CyberSafe International Privacy Policy

CyberSafe International is committed to maintaining the Privacy of personal information collected as part of the services it offers. CyberSafe International places great importance on protecting the Privacy of all stakeholders including employees, clients and customers. This Policy sets out how we will comply with our obligations under the Privacy Act 1988 (Cth) (act). CyberSafe International is bound by the Australian Privacy principles (apps), which regulate how we may collect, use, disclose and hold your personal information, and how you may access and correct such personal information. CyberSafe International will ensure that all of its officers, employees and subcontractors understand CyberSafe International’s and their own obligations under the act and are provided with training to enable them to fulfil these obligations. CyberSafe International will also fulfil these obligations by maintaining internal policies and procedures which prevent personal information being collected, held, shared, accessed or disposed of improperly.

Purpose

This Policy is intended to:

  • Provide you with a better understanding of the kinds of personal information that we collect and hold;
  • Communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us;
  • Inform you about the purposes for which we collect, hold, use and disclose personal information;
  • Provide you with information about how you may access your personal information, and seek correction of your personal information;
  • Provide you with information about how you may access your personal information, and seek correction of your personal information;
  • Provide you with information about how you may make a complaint, and how we will deal with any such complaint; and
  • Advise you of the circumstances in which we are likely to disclose your personal information to overseas recipients.

Scope

This Policy applies to all CyberSafe International employees and contracted staff (permanent, temporary and casual) employed by CyberSafe International. The Policy does not form part of any contract of employment with CyberSafe International. Nor does it form part of any contract for service with CyberSafe International.

Principles

CyberSafe International has aligned its Privacy Policy to the Australian Privacy Principles.

Risk Management

CyberSafe International is committed to effectively managing risks through compliance with legislation, alignment with best practice and through a practical approach that carefully plans for and prioritises risks and balances the costs and benefits of action.

What is personal information?

This Policy is intended to:

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. It includes your name, date of birth, age, gender and contact details as well as health information (which is also sensitive information). In this Privacy Policy, a reference to personal information includes sensitive / health information.

Collection of personal information

This Policy is intended to:

  • Provide you with a better understanding of the kinds of personal information that we collect and hold;
  • Communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us;
  • Inform you about the purposes for which we collect, hold, use and disclose personal information;
  • Provide you with information about how you may access your personal information, and seek correction of your personal information;
  • Provide you with information about how you may access your personal information, and seek correction of your personal information;
  • Provide you with information about how you may make a complaint, and how we will deal with any such complaint; and
  • Advise you of the circumstances in which we are likely to disclose your personal information to overseas recipients.

We may collect your information from you in a variety of ways including but not limited to face-to-face, over the telephone, through an on-line form or portal, through a paper form or by email or through relevant third party sources.

Why do we collect, use and store your personal information?

We collect, use and store your personal information to provide you with services including:

  • Recruitment / employment services
  • Employee management
  • Financial information (e.g. Bank account details);
  • IT Support

Our services, products and activities may change from time to time.

Protecting and storing your personal information

We are committed to keeping personal information secure and safe. Some of the ways we do this are:

  • Requiring employees and contractors to enter into confidentiality agreements and to agree not to store information outside CyberSafe International systems including not storing information on USB devices or locally on laptops and outside CyberSafe International approved locations
  • Security measures for access to computer systems
  • Password protected data storage devices such as servers, desktops, laptops, tablets and smart phones
  • Providing a discreet environment for confidential discussions
  • Access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended
  • Security measures for our website

Although we take all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss of, misuse of or unauthorised access to such information. CyberSafe International will not be held responsible for such actions.

Who will we disclose your personal information to?

We will only use and disclose personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of our services or activities. Like many other businesses in Australia, CyberSafe International contracts out some of its functions and relies on third party suppliers or contractors to provide specialised services such as “cloud computing” technology and data storage services, legal advice, insurance broking, security services, and financial services. If personal information is provided to these suppliers and contractors in order to enable them to perform the agreed tasks, we will take reasonable measures to ensure that the supplier or contractor handles the personal information in accordance with the act and the apps.

We will not disclose your personal information to government agencies, private sector organisations or any third parties unless one of the following applies:

  • You have consented
  • We believe that you would reasonably expect that information of that kind may be passed to those individuals, bodies or agencies
  • It is required or authorised by law
  • It is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g. ASIC, ATO, Police)

Accuracy of personal information

We will take reasonable steps to ensure that personal information we collect, use or disclose is accurate and up-to-date. Please contact CyberSafe International’s Privacy Officer (details below) if you are aware of any personal information that does not meet this objective. If we are aware that we hold personal information that (having regard to the purpose for which it was collected) is out of date or incomplete we will take reasonable steps to correct that information. You may seek access to, and correction of, personal information held by us in accordance with the section below “how can I access my personal information and contact CyberSafe International?”

Will my personal information be transferred overseas?

We may transfer personal information to people in overseas countries in order to perform one or more of our services or activities. In these circumstances, we will take reasonable steps to ensure that the overseas recipient does not breach the apps in relation to the information.

How can I access my personal information and contact CyberSafe International?

CyberSafe International Privacy Officer – 15/162 Colin Street West Perth WA 6005 [email protected] +61 8 6559 4799

Under the act, we may refuse to grant access to personal information if:

  • We believe that granting access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
  • Granting access would have an unreasonable impact upon the privacy of other individuals
  • Denial of access is required or authorised by law or by a court or tribunal order
  • Giving access would be unlawful
  • The request for access is frivolous or vexatious
  • Legal proceedings are underway or anticipated and the information would not be accessible by way of the discovery process in those proceedings
  • Giving access would reveal the intentions of CyberSafe International in relation to negotiations between CyberSafe International and you in such a way as to prejudice those negotiations
  • Giving access is likely to prejudice enforcement related activities conducted by, or on behalf of, an enforcement body
  • Giving access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to CyberSafe International’s services or activities
  • Giving access would reveal information in connection with a commercially sensitive decision making process

If we do not agree to provide access to personal information or to correct the personal information, we will provide you with written reasons for the refusal and the mechanisms available to complain about the refusal.

How do we handle complaints?

If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to CyberSafe International. All complaints are to be in writing and directed to the Privacy Officer using the contact details below. CyberSafe International’s Privacy Officer will investigate the complaint and attempt to resolve it within 1 calendar month after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.

Roles and Responsibilities

  • All CyberSafe International officers, employees and sub-contractors are aware of their responsibility to comply with the Act
  • CyberSafe International will ensure that all employees and sub-contractors required to manage personal information are appropriately trained
  • CyberSafe International will conduct reviews to ensure that personal information is managed correctly
  • Breaches of policy or personal information management processes will be dealt with appropriately
  • CyberSafe International will provide appropriate assistance to individuals and relevant third parties to make enquiries regarding personal information management
  • Personal information will be retained according to the requirements of the Act

Monitoring and Training

Compliance with this Privacy Policy is subject to internal and regulatory audit. CyberSafe International will comply with all reporting requirements of the act as they exist from time to time. All staff will receive training with regard to Privacy and the application of this Privacy Policy as part of their induction.