Privacy

Company Policy

1. Summary

1.1. This policy sets out the Company's position in relation to the collection, storage,
disclosure or transfer of employee information as required by the Privacy Amendment
(Private Sector) Act (Cth) 2000 and the Health Records Act (Vic) 2001.

1.2. All employees of Caring for You (“the Company”), third party paid contractors,
Independent Contractors.

2. Privacy Statement

2.1. The company recognises the importance of its employees' and contractor’s privacy and
understands their concerns about the security of the personal information they provide
to us. The company complies with the National Privacy Principles (“NPP’s”) as contained
in the Privacy Act (Cth) 1988 and the Health Privacy Principles ("HPP's") as contained in
the Health Records Act (Vic) 2001. The NPP’s detail how personal information is
collected, used, stored and destroyed and how an individual may gain access to personal
information held about them. The HPP's detail how health information is collected, used,
stored and destroyed and how an individual may gain access to personal information
held about them.

2.2. The company respects the privacy of its employees. Any personal information will only
be collected with their prior knowledge where possible and no information will be
disclosed to another institution or authority except if required by law or with their
consent. Furthermore, the company will take all reasonable steps to protect their
personal information from unauthorised access, improper use or alteration.

3. Responsibility

3.1. Responsibility and authority to implement and enforce this Policy is placed with Human
Resources, however all employees have a legal obligation to comply with this Policy.

3.2. The Human Resources Department will ensure that it:

    • Only collects personal information if it is necessary to do so;
    • Only collects personal information that is considered necessary to provide
      services;
    • Does not use or disclose personal information about an individual for a purpose
      other than:
      • The purpose for which it was collected;
      • A related purpose for which it was collected;
      • A purpose required or permitted by law;
      • A purpose for which they have obtained the consent of the individual;
      • In accordance with clause 9 of this policy;
    • Takes all reasonable step to ensure that the personal information collected, used
      or disclosed is accurate and up-to-date and is protected;
    • Provides individuals with access to their personal information, except in
      circumstances as outlined in Clause 8 of this Policy.

3.3. Any personal information collected from third parties during recruitment or engagement
for the purposes of verification of information provided, may be disclosed to a third party
which may include:

    • Recruitment or Human Resource service providers;
    • Health professionals;
    • Insurers;
    • Nominated referees.

3.4. Personal information collected during recruitment or engagement for unsuccessful
candidates will be destroyed immediately. All other personal information collected will
be held by the company whilst the information is required.

3.5. At the end of this period, Human Resources will dispose of the documentation in
accordance with NPP's and the HPP's (where the information is health information) by
either destroying or de-identifying the documentation.

4. Collecting Personal Information

4.1. In the course of the employment relationship, the company collects a variety of
information including personal information. The company endeavours to only collect
personal information that is necessary for the employment relationship and the
management and administration of employees.

4.2. The type of personal information collected will depend upon the nature of the
relationship between Caring for You and the individual, but will include name, address,
telephone numbers, date of birth and next of kin.

4.3. While the company endeavours to collect personal information from the individual
involved, in some instances Caring for You may also receive personal information about
an individual from third parties. Where the company receives (and retains), or use
personal information from third parties, the company will contact the individual involved
and advise them that this information is retained while it is required for any of its
functions, or for any other lawful purpose.

5. Employee Information

5.1. The company collects employee records for the purpose of an employment relationship.

5.2. While the company endeavours to collect personal information from the individual
involved, in some instances Caring for You may also receive personal information about
an individual from third parties. Where the company receives, (and retains) or uses
personal information from third parties, the company will contact the individual and
advise that it holds this information

5.3. Most information held for the purposes of an employment relationship is exempt under
the Privacy Act as employee records, therefore, although Caring for You is not obliged to
maintain the contents of employee records under the NPP's and the Privacy Act, Caring
for You will use its best endeavours to do so.

5.4. Employee records are defined as:

    • Information in relation to a current or former employment relationship;
    • The engagement, training, disciplining, resignation or termination of employment
      of an employee;
    • The terms and conditions of employment of an employee;
    • The employee’s performance or conduct, hours of employment, salary and wages,
      personal and emergency contact details;
    • The employee’s membership of a professional or trade association, or trade union
      membership;
    • The employee’s leave entitlements;
    • The employee’s taxation, banking or superannuation affairs;

5.5. The company complies with the HPP's in maintaining employee’s health information
contained in employee records.

6. Health Information

6.1. Where an employee has consented to providing health related information to the
company or health information has been provided by a third party, that information shall
only be disclosed to a third party in the event of an emergency to prevent or lessen a
serious and imminent threat to life or health of the individual.

7. Data Security and Storage

7.1. The security of employee information is important. All employees must take reasonable
steps to protect any personal information they hold from the misuse, unauthorised
access, modification or disclosure to a third party. An employee holding personal
information relating to another employee, or customer, must ensure that access is not
provided to a third party in breach of this policy. All reasonable efforts must be made to
ensure information is stored securely both in electronic and physical forms.

