This policy sets out the Company's position in relation to the collection, storage, disclosure or transfer of employee information as required by the Privacy Amendment (Private Sector) Act (Cth) 2000 and the Health Records Act (Vic) 2001.
All employees of Caring for You ("the Company"), third party paid contractors, Independent Contractors.
1. Privacy Statement
The company recognises the importance of its employees' and contractor's privacy and understands their concerns about the security of the personal information they provide to us. The company complies with the National Privacy Principles ("NPP's") as contained in the Privacy Act (Cth) 1988 and the Health Privacy Principles ("HPP's") as contained in the Health Records Act (Vic) 2001. The NPP's detail how personal information is collected, used, stored and destroyed and how an individual may gain access to personal information held about them. The HPP's detail how health information is collected, used, stored and destroyed and how an individual may gain access to personal information held about them.
The company respects the privacy of its employees. Any personal information will only be collected with their prior knowledge where possible and no information will be disclosed to another institution or authority except if required by law or with their consent. Furthermore, the company will take all reasonable steps to protect their personal information from unauthorised access, improper use or alteration.
Responsibility and authority to implement and enforce this Policy is placed with Human Resources, however all employees have a legal obligation to comply with this Policy.
The Human Resources Department will ensure that it:
- Only collects personal information if it is necessary to do so;
- Only collects personal information that is considered necessary to provide services;
Does not use or disclose personal information about an individual for a purpose other than:
- The purpose for which it was collected;
- A related purpose for which it was collected;
- A purpose required or permitted by law;
- A purpose for which they have obtained the consent of the individual;
- In accordance with clause 9 of this policy;
- Takes all reasonable step to ensure that the personal information collected, used or disclosed is accurate and up-to-date and is protected;
- Provides individuals with access to their personal information, except in circumstances as outlined in Clause 8 of this Policy.
Any personal information collected from third parties during recruitment or engagement for the purposes of verification of information provided, may be disclosed to a third party which may include:
- Recruitment or Human Resource service providers;
- Health professionals;
- Nominated referees.
Personal information collected during recruitment or engagement for unsuccessful candidates will be destroyed immediately. All other personal information collected will be held by the company whilst the information is required.
At the end of this period, Human Resources will dispose of the documentation in accordance with NPP's and the HPP's (where the information is health information) by either destroying or de-identifying the documentation.
3. Collecting Personal Information
In the course of the employment relationship, the company collects a variety of information including personal information. The company endeavours to only collect personal information that is necessary for the employment relationship and the management and administration of employees.
The type of personal information collected will depend upon the nature of the relationship between Caring for You and the individual, but will include name, address, telephone numbers, date of birth and next of kin.
While the company endeavours to collect personal information from the individual involved, in some instances Caring for You may also receive personal information about an individual from third parties. Where the company receives (and retains), or use personal information from third parties, the company will contact the individual involved and advise them that this information is retained while it is required for any of its functions, or for any other lawful purpose.
4. Employee Information
The company collects employee records for the purpose of an employment relationship.
While the company endeavours to collect personal information from the individual involved, in some instances Caring for You may also receive personal information about an individual from third parties. Where the company receives, (and retains) or uses personal information from third parties, the company will contact the individual and advise that it holds this information.
Most information held for the purposes of an employment relationship is exempt under the Privacy Act as employee records, therefore, although Caring for You is not obliged to maintain the contents of employee records under the NPP's and the Privacy Act, Caring for You will use its best endeavours to do so.
Employee records are defined as:
- Information in relation to a current or former employment relationship;
- The engagement, training, disciplining, resignation or termination of employment of an employee;
- The terms and conditions of employment of an employee;
- The employee's performance or conduct, hours of employment, salary and wages, personal and emergency contact details;
- The employee's membership of a professional or trade association, or trade union membership;
- The employee's leave entitlements;
- The employee's taxation, banking or superannuation affairs;
The company complies with the HPP's in maintaining employee's health information contained in employee records.
5. Health Information
Where an employee has consented to providing health related information to the company or health information has been provided by a third party, that information shall only be disclosed to a third party in the event of an emergency to prevent or lessen a serious and imminent threat to life or health of the individual.
6. Data Security and storage
The security of employee information is important. All employees must take reasonable steps to protect any personal information they hold from the misuse, unauthorised access, modification or disclosure to a third party. An employee holding personal information relating to another employee, or customer, must ensure that access is not provided to a third party in breach of this policy. All reasonable efforts must be made to ensure information is stored securely both in electronic and physical forms.
