:: Henselite - Privacy Statement
 
 

PRIVACY POLICY – Relevant to Clients and Suppliers

From December 2001 Federal legislation imposed privacy obligations on the private sector.  Our Organisation is committed to best practice in complying with these changes.  The new laws deal with the collection, use, disclosure and storage of "personal information”.  [Special requirements apply to "sensitive information”, (including health information). The only situation where Henselite is likely to hold any “Sensitive” information, according to the legislation definition, will possibly be in employee records.]

Personal information is information or an opinion, whether true or not and whether recorded or not, about an individual whose identity is apparent, or can be reasonably ascertained from that information or opinion.  Examples of personal information include name, date of birth, address, phone number, Email address, marital status, physical appearance etc.  [Whether a person's identity is reasonably ascertainable will depend on the context and who holds the information.]

Sensitive information is afforded a higher level of protection than other personal information.  Sensitive information includes information about an individual's racial or ethnic origin, political opinions, membership of political associations, religious beliefs or affiliations, philosophical beliefs, membership of a profession, trade or trade union, sexual preferences or practices, criminal record and health information.  [The only likely records of this type held by the company are where a criminal record or health problems are admitted on applications for employment, and membership of Professional and Union bodies. Union membership is no longer recorded, however records will still exist for members who have previously had Union membership deductions withdrawn from their pay. This information is required to be kept for statutory record keeping purposes and proof of payments made.]

Correction of personal information May be achieved by forwarding correct details to the company Privacy Officer. (Currently: Mr. N. S. Boreham CPA) (Refer section E below.)

Examples:           

Collection can include where an organisation tracks an individual's activity on the internet using a cookie or web bug, a mobile phone company tracks the location of a mobile phone owner or an organisation records phone numbers of callers or calls made.

Note: The Company does not employ the use of “Cookies” or tracking devices of any other kind.

Table of Contents

A. 

Collection of Personal Information

 

B.

Collection of Sensitive Information

 

C.

Use and Disclosure of Personal Information

 
D.

Storage and Data Quality of Personal Information

 
E.

Procedures for access or correction

 
F.

Charge for Access to information

A.      Collection of Personal Information

  1. Personal information is only collected on a “Need to Know” basis for record keeping purposes to comply with statutory and Australian Taxation Office requirements, to maintain records for the normal operation of the business and for Warranty and Guarantee purposes.
     
  2. All forms for collection of personal information advise of the privacy implications of the collection of the data and refer to this policy.

B.      Collection of Sensitive Information

  1. Sensitive information is only collected on a “Need to Know” basis for record keeping purposes to comply with statutory requirements and account receipt and payment purposes.

  1. All forms for collection of sensitive information advise of the privacy implications of the collection of the data and refer to this policy.

C.       Use and Disclosure of Personal Information  

  1. The Organisation uses information collected only in ways that correspond to the primary purpose for collection, except as noted in 2. below.
     

  2. The only secondary usage of information is via Product Guarantee or Warranty Cards. However this data is collected using an “Opt Out” clause, for receipt of information and newsletters. All respondents who have not “Opted Out” will be provided the opportunity to do so should the database be used for information supply or database marketing purposes. This information is treated as being collected for a purpose that an individual might reasonably expect.

  3. The organisation only uses its own identifiers. No data is kept that may be retrieved via use of any identifier assigned by government or other agencies or organisations. (NPP 7)
     
  4. We do not give personal or sensitive information to people outside of our group companies, except as required by law to government departments. (NPP 4 & NPP 5)
     
  5. The company Privacy Officer is the only person who is authorised to release personal or sensitive information held by the company. All requests must be forwarded to him/her in writing. (Refer Section E below.)
      
  6. We do not send personal or sensitive information to any overseas country. (NPP 9)

D.       Storage and Data Quality of Personal Information

  1. Information is variously stored:

  1. i.    electronically on stand-alone personal computers,

    2. ii.   on a network system, and

    iii.  on paper in document storage devices.
     

  2. For usage reasons the information cannot readily be de-identified in the process of storage.
     

  3. Only Employees and staff have access to “personal” and “sensitive” information and only on a “Need to Know” basis, all are trained in the requirements of the Privacy Legislation and information is only released by the Privacy Officer in the required format. (NPP 4 & NPP 5)
     

  4. The Privacy officer is responsible for storage and security of the information. This is done in conjunction with the Systems Administrator for electronic storage and access. (NPP 4)
     

  5. Electronically stored information is password accessed in the computer system(s) and printed files are kept in locked cupboards and locked file storage devices. (NPP 4)
     

  6. Files are updated as new information is received. Data is stored for the statutory period as required by the Australian Taxation Office and the Corporations Law.
     

  7. Staff Training has been implemented for compliance with the legislation and new staff will be trained in privacy policy according to their job requirements within 48 hours of joining the company. (NPP 4)

E.       Procedures for access or correction   

  1. (i)  All enquiries regarding access to personal information will be directed to the privacy officer who will require requests to be made in writing, stating who wants access to the information, the specific nature of the information, and the authority that they have to gain access to the information. All requests must include the name of the person, organisation (if appropriate), and contact address, telephone & fax numbers and Email address of the person or organisation requesting the information. (NPP 4 & NPP 5)

(ii)  The privacy officer will respond in writing within ten working days of receipt of the request and  will only release information lawfully requested that the person requesting is entitled to have access to. 

  1. A decision to release or deny access to certain information must be made within 10 working days of receipt of the request by the Privacy Officer.
     

  2. No personal information will be available for access on line by outside parties.
     

  3. Commercially sensitive issues will be referred to the Managing Director for authorisation to release. No such information will be released without his/her consent.
     

  4. (i)  An individual who has found that personal information held by the company is incorrect may make a request to correct the information in writing stating the nature of the inaccuracy, and possible reason or explanation for the inaccuracy, in addition to all of the requirements included in E 1. (i) above. (NPP 3)

(ii)  The Privacy Officer will evaluate all information received in relation to the information held and will decide within ten working days whether to change the information or leave it as is.  (NPP

(iii)  The decision to change or leave information as is will be provided to the person requesting the change within ten working days of the decision being made. (NPP 5)

ccc6. Should a request for information be refused and the requesting party wants redress, the complaint will need to be addressed to the Privacy Commissioner.

F.       Charge for access to information

  1. (i)  For information that is complex or time consuming to supply a nominal charge of $45.00 per hour will be applied.

    (ii)  No charge will be made for time spent that is less than 10 minutes from the outset of the process of recovery of the information. 
 

(iii)  Once the 10 minutes minimum time block is breached time will be charged from the outset in a minimum of half hour blocks.

(iv)  Multiple requests made by the same person or organisation in any month will be aggregated and charges applied accordingly.

  
Copyright © 2008 Henselite (Australia) Pty. Ltd. All rights reserved
Privacy Statement