APM is strongly committed to ensuring that it collects and uses information provided to us in accordance with privacy laws. APM places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders. The Australian Privacy Principles, which were established by the Privacy Act 1988, apply to APM.
Serendipity (WA) Pty Ltd trading as APM (Advanced Personnel Management) and its related companies is strongly committed to maintaining the privacy of personal information it collects as part of the services it offers. APM places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders.
This policy relates to personal information collected through the course of APM’s business or by any other means and assumes that the information is acquired from an Australian resident.
The purpose of this policy is to:
This policy sets out how APM will comply with its obligations under the Privacy Act 1988 (Cth) (Act). APM is bound by the Australian Privacy Principles, which regulate how APM may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.
APM will ensure that all officers, employees and sub-contractors are aware of and understand APM's obligations and their own obligations under the Act and are provided with training to enable them to fulfil these obligations.
APM will also achieve this through maintaining internal policies and processes to prevent personal information being collected, retained, shared/exchanged, accessed or disposed of improperly.
For the purpose of this policy, the following terms will have the following meanings, as attributed to them by Section 6 of the Act:
Health information means:
(a) Information or an opinion about:
(i) The health or disability (at any time) of an individual; or
(ii) An individual's expressed wishes about the future provision of health services to him or her; or
(iii) A health service provided, or to be provided, to an individual that is also personal information; or
(b) Other personal information collected to provide, or in providing, a health service; or
(c) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information means:
(a) Information or an opinion about an individual's:
(i) Racial or ethnic origin; or
(ii) Political opinions; or
(iii) Membership of a political association; or
(iv) Religious beliefs or affiliations; or
(v) Philosophical beliefs; or
(vi) Membership of a professional or trade association; or
(vii) Membership of a trade union; or
(viii) Sexual orientation or practices; or
(ix) Criminal record; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) Biometric templates
This policy applies to all APM officers, employees and sub-contractors.
For clarity, throughout this policy, where there is reference to the "individual", it is taken to include that individual's duly appointed authorised representative (where appropriate).
Personal information collected by APM will usually fall into one of the following categories:
Sensitive information collected by APM will usually fall into one of the following categories:
Where practicable, APM collects personal information directly from the individual. However, due to the nature of APM's business, i.e. we work with third-party intermediaries, e.g. insurance companies, employers, etc, personal information is provided to APM by these intermediaries. The third party intermediary collecting and exchanging the information has an obligation to ensure that the individual, about whom information is being exchanged with APM, has consented to the collection and provision of such information. Only in circumstances where "sensitive information" has been provided to APM by the third party intermediary will APM be required to seek direct consent from the individual to retain or use this information.
Sometimes APM will collect personal information from a third party or a publicly available source if it is unreasonable or impracticable to collect the personal information directly from the individual (e.g. checking a candidate's work history).
APM does not collect personal information unless it is reasonably necessary for, or directly related to, one or more of APM's functions or activities.
Where personal information is sensitive information, APM will only collect that information where:
If APM receives personal information that it did not solicit from an individual and if APM determines that it could not have lawfully collected that information as part of its functions or activities, then APM will (if it is lawful and reasonable) destroy the information or ensure that its contents cannot be identified.
An individual may choose to deal with APM anonymously or under a pseudonym where lawful and practical. Where anonymity or the use of a pseudonym will render APM unable to provide the relevant service or reasonably conduct business, APM may request that the individual identify himself or herself.
For example, it would not be practical to deal with an individual anonymously if APM is providing assistance in securing paid employment for or providing rehabilitative services to the individual.
APM will only use and disclose personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of APM's functions or activities.
APM will not disclose personal information about an individual to government agencies, private sector organisations or any third parties unless one of the following applies:
Personal information provided to APM may be shared with its related companies. APM will take all reasonable and practical measures to keep such information strictly confidential.
The collection by and use of personal information by third parties may be subject to separate privacy policies and/or the laws of other jurisdictions.
APM may transfer personal information to overseas countries including, but not limited to, the UK and New Zealand in order to perform one or more of APM's functions or activities. In these circumstances, APM will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Like many other businesses in Australia, APM contracts out some of its functions and relies on third-party suppliers or contractors to provide specialised services such as employment services, cloud computing technology and data storage services, legal advice, insurance broking, security services and financial services. If personal information is provided to these suppliers and contractors in order to enable them to perform the agreed tasks, APM will take reasonable measures to ensure that the supplier or contractor handles the personal information in accordance with the Act and the Australian Privacy Principles.
APM will also require all suppliers and contractors to provide privacy undertakings and enter confidentiality agreements where suppliers and contractors may have access to personal information.
APM will take active steps to ensure that all transfers of personal information to a third party and use of such information by a third party is secure and compliant with the Act. For example, all out going email transmissions from APM are SSL encrypted. However, APM will not be held responsible for the theft of data by a third party, or the consequences resulting from the loss of data where that loss is associated with technical malfunction, computer viruses, third-party interference or any action or event that is beyond the reasonable control of APM.
APM will ensure that all personal information it collects, uses or discloses is accurate, complete and up-to-date. Please contact APM's Privacy Officer (contact information below) if you are aware of any personal information that does not meet this objective.
If APM is aware that it holds personal information that (having regard to the purpose for which it was collected) is inaccurate, out of date, incomplete, or irrelevant, it will take reasonable steps to correct that information.
An individual may also seek access to, and correction of, personal information held by APM in accordance with the "Access to Personal Information" procedures, set out below.
APM is committed to keeping personal information secure and safe. Security measures are in place to protect information from unauthorised access, modification or disclosure and loss, misuse and interference. APM will review and update these measures from time to time to ensure security is maintained. In addition, personal information and sensitive information held by APM will be destroyed or have identification removed when it is no longer needed for a purpose for which it was initially collected.
Personal information may be stored in documentary form, but will generally be stored electronically on APM's software or systems.
APM maintains physical security over its documentary and electronic data stores by using locks and security systems. Although APM takes all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss of, misuse of or unauthorised access to such information. APM will not be held responsible for such actions where the security of the personal information is not within APM’s control or APM cannot reasonably prevent such an incident.
APM is committed to keeping personal information secure and safe. Some of the ways we do this are:
An individual may request access to personal information that APM holds about them.
The procedure for requesting and obtaining access is:
Under the Act, APM may refuse to grant access to personal information if:
If APM does not agree to make a correction to personal information, the party making the request may provide a statement about the requested corrections and APM will ensure that the statement is apparent to any users of the relevant personal information.
If APM does not agree to provide access to personal information or to correct the personal information, APM will provide the party making the request with written reasons for the refusal and the mechanisms available to complain about the refusal.
APM has a designated Privacy Officer who is responsible for the management of:
For information regarding privacy, contact details for APM's Privacy Officer are:
Level 9, 87 Wickham Terrace
Spring Hill QLD 4000
07 3055 5500
If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to APM.
All complaints are to be in writing and directed to the Privacy Officer. A Privacy Complaint Form can be completed. APM will acknowledge receipt of a written complaint within two business days.
APM's Privacy Officer will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this time-frame is not achievable, APM will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.
If an individual considers that APM has not adequately dealt with a complaint, he or she may complain to the Privacy Commissioner:
Officer of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
Australian Privacy Principles - Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth)
Refer to Privacy Fact Sheet 17 for further details on the 13 Australian Privacy Principles.
This policy is to be reviewed as follows: