INFORMATION PRIVACY STATEMENT AND COLLECTION NOTICE
Updated: 20 November 2022
The Australian Impact Group PTY LTD trading as Cyber Sense Smart Precinct NQ Limited (ABN 37 653 840 432) (Cyber Sense, “we”, “our”, “us”) is subject to the Australian Privacy Principles under the Privacy Act 1988 (Cth) (“the Act”) and, as part of certain defined Queensland Government governed activities, the Information Privacy Principles under the Information Privacy Act 2009 (Qld) (“the IP Act”).
We are committed to protecting the reasonable privacy expectations of our staff and our clients. In doing so, our objective is to protect and appropriately manage the information we collect, process, and store. “Personal Information” is defined in the Act as information or an opinion about an identified individual or an individual who is readily identifiable.
“Sensitive Information” is defined in the Act to include information or an opinion about an identifiable individual’s:
- racial or ethnic origin,
- political opinions,
- religious beliefs or affiliations,
- philosophical beliefs,
- sexual orientation,
- criminal record,
- health information, and
- genetic information.
This Information Privacy Statement and Collection Notice sets out how and why we collect, use, and disclose Personal Information or Sensitive Information collected by, or provided to, us, in accordance with the Act.
If Cyber Sense conducts a defined activity governed particular privacy requirements, Cyber Sense will issue a separate a separate Information Privacy Statement and Collection Notice.
By providing us with information in person or electronically, you consent to our collection, use and storage of your Personal Information and Sensitive Information in accordance with this Information Privacy Statement and Collection Notice.
If you do not consent to us collecting, using and storing the Personal Information or Sensitive Information we request, we may not be able to provide you with our support services, including those provided in support of a third party.
2. Why Cyber Sense Collects Personal Information and Sensitive Information
Cyber Sense collects Personal Information and Sensitive Information about company officers, employees, contractors, volunteers, current and prospective clients, care providers, next of kin, and external stakeholders.
We collect Personal Information and may collect Sensitive Information to:
- to deliver education, research, and other services in support of our clients;
- meet the wider functional needs of the organisation, including financial management, legal compliance, and regulatory reporting obligations;
- provide a more personalised service to clients and stakeholders;
- provide evidence to validate or improve the services we offer; and
- meet the requirements of legislation, government agencies, or stakeholders.
3. Primary Uses of Personal Information and Sensitive Information
We collect, use, and store our client’s Personal Information and potentially Sensitive Information to support our tailored service provision. This may include collecting, using, and maintaining:
- Personal information including name, job title, company, email and phone numbers.
- information about applications and attendance records, including in relation to grants, payments, or services you receive, and your feedback or complaints.
- photographic images, video, and voice recordings to assist in the provision of services and for marketing and publication purposes. If you object to the use of your image, you should inform the photographer or videographer at the time, or if the image has already been published, contact the Managing Director; and
- Records related to correspondence and activities.
Our staff, contractors, and volunteers
The Australian Impact Group collects, stores, and uses employee Personal Information (and if necessary, Sensitive Information) to undertake human resource management functions and to enhance our quality-of-service delivery. The Australian Impact Group is required to maintain employee Personal Information such as institutional survey data, employment history, payroll and superannuation information relating to all current and former, continuing, fixed-term contract employees, and contracted service providers.
Staff, contractor, and volunteer personal records may include:
- personal details including date of birth, postal, term time and permanent home addresses, personal email address, home and mobile telephone numbers, signature, next of kin and emergency contacts;
- employment records relating to recruitment, selection and appointment (e.g., applications, CVs, references), commencement and cessation records;
- financial and business records such as payroll and superannuation, including bank account details, tax file number, salary packaging and other benefits;
- leave, attendance and sickness records;
- general employment administration such as performance management and appraisals, probation and promotions, temporary higher duties, re-deployment, and secondment;
- provision of services to staff and general administration;
- information technology records, such as internal and external telephone, email, and internet activity records;
- staff development and training records including travel and study support assistance;
- health and safety records including health and welfare matters;
- staff grievances, discipline, appeals and complaints;
- equity information.
