Part 1: INTRODUCTION
This Part 1 sets out the general background of privacy laws and their application to the operation of Careerbuilders Pty Ltd (ACN 108 151 122) (“Careerbuilders”).
1. Purpose of Policy
This policy sets out the practices to be followed by all persons performing work within Careerbuilders for appropriate collection, holding, use, correction, disclosure and transfer of “personal” or “sensitive” information. This policy must be read and followed by all staff employed by or performing services within Careerbuilders.
2. What is “personal” and “sensitive” information?
These terms are defined in the Privacy Amendment (Private Sector) Act 2000 (“Privacy Act”).
“Personal Information” is defined broadly to mean any information or opinions about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Personal information includes a person’s name, address, phone number, email address and other information or opinion that identifies or may identify that person.
“Sensitive Information” means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin
(ii) political opinions
(iii) membership of a political association
(iv) religious beliefs or affiliations
(v) philosophical beliefs
(vi) membership of a trade union
(vii) sexual preferences or practices
(viii) criminal record;
that is also personal information; or
(b) health information about an individual.
3. What are the National Privacy Principles?
These are principles, set out in Schedule 3 to the Privacy Act, which govern how companies, organisations and businesses must deal with “personal” and “sensitive” information. These principles apply from 21 December 2001, and apply to not only to information recorded on paper or in intranet systems, but also to information collected and applied through the internet or transmitted electronically by email.
NPP 1 – Collection
Personal information may only be collected if it is necessary for a function or activity of an organisation, whether collected from the individual themselves or from a third party. Organisations collecting personal information need to make sure the person giving personal information is aware of the identity of the organisation, the purpose for which the personal information is collected, how they can access the personal information and any third parties to whom the personal information may be disclosed.
NPP2 – Use and Disclosure
Organisations may not use or disclose personal information collected in accordance with NPP1 other than for the main purpose for which it was collected, unless : the other purpose for which such personal information is used or disclosed is related to the main purpose; or the individual has consented to the use or disclosure of the personal information for that other purpose. Therefore, as an example of the application of this NPP, such personal information may be used for direct marketing only in certain circumstances.
NPP3 – Data Quality
An organisation needs to take “reasonable steps” to ensure that the personal information it collects uses or discloses is accurate, complete and up to date.
NPP4 – Data Security
Organisations must take “reasonable steps” to protect personal information from misuse and loss and from unauthorised access, modification or disclosure.
NPP5 – Openness
Organisations must adopt, maintain and record publicly expressed policies on how they will manage personal information, and make that policy available to anyone who asks for it (hence the existence of this Policy document).
NPP6 – Access and Correction
Organisations holding personal information about an individual need to provide that person with access to the personal information on request (subject to a few limited exceptions).
NPP7 – Identifiers
An organisation must not adopt as its own identifier any identifier of an individual which has been assigned by an agency or a contracted service provider for a Commonwealth Agency. We note that ABN’s do not fall within this NPP so an ABN number may be used as an identifier without breach of the principles.
NPP8 – Anonymity
Wherever lawful and practicable, individuals must be given the option of not identifying themselves when entering into transactions with an organisation.
NPP9 – Transborder Dataflows
An organisation in Australia may only transfer personal information about an individual to someone in a foreign country if they meet one of the specific conditions set out in the principle – certain limits are placed on these actions.
NPP10 – Sensitive Information
Sensitive information must only be collected if some of the narrow conditions set out in the Act apply, such as : the individual consenting to the collection; or the collection being required by law; or the collection being necessary to prevent or lessen a serious and imminent threat to the life or health of an individual.
PART 2: POLICY
4. Privacy Officer
A Privacy Officer will be appointed by Careerbuilders from time to time to oversee the practices set out in this Policy.
5. Collection of Personal information
Careerbuilders collects information from several sources. Careerbuilders collects information on individual clients and on employees.
Careerbuilders’ client records and applicant records will often include limited information about individuals. Our records about these individuals will generally include name, contact details, financial information and information about their interest in our products and services.
We also hold information about our employees. This information is generally limited to normal human resources information such as job applicant details, pay and superannuation records and other internal administrative information.
Careerbuilders also sometimes collects personal information from other organisations. In particular, Careerbuilders often obtains information about applicants so as to enable assess eligibility of applicants for assignments it receives from clients.
6. Use and Disclosure of Information
Personal information collected from individuals or from other third parties about individuals, should only be used or disclosed for the express purpose for which it was collected or a purpose directly related to that purpose in respect of which the individual may reasonably expect the personal information to be used.
If an employee or agent of Careerbuilders is in doubt as to whether the intended use of personal information falls within the above permitted scope, the express consent of the individual concerned must be obtained.
