Communities@Work collects relevant information to enable it to perform its functions. As part of this process, it collects personal and sensitive information.
Communities@Work has legal obligations to ensure the protection, proper use and handling of personal and sensitive information.
Communities@Work places a high value on the rights of individuals to have their personal privacy protected.
Communities@Work has practices and procedures in place to ensure compliance with the Privacy Act 1988 and the Australian Privacy Principles (APPs) which regulate the collection, storage, security, use and disclosure of personal information.
Detailed information on the privacy rights of our clients, stakeholders and employees is available at:
Privacy Act 1988 – https://www.legislation.gov.au/
Australian Privacy Principles – https://www.oaic.gov.au/
All personal and sensitive information held by Communities@Work is contained in secure physical and electronic environments. Internal procedures ensure the protection of information against unauthorised access, loss, modification, misuse or disclosure. The only people in our organisation who are permitted to have access to personal or sensitive information, regardless of the format, are employees, contractors and volunteers who have a genuine requirement to access the information to do their jobs.
Communities@Work does not use identifiers such as tax file numbers, Medicare numbers or driver’s licence numbers as identifiers of people in our own records and systems.
Collection of Personal and Sensitive Information
When we collect personal and sensitive information we:
- collect it, as far as practicable, only from the individual concerned;
- collect it by fair and lawful means;
- collect only personal information that is necessary for Communities@Work to deliver its services.
Some personal information is collected to enable administration of our billing or payments systems. We do not permanently retain that information; once the need to retain records in accordance with relevant legal obligations has expired the information shall be disposed of securely.
Individuals have no obligation to provide the information requested by Communities@Work. However, withholding information in some circumstances may affect the quality and efficiency of the services delivered by Communities@Work.
Use and Disclosure
Communities@Work representatives will notify individuals of the purpose for collecting personal and sensitive information at the time it is collected. In addition, Communities@Work shall:
- only use personal or sensitive information collected for the reason it was originally collected;
- inform the individual which other organisations or types of organisations Communities@Work usually discloses the information to, if any;
- only disclose information consistent with the requirements of the Australian Privacy Principles;
- not disclose information to overseas parties; and
- provide a simple means by which an individual may opt out of receiving direct marketing communications from the organisation.
Handling of Personal Information
Communities@Work maintains personal information security as per Australian Privacy Principle 11, including complying with the Notifiable Data Breaches (NDB) Scheme. In line with our obligations under this scheme:
- We shall take reasonable steps to ensure an assessment of eligible data breaches is completed within the time frame stipulated by the Scheme;
- We shall provide a statement to each of the individuals whose data was breached or who are at risk;
- We shall send a copy of the statement to the Office of the Australian Information Commissioner;
- We shall undertake a review of how the breach occurred and enhancement to security measures to protect personal information, necessitated by such an event.
Access to Personal Information and Data Quality
Communities@Work shall provide individuals with access to personal and sensitive information it holds about them on request. If an individual requires access to, or wishes to correct, personal or sensitive information about them, they should contact the Communities@Work Central Office at firstname.lastname@example.org or write to:
Tuggeranong Community &Function Centre
245 Cowlishaw Street
GREENWAY ACT 2900
If an individual has a concern or complaint about the privacy of their personal or sensitive information held by Communities@Work, they should click here or write to the above mentioned address.
Communities@Work takes all complaints seriously and shall ensure they are addressed by an authorised Communities@Work employee as soon as reasonably practical.
To ensure that the contents of this policy remain current and in alignment with relevant legislations, codes, standards and best practice, it shall undergo periodic review. If this policy is modified as a result of a change to our operational environment, revised versions of this policy will be made available on our website and intranet.
Policy reference ORG-QMS-POL-095 Effective Date 22 FEB 2018