CRCHIA (the “Company”) recognises the importance to ensure that the personal information we collect, maintain, use, and disclose is treated in a legislatively compliant, ethical and moral manner at all times.
This Policy will set out how our Company will manage personal information and the way in which you can access and correct your personal information if necessary.
CRCHIA believes that maintaining the privacy of this information is an individual right and a crucial factor to the success of our business and that of our clients.
Commitment
CRCHIA will only collect personal information if it is necessary for our business operation and the operation of our clients.
The Company is committed to managing the personal information we collect, maintain, use, and disclose in accordance with the Australian Privacy Principles outlined in the Commonwealth Privacy Act 1988 (the “Act”).
This Privacy Policy does not apply to personal information collected by the Company that is exempted under the Act.
The company is committed to ensuring that the Personal Information it holds about individuals is handled appropriately and lawfully. CRCHIA believes that privacy is an important individual right that is important to our business and the businesses of our clients.
Collection of Personal Information
Our Company operations require us to identify suitable personnel for positions within our organisation and conduct other activities which depend on us obtaining certain personal, and sometimes sensitive, information.
CRCHIA will only collect personal information if it is necessary for our business purposes, including complying with legal or regulatory obligations. The Company will only collect Personal Information by lawful and fair means and not in an unreasonably intrusive way.
Personal Information is any information that may be used to identify you, whether or not the information is true.
Whenever the Company collects any Personal Information, it will take reasonable steps to provide the person providing the information:
- The identity details of the Company and how to contact it.
- Why the Company is collecting the Personal Information.
- The intended recipients of the information, including the types of organisations (if any) the Company may disclose the Personal Information (e.g., payroll processing services); and
- Their rights in relation to requesting access to their Personal Information.
Where reasonable and appropriate, the company will collect Personal Information directly from the individual. However, there are certain situations in which Personal Information about an individual may be collected from someone else.
Whichever method is used the Company will take reasonable steps to notify the individual of the collection method.
The type of personal information the Company may collect includes, but is not limited to:
- Names, date of birth and/or gender details.
- Profession, occupation and/or job titles.
- Educational qualifications, employment history and/or salary details.
- Residential, business, mailing and/or email address details.
- Telephone, mobile and/or facsimile numbers.
- Identity documents (e.g., passport, driving licence, etc.)
- Photographic and/or pictorial representations.
- Tax file numbers and/or other government issued identification numbers.
- Bank account and/or superannuation details.
- Visa and/or work permit status.
- Cookie and clickstream data (only limited data will be collected and individuals that do not want to receive cookies can disable this function from their web browser).
- Information you provide to us through our websites, employees, representatives, offices and/or otherwise; and
- Personal information and/or details about your spouse and/or dependents.
The Company may collect Personal Information in ways including, but not limited to:
- Directly from you, through your access and use of our websites and web-based channels.
- During conversations with you and our representatives via telephone and/or in person.
- Through written correspondence with you, including correspondence via email; and
- When you complete an application.
From time to time the Company may also collect Personal Information from third parties where permitted by law and your consent including, but not limited to:
- Previous or current employers, managers and/or other references provided by you.
- Service providers to the Company; and
- Company Clients.
Unsolicited Personal Information provided to us by a third party will be assessed and handled in accordance with the Act.
Business information provided to the Company will not generally be classified as Personal Information, however this may apply when it relates to sole traders and partnerships.
In certain circumstances the Company may be required to collect Sensitive or Health Information. The Company will only collect this type of information with your consent and where it is permitted in accordance with the law.
It is generally not practical to remain anonymous or to use a pseudonym when dealing with the Company and we will ordinarily request you to identify yourself as we need to use your personal information to provide the specific services that relate or involve you.
Third Party Marketing
The Company does not disclose personal information to third parties for the purposes of allowing them to distribute marketing material.
Use and Disclosure of Personal Information
CRCHIA will collect Personal Information about you with the primary purpose of delivering the best possible business functions and activities for which it was collected which may include supplying our services or responding to an individual’s request.
CRCHIA will collect, maintain, use and disclose your Personal Information to:
- Identify you.
- Provide products, services and/or employment to you.
- Send and receive communications to/from you.
- Answer queries and provide information and/or advice to you.
- Provide you with access to protected areas of our websites.
- Assess and improve our websites performance.
- Conduct business processing operations.
- Update our records and keep your contact details current.
- Process and respond to complaints and/or requests.
- Conduct planning and/or product/service development in order to improve the Company’s provision of services to you.
- Provide information to our contractors, clients and/or suppliers in order to support our Company to provide products, services and/or employment to you; and
- Comply with any Australian law; orders of courts or tribunals; any rule, regulation, lawful and binding determination, decision or direction of a regulator.
Where the Company needs to use or disclose Personal Information for purposes other than those listed above, CRCHIA will obtain consent from you where appropriate and necessary.
Exceptions to the utilisation or disclosure of Personal Information include:
- The use or disclosure is required to lessen or prevent serious threat to a person’s health or life, or to public health and safety.
- The use or disclosure is required or authorised by the law.