In the event that an employee or agent of Careerbuilders considers that disclosure of the personal information is warranted as falling within one of the following circumstances:
(a) to lessen or prevent a serious and imminent threat to an individual’s life, health or safety, or a serious threat to public health or public safety;
(b) he or she has reason to suspect that unlawful activity is or may be engaged in;
(c) the disclosure is warranted by law;
(d) the disclosure is reasonably necessary for the prevention, detection, investigation, prosecution or punishment of breaches of the law, or for the protection of public revenue, by an enforcement body;
the Privacy Officer should be contacted immediately, before disclosure of the relevant personal information. In the event that the Privacy Officer is satisfied that such personal information should be disclosed, the Privacy Officer shall make the relevant disclosure and must keep detailed written notes of the circumstances of the disclosure.
7. Marketing Communications
Like most businesses, marketing is important to Careerbuilders’s continued success. We believe we have a range of products and services that we provide to clients at a high standard. It is a priority for us to inform people about how we can help them. We therefore like to stay in touch with clients and let them know about new products and services, as well as using contact lists to promote these products and services.
When a client or prospective client provides personal information to a member of the Careerbuilders, we may ask the client to choose as to whether or not it wishes to receive further information about our services. We shall also send promotional information to other people who are not regular Careerbuilders clients to introduce them to our business. If a person indicates to us that they do not wish to receive this information, we will not send further communications to them.
Individuals are always welcome to accept or decline communications from Careerbuilders. At any time a person may opt-out of receiving communications. If an individual is receiving unwarranted promotional information about Careerbuilders, he or she may remove his or her name from our list by contacting our Privacy Officer by writing to 7/75 Miller Street, North Sydney, NSW 2060 or calling (02) 8908 9000 and asking to be removed from our mailing list. Please allow 28 days for this request to be processed.
8. Data Quality
When personal information is collected from an individual directly, it may be assumed that the personal information given by them is accurate, complete and up-to-date. However, if personal information is collected from a third party regarding an individual, the person supplying the personal information should be asked whether such personal information is accurate, complete and up-to-date.
9. Data Security
Information must be protected against misuse, loss and unauthorised access, modification or disclosure. The procedures to be followed in order to protect such information are:
(a) Any password provided to a person for purposes of accessing such information on CareerBuilders network or internet must be kept confidential at all times.
(b) Hard copies of documents containing personal or sensitive information must be kept in secure files created for this purpose.
(c) All hard copy or electronic copy documents containing personal information which are no longer required for the purpose for which such information was collected, or for any directly associated purpose or other purpose permitted in accordance with section 3 above, must be destroyed or deleted in full (as relevant unless it needs to keep it for legal reasons).
If an individual wishes to have his or her personal information deleted, he or she is entitled to let us know and we will take all reasonable steps to delete it unless we need to keep it for legal reasons.
Occasionally, information that a person requests to be removed will be retained in certain files in order to resolve disputes or for auditing purposes. In addition, information is never completely removed from our database as due to technical and legal constraints, including stored “back-up” systems.
When providing a copy of this Policy, care must be taken to provide the most up to date Policy available, as changes may be made to this document as required from time to time.
A written memorandum of supply of this Policy is to be kept, recording the date of supply, the date on the version supplied and who the Policy was supplied to.
11. Access and Correction
The Privacy Act sets out the rights that an individual has to see any personal information that Careerbuilders may have concerning him or her. If an individual would like to:
see his or her personal information;
change any inaccurate or out of date personal information;
have his or her personal information deleted, they should contact us by writing to our Privacy Officer at 7/75 Miller Street, North Sydney, NSW 2060 or calling (02) 8908 9000.
Our file of an individual’s information will be made available to an individual within 14 days. In some cases we may need to impose a charge for providing access to personal information to reflect the cost of finding this information and providing it to an individual.
No number assigned to an individual as an identifier by any organisation (for example – a tax file number or any other unique identifying number or sequence) shall be collected, used or disclosed by Careerbuilders unless such collection, use or disclosure is necessary to allow Careerbuilders to fulfil its obligations to that individual or regarding that individual.
Individuals are to have the option, wherever practicable, of whether or not to identify themselves when dealing with Careerbuilders, however where any of Careerbuilders forms require the completion of a name then such name must be collected in order to complete the form satisfactorily.
14. Transborder Dataflows
Notwithstanding the guidelines set out in point 3 above, no person is to provide personal information regarding an individual to any person not located in Australia without first consulting the Privacy Officer. The Privacy Officer will then assess whether or not there is cause for such disclosure having regard to the provisions of the Privacy Act.
15. Sensitive Information
The Privacy Act sets out separate rules for the collection of sensitive information, as opposed to personal information.
No person is permitted to collect sensitive information regarding an individual unless that individual consents to the collection, or the collection of such information is required by law, or to prevent or lessen a serious and imminent threat to the life or health of any individual.
In the event that an individual considers that disclosure of sensitive information is warranted, the Privacy Officer should be contacted immediately, before disclosure of the relevant sensitive information. In the event that the Privacy Officer is satisfied that such sensitive information should be disclosed, the Privacy Officer shall make the relevant disclosure and must keep detailed written notes of the circumstances of the disclosure.