7.2. Caring for You does not support the use of USB storage devices, unless encrypted and
password protected. Caring for You recommends all company documents are accessed
via the G Drive to ensure latest versions are being accessed and used.

7.3. Personal information is stored electronically, on paper, or both. The company has
physical, electronic and procedural safeguards for personal information and takes
reasonable steps to ensure that the information is protected. Data stored electronically
is protected by both internal and external firewalls, and access to electronic records is
limited by passwords. Only staff with a password have access to all information on the
system and files can be designated no access.

7.4. Personal information is stored within secure premises. Externally, the premises have
several barriers to unauthorised entry including secured entry and monitored alarms.
Internally, steps are taken to ensure access to personal information is limited, including
filing in a locked cabinet within a secured office or dedicated file room.

7.5. The company uses secure methods to destroy or permanently de-identify personal
information when it is no longer needed. Caring for You will retain personal information
while it is required for any of its functions, or for any other lawful purpose.

8. Computer Based Information Systems

8.1. Company systems are critical assets of the company that are intended for business use.
Electronic information stored on company computers and electronic files, and
communications stored, sent or received through company systems, are the property of
Caring for You.

8.2. The Company has the right to intercept, divert, discard, access or review the contents of
electronic communications or files or any other information created on, transmitted over
or stored in company or service provider systems at any time. Caring for You may
conduct reviews of computer use for several reasons, including the management of its
computer resources or communication facilities, assurance of systems security, verifying
compliance of users with company policies or for other business reasons. Caring for You
may specifically monitor sites visited by users on the internet, chat rooms and news
groups, as well as material downloaded or loaded by users from or to the internet. The
Company reserves the right to disclose information related to system usage for any of
the foregoing purposes, as well as to comply with or assist law enforcement officials or
legal authorities.

8.3. If an individual’s personal information is discovered as a result of electronic
communications monitoring, this personal information would not be disclosed in line with
the Privacy Act and company Privacy Policies, except if required by law or with the
individual’s consent.

9. Access to Personal Information

9.1. When an individual requests access to their personal information the company will, in
most circumstances, make available any personal information collected. Requests for
access to an employee’s personal information should be made in writing to the People
and Culture Manager. Caring for You may provide an individual with this information
verbally or in writing, as may be appropriate. In some instances, an employee may be
permitted to review their personnel file while accompanied by the People and Culture
Manager.

9.2. Caring for You will take reasonable steps to amend or correct personal information to
keep it accurate and up to date. Employees should notify Human Resources of any
changes to personal information.

9.3. Caring for You will respond to requests for access to personal information within 5 days
of receipt of the written request.

9.4. Requests for access to personal information must include the individual's name and
address and identify the information the individual is seeking.

10. Refusal of Access to Your Personal Information

10.1. In certain circumstances the People and Culture Manager may refuse an employee
access to their personal information. These could be in circumstances where:

    • There could be an unreasonable impact on the privacy of others;
    • The information relates to legal proceedings;
    • The information would reveal commercially sensitive decision-making process;
    • Providing access to the information would prejudice certain investigations;
    • Caring for You is required by law not to disclose the information.

10.2. Where the company does not agree to provide an individual with details of personal
information, the company will give reasons why.

11. Disclosure and Transfer of Information

11.1. Caring for You will not transfer personal information outside of Australia unless:

    • It is necessary for the employment relationship and to provide necessary services,
      provided Caring for You believes on reasonable grounds that the organisation
      involved will only deal with personal information in a similar manner to the
      requirements under the NPP's and in the case of health information, the HPP's;
    • The individual has provided their consent (including for the purposes set out in this Policy, by the individual acknowledging and signing this Policy);
    • Where otherwise allowed by the Privacy Act and the Health Records Act;
    • The information is provided to other related entities, which deal with personal
      information in a similar manner to the requirements under the NPP's and, in the
      case of health information, the HPP's.

11.2. Caring for You may disclose personal information to third parties, including third parties
outside Australia for:

    • The purpose for which it was collected;
    • A related purpose that the individual would reasonably expect;
    • A purpose required or permitted by law;
    • A purpose for which Caring for You has obtained the consent of the individual
      (including for the purposes set out in this Policy, by the individual acknowledging
      and signing this Policy);
    • The purposes of payroll management and administration and superannuation plan
      administration.

12. Breaches of this Policy

12.1. An employee found to be in breach of this Policy may be subject to disciplinary action
that may result in:

12.2. A formal warning being issued; or

12.3. Summary dismissal (see Code of Conduct Policy).

13. Privacy Concerns

13.1. If you have any queries or concerns about your personal information, or would like to
make a complaint, please contact the People and Culture Manager at Caring for You for
assistance.

14. Policy Review

14.1. This policy will be reviewed on an annual basis by the People and Culture Manager. Any
proposed changes to this policy must be approved by the CEO.