one) will be under constant GPS tracking surveillance and may be used to verify your location and times for company related purposes.
10. Employee Records Privacy Exemption
Employee records are currently exempt under the Federal Privacy Laws. This means that although the legislation prohibits an employer, for example, from selling personal information from employee records to direct marketing organisations, it does not prohibit them from disclosing employee records to relevant third party organisations such as the ATO, Superannuation Funds, Workers Compensation Insurers (if applicable) etc.
11. Complaints Procedure
If you have any concerns about the way in which your personal information is being handled, or you believe that there has been an interference with the privacy of personal information, please speak to your manager or the Managing Director. Individuals found to have breached this policy will be subject to appropriate disciplinary action, which may include dismissal.