|
|
| Privacy Statement |
|
From December 21st 2001, Gwyder has been subject to the National
Privacy Principles contained in the Privacy Amendment (Private sector) Act 2000
(Cth).
Gwyder has developed its own Privacy and Security Policy ("PSP")
that explains in general terms how Gwyder will protect the privacy of the
individual’s personal information under the National Privacy Principles. The
PSP will apply to how Gwyder will collect, use, keep secure and disclose of
private information. The PSP will also apply to any information about the
individual that is provided by someone else.
Gwyder may amend the PSP as our business requirements or the law
changes. Any changes will be updated on the website www.gwyder.com.au. It is
the individual’s responsibility to ensure that the most current PSP is at hand.
Please read the PSP carefully before entering into any transaction that may
relate to your personal information.
The implementation, management and control of the PSP will be
under the responsibility of the Quality Manager.
|
| |
| 1. Collection
|
| In carrying out its daily business, Gwyder may gain personal
information for one or more of its functions. Except if making the individual
aware of the matters would pose a serious threat to the life or health of any
individual, Gwyder may take the following reasonable steps to advise the
individual:
|
| |
1. The identity of the organisation and how to contact it;
2. The fact that he/she is able to gain access to the information;
3. The purposes for which the information is collected;
4. The organisations (or the types of organisations) to which Gwyder usually
discloses information of that kind;
5. Any law that requires the particular information to be collected; and
6. The main consequences (if any) for the individual if all or part of the
information is not provided. |
|
|
| |
| 2. Use & Disclosure
|
|
1. Gwyder will not use or disclose personal information about
an individual for a purpose (the secondary purpose) other than the primary
purpose of collection unless both the following apply:
|
| |
1. The secondary purpose is related to the primary purpose of
collection; and
2. If the personal information is sensitive information, directly related to
the primary purpose of collection;
|
|
|
2. The individual would reasonably expect Gwyder to use or
disclose the information for the secondary purpose; or
3. The individual has consented to the use or disclosure; or
4. Gwyder reasonably believes that the use or disclosure is necessary to lessen
or prevent:
| |
1. A serious and imminent threat to an individuals life,
health or safety; or
2. A serious threat to public health or public safety; and
|
|
| 5. The use or disclosure is required or authorised by or under law
|
| |
| 3. Data Quality |
| Gwyder will use its best endeavours to ensure that the personal
information it collects uses or discloses is accurate, complete and up-to-date.
|
|
|
| 4. Data Security |
|
Gwyder will take reasonable steps to protect the personal
information it holds from misuse and loss and from unauthorised access,
modification or disclosure. Gwyder management and staff have a good
understanding of their responsibilities in protecting personal information from
misuse, loss, corruption, or disclosure by application of the PSP.
|
| |
|
4.1 Physical Security
Information received at Gwyder is received and stored in a range of paper based
and electronic forms. To ensure unauthorised access, Gwyder has:
1. Installed barriers such as locks on main doors and each Consultants room;
2. Controlled issuing of security keys for access, filing cabinets and safes;
3. Document control procedures as outlined in B1; and
4. Main building is secured after business hours with electronic surveillance.
|
| |
|
4.2 Computer & Network Security
Gwyder has assessed their security risks by taking appropriate measures to
protect the integrity of their information systems and networks by considering
storing, processing and the transmission of information:
1. Access control to authorised users through system and server passwords;
2. Virus checking;
3. IT support to deal with security risks; and
4. Audit procedures and data integrity checks.
|
| |
|
4.3 Communications Security
Gwyder has considered the two types of communications risk being the
interception of transmissions and unauthorised intrusion into networks. The
reasonable steps taken by Gwyder to protect personal information are:
1. Confirming authorised person, or some-one delegated is available to receive
such information, checking facsimile numbers before sending personal
information, and confirming receipt;
2. Checking/confirming identity before giving out personal information over the
telephone; and
3. Restriction to Internet access to one workstation only.
|
| |
|
4.4 Personal Security
Gwyder recruitment procedures ensure that the personal information is accessed
by those people who 'need-to-know' in carrying out their duties by:
1. Training management and staff in security awareness, practices and
procedures;
2. Control on access to categories of information; and
3. Specifying and reviewing access privileges.
|
| |
|
4.5 Destruction
To protect the individual’s privacy rights, destruction of personal information
within Gwyder occurs by secure means:
1. All hard copy documentation is shredded, or, collected by an authorised
disposal company; and
2. Electronic files will be kept with restricted access and/or in accordance
with applicant's instructions.
4.6 De-Identification
In following its Destruction Policy B3.4.5, Gwyder has removed from its records
any personal information by which an individual may be identified.
|
|
|
| 5. Openness
|
|
1. Gwyder makes its PSP readily available for interested parties.
2. Each candidate is given access to a copy which:
1. Is readily accessible on the website home page; and
2. Is clearly displayed on the office wall;
3. An individual may obtain information or complain about any detected breach of
privacy;
4. If Gwyder refuses to provide the individual with access to the information,
Gwyder will give the individual reasons for the refusal and inform the
individual of any exceptions; and
5. For information which Gwyder collected prior to December 21st 2001, Gwyder
may not be able to provide the individual with access to this information where
to do so would place an unreasonable administrative burden on us or cause us
unreasonable expense.
|
|
|
| 6. Access & Correction
|
1. It is the individuals responsibility to ensure that Gwyder
has the most recent copy of their personal details in order that Gwyder can
make the correct recruitment decision;
2. Gwyder will provide an individual access to the personal information held,
except where covered under conditions 6.1(a) through (k) as listed in the
National Privacy Principles;
3. The individual must prove by way of satisfactory evidence that they are who
they purport to be;
4. Any request for personal information will be in writing, addressed to the
Quality Manager. Access will normally be granted within five working days of
receipt of the written request; and
5. Gwyder will provide the individual with an accurate summary of the
information, and any associated costs relating to such access, typically $75.
|
| |
| 7. Identifiers
|
|
Gwyder does not apply identifiers to any individual (save a
position sought/skills classification and system assigned number to uniquely
identify the individual for the purposes of recruitment).
|
| |
| 8. Anonymity
|
|
Gwyder will use its best endeavours to ensure the authenticity
of the individual applying for the position however, should the individual show
just cause for anonymity, Gwyder, in consultation with the Client, will respect
such a request.
|
| |
| 9. Trans-Border Data Flows
|
|
Gwyder recruitment assignments are typically targeted at the
Australian market however, an assignment may originate from a foreign country.
In these instances individual consent will be obtained in writing before the
transmission of personal information.
|
| |
| 10. Sensitive Information
|
|
Gwyder is required by law to obtain the individual's consent
for the collection of 'sensitive information'. Therefore, we will assume that
the individual has consented to the collection of all information which is
provided to us for use in accordance with the PSP, unless the individual
advises otherwise.
|
|
|