Privacy Policy

1. Policy Statement
Your privacy is important to us. This policy states our personal information handling practices, and at a minimum complies with any applicable legislation.
The Commonwealth government, and some State governments, have extended privacy legislation to the private sector. This legislation is generally limited to organisations with an annual turn over of over $3 million, those that trade in personal information, those that handle sensitive health information, or who have government contracts.

2. Definitions
Personal information is defined as information recorded in any form, which identifies a person or describes them in a way that their identity can be determined. This includes paper and electronic records, photographs, video recordings etc and includes both facts and opinion, if it is about an identifiable person.
Health information is defined as including information or opinion about a person’s physical, mental or psychological health or disability that is also classified as personal information.
This includes information or opinion about a person’s health status, medical history, fitness levels and vital statistics, such as weight and height.
Sensitive information is defined as information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also classified as personal information about an individual.
In this policy we refer to personal information as including health information and sensitive information, unless we specify otherwise.

3. Procedures
3.1 Distribution of this policy
This policy will be:

• displayed at our offices,
• made available on request to anyone who asks for it,
• provided to all employees and anyone who handles personal information for the company.

3.2 Type of personal and health information to be collected
We will only collect the information we need, and for which we have a purpose that is legitimate and related to one of our functions or obligations.
The type of information we collect and hold includes (but is not limited to) personal information regarding the name, personal address and delivery address of our customers, and

• Job applicants, employees, and contractors (the information is collected in order to manage the relationship and fulfill our legal obligations),
• Contact details of other parties with which we deal. We will collect information on the following identifiers;
• Tax File Number for all employees related to the deduction and forwarding of tax to the Australian Tax Office. Failure to provide this would result in maximum tax being deducted.

Personal information provided by individuals. We will generally collect personal information about an individual by way of forms filled out by customers or job applicants, face to face interviews and telephone calls.

3.3 Notification of individuals of personal or health information collected?
Persons about whom we hold personal information have a right to request access to the information.
Access will be granted in accordance with the relevant legislation. Please note that the legislation allows us to deny access, in accordance with the limited reasons for denial that are contained in the legislation.

3.4 Use of personal information
We will use the personal information we collect for the primary purpose of collection. We may also use the information for such secondary purposes that are related to the primary purpose of collection and can be reasonably expected, or to which the individual concerned has consented.
The personal information collected in relation to:

• customers
• Job applicants, employees, contractors,

will be used as set out below:

3.5 Disclosure of personal information, including health information?
We may disclose some personal information held about an individual to:

• government departments or agencies as part of our legal obligations;
• organisations providing services related to staff entitlements and employment;
• insurance providers in relation to specific claims;
• law enforcement agencies;
• anyone to whom the individual authorises us to disclose information.

3.6 Treatment of sensitive information.
Sensitive information will be used and disclosed only for the purpose for which it was collected or a directly related secondary purpose, unless the individual agrees otherwise, or the use or disclosure of the sensitive information is allowed by law.

3.7 Management and security of information
In order to protect the personal information from misuse, loss, unauthorised access, modification or disclosure, the Committee and staff will ensure that in relation to personal information:

• access will be limited to staff who require this information in order to do their jobs;
• it will not be left in areas that allow for unauthorised access;
• the physical storage of all materials will be in a secure cabinet or area;
• computerised records containing health information will require password access;
• there is security in transmission:
  • emails will only be sent to a person authorised to receive this material;
  • faxes will only be sent to a secure fax, which does not allow
    unauthorised access;
  • telephone – only limited personal information will be provided over the telephone to persons authorised to receive that information;
• transfer of information interstate and overseas will only occur with the permission of the person concerned.

3.8 Data quality
We will endeavour to ensure that the personal information we hold is accurate, complete, up to date and relevant to our functions or activities.

3.9 Access to information and updating personal information
Individuals have the right to ask for access to personal information we hold about them without providing a reason for requesting access.
Under the privacy legislation, an individual has the right to:

• ask for access to personal information that we hold about them;
• to access this information; and
• to make corrections if they consider the data is not accurate, complete or upto date.

There are some exceptions set out in the Acts where access may be denied in part or in total. An example of some of the exemptions are where:

• the request is frivolous or vexatious;
• providing access would have an unreasonable impact on the privacy of other individuals;
• providing access would pose a serious threat to the life or health of any person; or
• we are involved in the detection, investigation or remedying of serious improper conduct and providing access would prejudice that.
  

Process for considering access requests
A person may seek access, to view or update their personal/health information by contacting the Office Manager, Wineot Pty Ltd.
Personal information may be accessed in the following way:

• view and inspect information;
• take notes;
• obtain a copy.

Requests for access or to update personal information should nominate the type of access required, and specifying where possible, what information they seek. No reason is required in relation to why the request is made. The person seeking information, if the employee does not know them, must provide a visible form of identification.
The employee receiving the request will record the request and the date received.
Each request will be acknowledged within 14 days, but preferably within 2 working days. Requests will be complied with within 30 days. However there could be a delay in responding if the timeline occurs over a period when we are not open for business.
Employees will provide access in line with the relevant Privacy Acts. If the requested information is not given, the reasons for denied access will be given in writing to the person requesting the information.
In accordance with the legislation we reserve the right to charge for information provided, in order to cover the costs involved in providing the information.

3.10 Anonymity
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with us.

3.11 Disposal of information
We will not store personal information longer than necessary.
In disposing of personal information we will ensure that it is either shredded or destroyed in such a way that no one can access the information.

4. Key Responsibilities and Authorities
Management is responsible for ensuring the overall responsibility for the implementation of this policy.
Both Management and employees are responsible for the collection, use, disclosure, access, storage and disposal of information in line with this policy and the Privacy Principles.

Appendix 1:
Privacy Policy - Collection Statement

We believe your privacy is important.
We have put in place a Privacy Policy which illustrates how we will collect, use, disclose, manage and transfer personal information including health information. This policy is available on request.
Our company may be, in some of its activities, bound by privacy legislation.
Purpose for which information is collected.
The reasons for which we generally collect personal information are:

You should be aware that under relevant privacy legislation, other uses and disclosures of personal information are permitted, as set out in that legislation.

Disclosure of personal information, including health information.
We may disclose some personal information, including health information, held about an individual to:

• Government departments or agencies as part of our legal obligations;
• Organisations providing services related to employee entitlements and employment;
• Anyone to whom the individual authorises us to disclose information.

Access to information.
Individuals on whom we hold personal or health information are able to gain access to this information in accordance with applicable legislation. The procedure for doing this is set out in our Privacy Policy, which is available on request.
For information on the Privacy Policy please contact the Office Manager, Wineot Pty Ltd.