Objective
This Privacy Policy outlines the personal information handling practices of Bowen Gumlu Growers Association (the association). The association respects the personal privacy of its committee members, clients, visitors, employees, position applicants, suppliers, providers and all business contacts. This policy provides all who have dealings with the association, with a clear outline of how and why information, including personal information that is sourced from third parties, is collected, stored and used by the association.
Scope
This Policy outlines the way the association and all employees of the association will handle personal information. This policy is in accordance with The Privacy Act of 1988. This Policy should be read in conjunction with any other policy in terms of security of personal or business information.
Application
The committee members, management and staff of the association have the responsibility of applying this policy in all circumstances. The CEO or nominated delegate has a responsibility to bring to the attention of the committee/management, issues pertaining to the application of this policy in respect of the association’s business activities. This policy applies to all committee members, clients, visitors, officers and employees (collectively referenced as a business contact) and applicants/candidates for vacant positions with the association.
GENERAL MATTERS
Business Contact
The use and retention of information collected from a business contact will be dealt with as follows:
- Employment applications (unsuccessful) will be retained for a period of six months;
- Employment applications (successful) will be retained in the employee’s personal file, for the period of employment, and for an additional period of five years;
- Members information will be collected and retained only for the purposes of the association carrying out its normal business activities including providing information and services to its stakeholders, clients and partners;
- Client and partner information will be collected and retained only for the purposes of the association carrying out its normal business activities including providing information and services to its stakeholders and clients; and
- Business contacts should note that providing information about a third party (e.g. from a referee or credit reference), is undertaken with the agreement that business clients will inform the third party that the association will be provided with their information, that their information will be used in accordance with this policy and that the third party can gain access to their own information collected by the association.
In addition to the above, information collected from a business contact may be used for administrative functions such as accounting, risk management, record keeping, archiving, systems maintenance or staff training.
Use and disclosure of personal information
Personal and sensitive information (as defined under the Act), is treated with the utmost security and confidentiality. the association will ensure that it is not collected for any purposes other than outlined in this Policy, unless the law requires otherwise, or other exceptional circumstances prevail as described under the Act;
- Information will be available for viewing by members, employees and other permitted stakeholders who pay to access the association’s files and information;
- The association will also endeavour to advise individuals of the specific third parties to whom the information is being disclosed;
- The association aims to protect the personal information that it collects. Personal information will be managed confidentially and securely. Any confidential information which the association holds is stored in secure file storage in its office premises, or in electronic file storage on its internal computerised system. the association will monitor and implement appropriate technical advances or management processes to safeguard personal and confidential information;
- The association will take all reasonable steps to ensure that the data collected, used or disclosed is accurate, complete and up to date, and has been obtained directly from individuals or other reputable sources;
- All members, officers and employees of the association who provide services related to its information systems are obliged to respect the confidentiality of any personal and confidential information held by the association;
- The association cannot take any responsibility for member’s, client’s and third-party stakeholders’ compliance with Australian federal privacy policy regarding their own information handling practices.
Use and disclosure of personal information – business contacts
Unless a business contact has advised the association otherwise, personal or business information provided by a business contact will not be used for any other purpose other than that for which it was provided;
- In particular, the association will not sell, rent, or trade a business contact’s personal information, or disclose information about a business contact unless the disclosure is:
- required by law (e.g. the Australian Tax Office);
- is authorised by law (e.g. to protect business interests or where the association has a duty to make such disclosure); or
- approved by a business contact by way of consent.
The association may contract out certain aspects of their work for a client/customer, to another provider. In that circumstance, the sub-contracting entity may be provided with information about the association’s member/client/customer, sufficient for the sub-contractor to carry out their normal business or service activity in providing the member/client/customer with the association’s products and services. Subcontractors or other entities who are provided with information in this situation, may only use the information to the extent necessary to provide the services the association requires.
Quality of information
The association will use its best endeavours to keep business contact information as up to date as possible, however the association relies on the cooperation business contacts to advise of the material change of any information to what has been originally provided.
Security of information
The association undertakes to keep secure all personal or business information about business contacts and will take precautions to protect that information against loss, misuse or alteration.
Access to information
The association will provide business contacts with access to their own information, in a timely manner and upon receipt of a verified request for that information.
Complaints
Should any business contact be unhappy about the way the association dealt with their personal information, such complaint should be addressed to the association in writing. The association will respond to any complaints, in writing, as soon as possible but no later than thirty days from date of receipt of the complaint. Should the complaint not be dealt with in a satisfactory manner, further advice is obtainable from The Office of the Australian Information Commission (www.oaic.gov.au).
