1.1. This policy sets out the Company's position in relation to the collection, storage,
disclosure or transfer of employee information as required by the Privacy Amendment
(Private Sector) Act (Cth) 2000 and the Health Records Act (Vic) 2001.
1.2. All employees of Caring for You (“the Company”), third party paid contractors,
2.1. The company recognises the importance of its employees' and contractor’s privacy and
understands their concerns about the security of the personal information they provide
to us. The company complies with the National Privacy Principles (“NPP’s”) as contained
in the Privacy Act (Cth) 1988 and the Health Privacy Principles ("HPP's") as contained in
the Health Records Act (Vic) 2001. The NPP’s detail how personal information is
collected, used, stored and destroyed and how an individual may gain access to personal
information held about them. The HPP's detail how health information is collected, used,
stored and destroyed and how an individual may gain access to personal information
held about them.
2.2. The company respects the privacy of its employees. Any personal information will only
be collected with their prior knowledge where possible and no information will be
disclosed to another institution or authority except if required by law or with their
consent. Furthermore, the company will take all reasonable steps to protect their
personal information from unauthorised access, improper use or alteration.
3.1. Responsibility and authority to implement and enforce this Policy is placed with Human
Resources, however all employees have a legal obligation to comply with this Policy.
3.2. The Human Resources Department will ensure that it:
3.3. Any personal information collected from third parties during recruitment or engagement
for the purposes of verification of information provided, may be disclosed to a third party
which may include:
3.4. Personal information collected during recruitment or engagement for unsuccessful
candidates will be destroyed immediately. All other personal information collected will
be held by the company whilst the information is required.
3.5. At the end of this period, Human Resources will dispose of the documentation in
accordance with NPP's and the HPP's (where the information is health information) by
either destroying or de-identifying the documentation.
4.1. In the course of the employment relationship, the company collects a variety of
information including personal information. The company endeavours to only collect
personal information that is necessary for the employment relationship and the
management and administration of employees.
4.2. The type of personal information collected will depend upon the nature of the
relationship between Caring for You and the individual, but will include name, address,
telephone numbers, date of birth and next of kin.
4.3. While the company endeavours to collect personal information from the individual
involved, in some instances Caring for You may also receive personal information about
an individual from third parties. Where the company receives (and retains), or use
personal information from third parties, the company will contact the individual involved
and advise them that this information is retained while it is required for any of its
functions, or for any other lawful purpose.
5.1. The company collects employee records for the purpose of an employment relationship.
5.2. While the company endeavours to collect personal information from the individual
involved, in some instances Caring for You may also receive personal information about
an individual from third parties. Where the company receives, (and retains) or uses
personal information from third parties, the company will contact the individual and
advise that it holds this information
5.3. Most information held for the purposes of an employment relationship is exempt under
the Privacy Act as employee records, therefore, although Caring for You is not obliged to
maintain the contents of employee records under the NPP's and the Privacy Act, Caring
for You will use its best endeavours to do so.
5.4. Employee records are defined as:
5.5. The company complies with the HPP's in maintaining employee’s health information
contained in employee records.
6.1. Where an employee has consented to providing health related information to the
company or health information has been provided by a third party, that information shall
only be disclosed to a third party in the event of an emergency to prevent or lessen a
serious and imminent threat to life or health of the individual.
7.1. The security of employee information is important. All employees must take reasonable
steps to protect any personal information they hold from the misuse, unauthorised
access, modification or disclosure to a third party. An employee holding personal
information relating to another employee, or customer, must ensure that access is not
provided to a third party in breach of this policy. All reasonable efforts must be made to
ensure information is stored securely both in electronic and physical forms.
7.2. Caring for You does not support the use of USB storage devices, unless encrypted and
password protected. Caring for You recommends all company documents are accessed
via the G Drive to ensure latest versions are being accessed and used.
7.3. Personal information is stored electronically, on paper, or both. The company has
physical, electronic and procedural safeguards for personal information and takes
reasonable steps to ensure that the information is protected. Data stored electronically
is protected by both internal and external firewalls, and access to electronic records is
limited by passwords. Only staff with a password have access to all information on the
system and files can be designated no access.
7.4. Personal information is stored within secure premises. Externally, the premises have
several barriers to unauthorised entry including secured entry and monitored alarms.
Internally, steps are taken to ensure access to personal information is limited, including
filing in a locked cabinet within a secured office or dedicated file room.
7.5. The company uses secure methods to destroy or permanently de-identify personal
information when it is no longer needed. Caring for You will retain personal information
while it is required for any of its functions, or for any other lawful purpose.
8.1. Company systems are critical assets of the company that are intended for business use.
Electronic information stored on company computers and electronic files, and
communications stored, sent or received through company systems, are the property of
Caring for You.
8.2. The Company has the right to intercept, divert, discard, access or review the contents of
electronic communications or files or any other information created on, transmitted over
or stored in company or service provider systems at any time. Caring for You may
conduct reviews of computer use for several reasons, including the management of its
computer resources or communication facilities, assurance of systems security, verifying
compliance of users with company policies or for other business reasons. Caring for You
may specifically monitor sites visited by users on the internet, chat rooms and news
groups, as well as material downloaded or loaded by users from or to the internet. The
Company reserves the right to disclose information related to system usage for any of
the foregoing purposes, as well as to comply with or assist law enforcement officials or
8.3. If an individual’s personal information is discovered as a result of electronic
communications monitoring, this personal information would not be disclosed in line with
the Privacy Act and company Privacy Policies, except if required by law or with the
9.1. When an individual requests access to their personal information the company will, in
most circumstances, make available any personal information collected. Requests for
access to an employee’s personal information should be made in writing to the People
and Culture Manager. Caring for You may provide an individual with this information
verbally or in writing, as may be appropriate. In some instances, an employee may be
permitted to review their personnel file while accompanied by the People and Culture
9.2. Caring for You will take reasonable steps to amend or correct personal information to
keep it accurate and up to date. Employees should notify Human Resources of any
changes to personal information.
9.3. Caring for You will respond to requests for access to personal information within 5 days
of receipt of the written request.
9.4. Requests for access to personal information must include the individual's name and
address and identify the information the individual is seeking.
10.1. In certain circumstances the People and Culture Manager may refuse an employee
access to their personal information. These could be in circumstances where:
10.2. Where the company does not agree to provide an individual with details of personal
information, the company will give reasons why.
11.1. Caring for You will not transfer personal information outside of Australia unless:
11.2. Caring for You may disclose personal information to third parties, including third parties
outside Australia for:
12.1. An employee found to be in breach of this Policy may be subject to disciplinary action
that may result in:
12.2. A formal warning being issued; or
12.3. Summary dismissal (see Code of Conduct Policy).
13.1. If you have any queries or concerns about your personal information, or would like to
make a complaint, please contact the People and Culture Manager at Caring for You for
14.1. This policy will be reviewed on an annual basis by the People and Culture Manager. Any
proposed changes to this policy must be approved by the CEO.