Caring for You does not support the use of USB storage devices, unless encrypted and password protected. Caring for You recommends all company documents are accessed via the G Drive to ensure latest versions are being accessed and used.
Personal information is stored electronically, on paper, or both. The company has physical, electronic and procedural safeguards for personal information and takes reasonable steps to ensure that the information is protected. Data stored electronically is protected by both internal and external firewalls, and access to electronic records is limited by passwords. Only staff with a password have access to all information on the system and files can be designated no access.
Personal information is stored within secure premises. Externally, the premises has several barriers to unauthorised entry including secured entry and monitored alarms. Internally, steps are taken to ensure access to personal information is limited, including filing in a locked cabinet within a secured office or dedicated file room.
The company uses secure methods to destroy or permanently de-identify personal information when it is no longer needed. Caring for You will retain personal information while it is required for any of its functions, or for any other lawful purpose.
7. Computer based Information Systems
Company systems are critical assets of the company that are intended for business use. Electronic information stored on company computers and electronic files, and communications stored, sent or received through company systems, are the property of Caring for You.
The Company has the right to intercept, divert, discard, access or review the contents of electronic communications or files or any other information created on, transmitted over or stored in company or service provider systems at any time. Caring for You may conduct reviews of computer use for several reasons, including the management of its computer resources or communication facilities, assurance of systems security, verifying compliance of users with company policies or for other business reasons. Caring for You may specifically monitor sites visited by users on the internet, chat rooms and news groups, as well as material downloaded or loaded by users from or to the internet. The Company reserves the right to disclose information related to system usage for any of the foregoing purposes, as well as to comply with or assist law enforcement officials or legal authorities.
If an individual's personal information is discovered as a result of electronic communications monitoring, this personal information would not be disclosed in line with the Privacy Act and company Privacy Policies, except if required by law or with the individual's consent.
8. Access to Personal Information
When an individual requests access to their personal information the company will, in most circumstances, make available any personal information collected. Requests for access to an employee's personal information should be made in writing to the Human Resources Officer. Caring for You may provide an individual with this information verbally or in writing, as may be appropriate. In some instances, an employee may be permitted to review their personnel file while accompanied by the Human Resource Officer.
Caring for You will take reasonable steps to amend or correct personal information to keep it accurate and up to date. Employees should notify Human Resources of any changes to personal information.
Caring for You will respond to requests for access to personal information within 5 days of receipt of the written request.
Requests for access to personal information must include the individual's name and address and identify the information the individual is seeking.
9. Refusal to access to your Personal Information
In certain circumstances the Human Resources Officer may refuse an employee access to their personal information. These could be in circumstances where:
- there could be an unreasonable impact on the privacy of others;
- the information relates to legal proceedings;
- the information would reveal commercially sensitive decision-making process;
- providing access to the information would prejudice certain investigations;
- Caring for You is required by law not to disclose the information.
Where the company does not agree to provide an individual with details of personal information, the company will give reasons why.
10. Disclosure and Transfer of Information
- Caring for You will not transfer personal information outside of Australia unless:
- It is necessary for the employment relationship and to provide necessary services, provided Caring for You believes on reasonable grounds that the organisation involved will only deal with personal information in a similar manner to the requirements under the NPP's and in the case of health information, the HPP's;
- The individual has provided their consent (including for the purposes set out in this Policy, by the individual acknowledging and signing this Policy);
- Where otherwise allowed by the Privacy Act and the Health Records Act;
- The information is provided to other related entities, which deal with personal information in a similar manner to the requirements under the NPP's and, in the case of health information, the HPP's.
Caring for You may disclose personal information to third parties, including third parties outside Australia for:
- The purpose for which it was collected;
- A related purpose that the individual would reasonably expect;
- A purpose required or permitted by law;
- A purpose for which Caring for You has obtained the consent of the individual (including for the purposes set out in this Policy, by the individual acknowledging and signing this Policy);
- The purposes of payroll management and administration and superannuation plan administration.
11. Breaches of this Policy
An employee found to be in breach of this Policy may be subject to disciplinary action that may result in:
- A formal warning being issued; or
- Summary dismissal (see Code of Conduct Policy).
If you have any queries or concerns about your personal information, or would like to make a complaint, please contact the Human Resources Officer at Caring for You for assistance.