 |
|
|
Privacy Statement |
|
Heidelberg Australia respects the rights of the individuals with whom the Company interacts in conducting its business. One important right is the right to privacy and the protection of personal information. Heidelberg Australia strives to uphold this right.
The Australian companies and operations of Heidelberg are bound by the National Privacy Principles set out in the Privacy Act 1988 (Cth).
In the future, Heidelberg will look to adopt one Privacy Policy for all of its operations across Australia & New Zealand. This Privacy Policy would include the National Privacy Principles (NPP) as a minimum standard of protection of personal information.
The Company has designed its information handling policies and practices to comply with the requirements under the National Privacy Principles (NPPs) set out in the Privacy Act 1988 (Cth). These National Privacy Principles govern the way we collect, use, disclose and secure personal information as well as the access individuals may have to view, correct or update information held about them. Information may be held on the Company’s behalf by other service providers that the Company may appoint.
The National Privacy Principles govern the handling of personal information. Personal information is defined as:
"Information or an opinion (including information or an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion."
The following notes provide a brief explanation of the NPPs as they apply to Heidelberg Australia
- NPP 1: Collection
Collection of personal information must be fair, lawful and not intrusive. A person must be told Heidelberg's name, the purpose of collection, what happens if the person does not give the information and that they are able to access their own personal information.
The Company collects and holds information relating to name, age, address, contact details, gender, employment, beneficiaries, tax file number and other information relevant to employment, credit and finance applications and the provision of employment benefits and opportunities. To the extent that insurance benefits are provided certain health information may need to be collected as well. Information may be collected either directly from the individual or, in some cases, from other persons - for example medical practitioners or insurers in the context of a disability or workcover claim, but generally this will only occur with your consent.
NPP 2: Use and Disclosure
Heidelberg Australia should only use or disclose information for the purpose it was collected unless the person has consented, or for a secondary purpose which is related to the primary purpose (of collection) and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances, or in circumstances related to the public interest such as law enforcement and public or individual health and safety.
Information the Company collects will be used principally for the purpose of managing the affairs of the Company in assessing employment, credit and finance applications and providing employees with employment benefits and opportunities. We will only use and disclose information about members in accordance with the terms of the privacy legislation.
If an individual decides not to provide us with the information requested, we may not be able to assess applications for employment, credit and finance. In respect of employees, a decision not to provide information may affect employment opportunities or prevent us undertaking our obligations as an employer.
We may disclose some information we hold about individuals to third parties. For example:
-
our auditors, legal and professional advisers;
-
insurance brokers, insurers and superannuation providers;
-
Government regulatory bodies such as the Australian Taxation Office;
business support service providers such as software suppliers, archive providers and mailing houses; and
-
other companies within the Heidelberg global network and their delegates and contractors.
NPP 3: Data Quality
Heidelberg Australia must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to date.
NPP 4: Data Security
Heidelberg Australia must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
An individuals’ personal information is held securely and steps are taken, in conjunction with other service providers to protect information held from misuse and loss, and from unauthorised access, modification or disclosure. Some of those steps include:
-
Physical access controls to the premises where information is kept.
-
Computer and network security including password and other electronic protection.
-
Training of staff on information handling processes.
-
Secure off-site storage and audited disaster recovery practices.
Personal information may be retained for some period of time in accordance with relevant legislation and prudent business practice. This may vary according to the circumstances and type of information. Once we no longer need to retain information it will be destroyed in a secure manner.
NPP 5: Openness
Heidelberg Australia must have a policy document outlining its information handling practices and make this available to anyone who asks.
This document serves as the Company’s policy on the management of personal information and sets out in broad terms how we collect, use and disclose such information. Further detail about specific areas of the personal information handling practices is available on request from the contact people noted at the end of this document.
NPP 6: Access and Correction
Generally speaking, the Company must give an individual access to personal information it holds about that individual on request.
Individuals have a right to access any personal information held by the Company and included in a record relating to the individual. This includes information collected either directly or indirectly from the individual and information collected from third parties.
