Privacy Policy.
1. Aims and Objectives
The Dowdens Group is committed to meeting statutory obligations regarding the Information Privacy Principals extracted from the Privacy Act 1988.
The objective of this policy is to outline how personal information is used, collected, stored and controlled within the Dowdens Group. It will also state how violations of this policy will be managed.
Personal Information is information or an opinion relating to an individual which can be used to identify that individual.
Due to an exemption in the Privacy Act 1988, this Policy does not apply to the Dowdens Group’s treatment of an employee record, where that treatment is directly related to the current or former employment relationship between Dowdens Group and the individual.
2. Who do we collect information from?
The type of information we may collect and hold includes (but is not limited to) personal information about:
• Employees and prospective employees
• Suppliers and their employees
• Customers and their employees
• Contractors and prospective contractors
• Partner Organisations
• Directors
• Officers of Government departments
• Other people who come into contact with us
3. What personal information do we collect?
In general, the type of personal information the Dowdens Group collects and holds includes (but is not limited to):
• Names
• Physical and postal addresses
• Contact details
• Medical information
• Training records/qualifications
• Date of birth
• Salary details
• Bank and credit details
• Tax file numbers
• Licence numbers
• Employment history
• Other information which may assist us in providing our services
4. Method of collection
The method of collection will generally be by way of:
• Forms filled out by people
• Resumes, job applications
• Face-to-face meetings / conversations
• Interviews
• Business cards
• Telephone conversations
• Electronic mail
• Surface mail
• Air mail
• Dowdens Group Websites
• Competitions
• Direct marketing campaigns
• Social Media
5. Guidelines
The Dowdens Group only obtain information in order to perform its core business activities and functions and to meet legal obligations. The information that we collect, must be collected lawfully and in a fair way that cannot be seen as unreasonable intrusive. This information should be kept accurate, stored securely and destroyed when it’s no longer required.
5.1.Purpose for which we collect and use your information
Information may be used and disclosed for the primary purpose for which it was collected and for other reasonable purposes which relates to the primary purpose and in any other circumstances authorised by the Privacy Act 1988. Generally the following are applicable:
• Perform the core business activities (Sales and Services)
• Complying with legislative and regulatory requirements
• Administrative functions
• Customer satisfaction and research
• Marketing purposes in terms of informing you about our products, services and events
• Health and safety
• Help manage and enhance our services
• Internal communication campaigns
5.2.Personal information disclosed to third parties
We will not intentionally disclose (we will also take reasonable steps commercially to prevent accidental disclosure of) your personal information to third-parties, whether for such third parties marketing purposes or otherwise, subject to the following exceptions:
• We are required by legislation, laws and regulations of any nation, state or other applicable jurisdiction
• We may disclose information to third parties who deliver products and information from us to you (such as couriers and the like)
• We may disclose your personal information with your permission to third parties
• We may disclose your personal information in the course of litigation or in avoiding anticipated litigation, but only to the extent necessary to do so
• Should we merge or sell a major part of our assets or equity to a third-party, personal information may be disclosed to and owned by the merged entity or third party
5.3.Sending information overseas
We will not send your personal information to recipients outside of Australia without:
• Obtaining your consent (in some cases this consent will be implied); or
• Otherwise complying with the National Privacy Principles.
5.4.Sensitivity
Some personal information which we collect is ‘sensitive information’. Sensitive information includes:
• Information relating to a person's racial or ethnic origin
• Political opinions
• Religion
• Trade union or other professional or trade association membership
• Sexual preferences
• Date of Birth
• Criminal record and
• Health or genetic information about an individual
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (e.g. where required by law).
5.5.Management of personal information
The National Privacy Principles require us to take reasonable steps to protect the security of personal information. We are required to respect the confidentiality of personal information and the privacy of individuals. We take steps to protect personal information held from misuse and loss and from unauthorised access, modification or disclosure (e.g. by use of physical security and restricted access to electronic records). Where we no longer require your personal information for a permitted purpose under the National Privacy Principles, we will take reasonable steps to delete, de-identify or destroy it.
5.6.Accurate and up-to-date information
Dowdens Group endeavours to ensure that the personal information it holds is accurate, complete and up todate.
• We encourage you to contact us in order to update any personal information we hold about you
• Employees are able to gain access to their personal information and can update their details by contacting the People, Performance and Training Department.
5.7.You have the ability to gain access to your personal information
Subject to the exceptions set out in the Privacy Act 1988, you may gain access to the personal information which Dowdens Group holds about you by contacting us. We will require you to verify your identity and to specify what information you require. However, in the case of personal information we collect from our clients for the purposes of providing our services to those clients, access to that personal information will usually be the responsibility of the relevant
client.
6. General Outline for Dowdens Group Staff to Ensure Compliance with Privacy Legislation
A duty of confidentiality extends to all records and information on current and former customers and staff. Staff must not divulge information concerning a customer to anyone other than the customer, unless the customer has requested in writing the release of the information. Dowdens Group must have a policy document outlining its information handling practices and make this available to anyone who asks. As customers may see comments or remarks on files or correspondence you must not make frivolous or derogatory notations on any records. Stick to factual statements and no damage or embarrassment will result. Security of information extends to the field, home office and dynamic office environment. Where arrangements exist for Dowdens Group employees to conduct work outside of Dowdens Group buildings, the employee is to ensure security is sufficient to prevent unauthorised access to information.
6.1.Guidelines for Compliance:
• Check fax numbers carefully to avoid unintentionally sending a fax message containing customer information to the wrong number
• Make sure you effectively destroy waste paper which contains customer information
• Dispose of old records in a secure way
• Do not disclose information to outside parties
• Be especially careful when being asked for information from family members of the customer
• Do not act on any changes unless notified in writing with the authorisation signed and dated
• Never discuss information in public places, especially where there is a risk of being overheard
• Do not provide information over the telephone unless the person has been correctly identified
• Lock unattended vehicles containing work related documentation or electrical equipment such as laptops
• Password-protect mobile phones
• Avoid retaining hard copies of work related documentation in the home environment
• If hard copy documentation is retained in the home environment, ensure it is stored securely to prevent access by unauthorised individuals
• If issued with Information Technology equipment for off-site use (e.g. laptops, e-mail enabled mobile phones), ensure to comply with Dowdens Group’s electronic security measures such as user ID’s and passwords.
7. Sanctions and Breach of Policy
Dowdens Group Staff who violate this policy will be in breach of the Dowdens Group Code of Conduct and the Privacy Act 1988 and may be subject to disciplinary action up to and including termination of employment.
Breach of the Privacy Act may:
• Embarrass customers, suppliers, employees and could result in legal action
• Attract unfavourable publicity
• Damage our brand and create unease about our ability to keep customer information secure
8. Review of Policy
The Privacy Policy is available for all staff to view and download from the Dowdens Group Knowledge Base. This policy will be monitored on a regular basis to ensure it remains current and practical to the Dowdens Group and continues to align with relevant legislation.
_________________________
Steven Dowden
General Manager
End Notes and References
• Privacy Act 1988.
• Australian Privacy Principles
• Information Privacy Principles
• Dowdens Group Code of Conduct
• Recruitment Privacy Statement
While every effort is made by the Dowdens Group to ensure information in our Code of Conduct is current and compliant with legislation at the time of writing, changes in information and related materials are subject to variation without notice.