1. Aim

The aim of this policy is to ensure that ‘Ernest Fleming Machinery & Equipment PTY LTD’ (EF) respects the privacy of individuals in accordance with the privacy Act.

 

2. Collection

2.1   EF must not collect personal information unless the information is necessary for one or more of its functions or activities.

2.2   EF must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.

2.3   At or before the time (or, if that is not practicable, as soon as practicable after) EF collects personal information about an individual from the individual, EF must take reasonable steps to ensure that the individual is aware of:

a)      Our identity and how to contact us; and

b)      The fact that he or she is able to gain access to the information; and

c)      The purposes for which the information is collected; and

d)      The organizations (or the types of organizations) to which EF usually discloses information of that kind; and

e)      Any law that requires the particular information to be collected; and

f)       The main consequences (if any) for the individual if all or part of the information is not provided.

2.4   If it is reasonable and practicable to do so, EF must collect personal information about an individual only from that individual.

2.5   If EF collects personal information about an individual from someone else, it must take reasonable steps to ensure that the individual is or has been made aware of the matters listed in sub clause 2.3 except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.

 

3. Use and Disclosure

3.1   EF must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless the exceptions conform to the act.

3.2   If EF uses or discloses personal information on behalf of an enforcement body, it must make a written note of the use or disclosure.

 

4. Data Quality

EF must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.

 

5. Data Security

5.1   EF must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorized access, modification or disclosure.

5.2   EF must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under National Privacy Principle 2.

 

6. Openness

6.1   EF must set out in a document clearly expressed policies on its management of personal information. EF must make the document available to anyone who asks for it.

6.2   On request by a person, EF must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.

 

7. Access and Correction

7.1   If EF holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except in instances provided by law.

7.2   However, where providing access would reveal evaluative information generated within EF in connection with a commercially sensitive decision-making process, EF may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.

7.3   If EF is not required to provide the individual with access to the information because of paragraphs 7.1, EF must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.

7.4   If EF charges for providing access to personal information, those charges:

a)      Must not be excessive

b)      Must not apply to lodging a request for access

7.5   If EF holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, EF must take reasonable steps to correct the information so that it is accurate, complete and up-to-date.

7.6   If the individual and EF disagree about whether the information is accurate, complete and up-to-date, and the individual asks EF to associate with the information a statement claiming that the information is not accurate, complete or up-to-date, EF must take reasonable steps to do so.

7.7   EF must provide reasons for denial of access or a refusal to correct personal information.

 

8. Identifiers

8.1   EF must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:

a)      An agency; or

b)      An agent of an agency acting in its capacity as agent

c)       Contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract

8.2   EF must not use or disclose an identifier assigned to an individual by an agency or by an agent or contracted service provider mentioned in sub clause 8.1, unless:

a)      The use or disclosure is necessary for EF to fulfil its obligations to the agency; or

b)      Paragraph 3.1 apply to the use or disclosure; or

c)       The use or disclosure is by a prescribed organization of a prescribed identifier in prescribed circumstances

 

9. Anonymity

Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with EF.

 

10. Sensitive Information

EF must not collect sensitive information about an individual unless it is absolutely necessary and conforms to the requirements of the act.