It is the policy of this company to operate our business in a manner that consistently meets or exceeds the legal rights of persons in regard to the privacy and confidentiality of information relating to them by ensuring compliance with the provisions of relevant privacy legislation.
AIMS AND OBJECTIVES
As an organisation, we will ensure that only such information as is necessary for employment and business purposes is collected and that this information will only be accessible by persons who are specifically authorised to access the information.
We acknowledge that the privacy principles are designed to protect the rights of the individual, yet still allow access by particular authorities in specific circumstances and for specific purposes. To meet our obligation to comply with these principles under privacy laws, we will ensure that these principles are adhered to by management of the organisation and all of our employees and agents.
We will ensure that we comply with these principles in regard to -
- The necessity of personal information to be collected, and the means of collection of this information
- The use or disclosure of personal information about an individual
- Ensuring that information held is accurate, complete, and up to date
- The protection of information from misuse, loss and unauthorised access, modification or disclosure
- The way in which personal information is managed, including the right of individuals to know what type of personal information relating to them is collected, held, used or disclosed
- Allowing individuals reasonable access to information held about them to the extent allowed by law
- The identification of individuals
- The right of individuals to anonymity when entering into transactions where lawful and practicable
- The transfer of personal information to persons in a foreign country except where allowed by law, and
- The collection of sensitive information without consent or legal authority.
Workers and employees (including line management) must ensure that they do not infringe any privacy principles in the conduct of their roles and functions, and that any breach (or suspected breach) of privacy principles are reported to enable the company to comply with its legal obligations under privacy laws.