- The use or disclosure is reasonably necessary to assist a law enforcement agency in its law enforcement functions; or
- The Company suspects fraud or unlawful activity has and/or will occur.
The third parties the Company may disclose your information to include, but are not limited to:
- Our employees, contractors, clients and/or service providers for the purposes of operation of our websites or our functions, fulfilling requests by you, and to otherwise provide information, products and services to you including, without limitation, web hosting providers, IT systems administrators, cloud computing services, couriers, payment processors, electronic network administrators and professional advisors such as accountants, solicitors, business advisors and consultants.
- To suppliers and other third parties with whom we have a commercial relationship, for business marketing, research and other business-related purposes.
- Other Commonwealth, State or Territory government departments and agencies where it is authorised by law or is established practice; and
- Any organisation for any authorised purpose with your express consent.
Your personal information will not be shared or disclosed other than as described in this privacy policy without your consent.
Storage, Security and Disposal of Personal Information
Once Personal Information is received from you the Company will take all reasonable steps to ensure the security of the information.
This includes taking appropriate measures to protect and store all material whether it is in electronic or hard copy format from misuse and loss or from unauthorised access, modification or disclosure.
However, as our websites are linked to the internet we cannot provide assurance of secure transmission, or potential interception of, this information when sent via the internet. These transmissions are at your risk.
Our websites may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
Some of the methods the Company will use to store and secure Personal Information include:
- Storing all Personal Information in locked filing cabinets.
- Having a clean desk policy and locking computers when not attended.
- Encrypted and secure servers and other computer components; and
- Not allowing group computer passwords.
The list above is by no means exhaustive, and the security measures taken will be dependent on what is required to provide a practicable level of storage and security.
Personal Information will be appropriately destroyed or de-identified when no longer required by law or the Company to conduct its activities.
Quality and Accuracy of Personal Information
The Company will take reasonable steps to ensure that any Personal Information collected, maintained, used or disclosed is complete, accurate and up to date.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request to have it amended. We will not charge you for amending your Personal Information.
CRCHIA will consider whether the information requires amendment. In the unlikely event that we do not agree that there are grounds for amendment, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about mechanisms available to seek review if you do not agree with our decision.
Access to Personal Information
You have a right to request access to any Personal Information held by the Company about you at any time by contacting us. Requests for access to Personal Information should be forwarded to the Human Resources Department in writing.
Where CRCHIA holds information about you that you are entitled to access we will provide you with a suitable means of accessing it (i.e., email, mail) without cost.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if required or authorised to refuse access under Commonwealth legislation.
There are a number of examples where access cannot be granted including:
- Where providing access would pose a serious and imminent threat to the life or health of any individual.
- Where providing access would have an unreasonable impact upon the privacy of other individuals (this may be relevant where information about other individuals is included on a file).
- The request for access is frivolous or vexatious.
- The information relates to existing or anticipated legal proceedings where the information would not otherwise be discoverable.
- Providing access would be unlawful.
- Denying access is required by law.
- Providing access would prejudice an investigation of possible unlawful activity; and
- Providing access would prejudice law enforcement.
If access is not able to be granted, we will give you written notice of the reasons for the refusal within 30 days of receipt of your request, together with information about how you can complain about our refusal if you wish to do so.
Disclosure Overseas of Personal Information
Depending on the nature of the engagement or circumstances of collection, the Company may disclose Personal Information to entities overseas to fulfil the purpose for which the personal information was collected, or a related or ancillary purpose in accordance with the Act.
Complaint Procedure
If you believe that we have breached your privacy or wish to make a complaint about how your Personal Information is being handled, please contact us, and provide details of the incident so that we can investigate.
All complaints will be handled impartially and as promptly as possible. You will be kept informed of the progress of your complaint however only those people who are involved in the investigation of the complaint will have access to the relevant Personal Information.
You will be advised of the outcome of your complaint in writing once the Company has completed its investigation.
If you are not happy with the response provided by the Company, you can make a complaint to the Office of the Australian Information Commissioner (OAIC) on 1300 363 992. Information on how to make a complaint can be found on the OAIC website (https://www.oaic.gov.au/).
Changes to our Privacy Policy
We may change this Privacy Policy from time to time. Any updated versions of this Privacy Policy will be posted on our websites and in our office locations, accessible through the CRCHIA Integrated Management System.
Company and Employee Responsibility
CRCHIA will responsibly comply with this policy when handling all Personal Information about its clients, customers, employees, contractors, consultants, job applicants and other relevant persons.
CRCHIA requires that all employees (including casual and contract staff) or other persons who conduct a work activity on behalf of the Company comply with this policy at all times throughout the course of their employment or engagement with the Company.
All employees (including casual and contract staff) or other persons who conduct a work activity on behalf of the Company must only collect, maintain, use, or dispose of Personal Information in accordance with this policy including taking reasonable steps to protect any Personal Information in their care from misuse, loss, unauthorised access, modification and/or disclosure.
Communication
This policy will be communicated on our websites, offices and to all persons working for or on behalf of CRCHIA and will be made available to stakeholders upon request.