On request, and if none of the exceptions listed in the NPPs apply, you will be able to view or obtain copies of the personal information we hold about you.
Generally, requests for access to information should be put in writing. We will aim to respond to the request within 30 days of receipt. If a request is made by telephone or by email, and if we accept the request in that form, we will take steps to confirm the identity of the individual and the right of that individual to access the information.
A charge may apply to providing access to information. Any charges that apply will be reasonable and related to the cost of providing the information. The Company or other service provider will impose such a charge having regard to the cost and complexity of fulfilling the request. You will be advised of any charges that apply at or before the time of making the request. You will not be charged for merely lodging a request.
The NPPs make allowance for circumstances in which a request for access to information can be denied. If such a circumstance arises you will be advised on what basis that access has been denied, in writing. Partial access will be given where possible.
If you establish that information we hold about you, is not accurate, complete or up to date, then we will take steps to correct the information. If we believe that a requested correction should not be made, for example, because of disagreement about the accuracy of the information, we would discuss alternatives with you.
In the case of a disagreement about the accuracy of the information you can ask us to include a statement in the personal information record stating why you believe the information is not accurate, complete or up to date.
NPP 7: Identifiers
Generally speaking Heidelberg Australia must not adopt, use or disclose, an ‘Identifier’ that has been assigned by a Commonwealth government ‘agency’. An Identifier ‘includes a number assigned by an organisation to identify uniquely the individual for the purposes of the organisation’s operation.’
Teh Company will not use any personal identifiers issued by a government agency (for example a tax file number or Medicare number) as a personal identifier. For example, although legislation may require us to ask you to provide your tax file number we will only use that number for the purposes permitted by legislation and not as a general means of identification.
NPP 8: Anonymity
Heidelberg Australia must give people the option to interact anonymously whenever it is lawful and practicable to do. Individuals should have the option of not identifying themselves when dealing with an organisation holding information about them. However due to the personal nature of employment benefits this may not be practical.
NPP 9: Transborder Data flows
Heidelberg Australia can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection. It can only occur if one of the following applies:
-
The member grants consent.
-
There is a reasonable belief that the country to which the information is being transferred has substantially similar privacy obligations.
-
The transfer of information is for the benefit of the individual and it is not practicable to obtain consent.
-
Reasonable steps have been taken to ensure that the recipient will not hold, use or disclose the information in a manner inconsistent with the NPPs
-
NPP: 10 Sensitive Information
Heidelberg Australia must not collect sensitive information unless the individual has consented or it is required by law (or in other special specified circumstances, for example, relating to health services provision and individual or public health or safety).
Sensitive Information is defined as:
(a) information or an opinion about an individual’s:
-
racial or ethnic origin; or
-
political opinions; or
-
membership of a political association; or
-
religious beliefs or affiliations; or
-
philosophical beliefs; or
-
membership of a professional or trade association; or
-
membership of a trade union; or
-
sexual preferences or practices; or a criminal record;
-
that is also personal information; or (b) health information about an individual."
Examples of this would be health information required to secure insurance benefits, or for the processing of an insurance claim. We will generally only collect such information with the person’s consent as required by the NPPs. Complaints
If you have any complaints about handling of personal information relating to you, please bring it to the Company’s attention in writing. The Company or its delegate will investigate and the complaint with the general aim of responding within 30 days. Under superannuation legislation, which may also be relevant to your complaint, we must respond within 90 days. If the complaint is valid the Company will take steps to ensure that any interference with your privacy is discontinued. If the complaint is not dealt with to your satisfaction you may wish to contact the Privacy Commissioner directly. Contact Details
Mr David Devereux Privacy Officer Heidelberg Australia 658 Church Street Richmond Vic 3121 (03) 9205 4111 For further general Privacy information you can contact The Office of the Privacy Commissioner, or visit their web site on http://www.privacy.gov.au or read the National Privacy Principles at http://law.gov.au/privacy/royalnpp.htm.
|
|
|
|
|
|
|
|
|
|