- accident and injury including compensation and rehabilitation arrangements.
- photographic images, video, and voice recordings to assist in the provision of services and for marketing and publication purposes. If you object to the use of your image, you should inform the photographer or videographer at the time, or if the image has already been published, contact your supervisor; and
- other employment related matters.
4. Collection of Personal Information and Sensitive Information
The Australian Impact Group takes reasonable measures to ensure that the information we collect is:
- necessary and lawful for the organisation’s purposes.
- relevant to the purpose of collection.
- collected in a fair way, without unreasonable intrusion; and
- as up-to-date, complete, and as secure as possible.
Our collection of Personal Information and Sensitive Information can take place physically and electronically through such mediums as websites, mobile device applications, email, telephone, in person, or in writing.
The Australian Impact Group preferred source of Personal Information and Sensitive Information is the individual concerned. However, there may be occasions where we collect Personal Information or Sensitive Information from other important sources, such as:
Information about clients
- government departments;
- linked third party service providers; and
- external stakeholder sources.
- Information about staff, contractors, and volunteers
- previous employers and referees nominated by prospective and current staff members;
- external and internal medical and rehabilitation documentation;
- promotion and performance review assessments;
- information technology records; and
- client and staff feedback.
Inherent Internet risk
Despite the precautions taken by The Australian Impact Group, there are still inherent risks associated with the transmission of information via the Internet. Therefore, The Australian Impact Groiup relies on its company officers, employees, contractors, volunteers, current and prospective clients, and external stakeholders, to make their own informed assessment of the potential risks to the security of information when making decisions about whether or not to transmit information to the Australian Impact Group by electronic means.
If you access our websites, mobile device applications or otherwise communicate with us using an electronic medium, we may collect Personal Information about you.
We also use Internet Protocol (IP) addresses to analyse trends, administer our electronic services, track user navigation, and gather broad information for aggregate use. For each visitor to our site, our web server automatically attempts to collect general, non-personally identifiable information. Examples of this type of information include domain names, pages visited and from which site a user came from.
Third party services – social networking, search, and mobile device services
- third party services such as Google, HubSpot, Eventbrite, as part of our marketing activities;
- social networking services such as Facebook, Twitter, YouTube, Instagram, and LinkedIn to engage with the public and our staff;
- mobile device applications supported by the Play Store on Android and the App Store on Apple devices; and
- other third party proprietary services in support of our activities.
When you engage with us using these services, we may collect your Personal Information or your
Sensitive Information, as well as your location data (depending on your device settings). Our collection of this information is for the purposes of efficient service provision to our clients.
Third party services
Our websites, mobile device applications and social media activities may contain links to third party services or providers. We stress that we have no control over the activities of third-party proprietary services which may also collect and handle your Personal Information (and potentially your Sensitive Information) for their own purposes. We recommend that you review (via their respective websites) the privacy policies and procedures of each provider. The Australian Impact Group is not responsible for the privacy practices of third-party services linked to our websites, mobile device applications, or used as part of our social media activities.
Personal Information and Sensitive Information collection from third parties
Where The Australian Impact Group collects Personal Information or Sensitive Information about an individual from a third party, we will take all reasonable steps to ensure that the individual has been made aware of the collection. If you provide Personal Information to us about another person, we rely on you to have made or to make them aware that you will, or may, provide their information to us and the types of third parties we may provide information to, the relevant purposes we and any of the third parties will use if for and how they can access it. In the case of Sensitive Information, we rely on you to have obtained informed consent in relation to those matters. If you have not done so, or will not do, either of these things, you must tell us before you provide their relevant information.
5. Use and Disclosure of Personal Information and Sensitive Information
We will never sell, rent, or trade your Personal Information or your Sensitive Information.
How we store information
We take reasonable steps to protect your Personal Information and Sensitive Information against misuse, interference, and loss, and from unauthorised access, modification, or disclosure. These steps include:
- ensuring our buildings and paper records are secure;
- only allowing access to Personal Information and Sensitive Information on an authorised need-to-know basis;
- storing electronic data locally on premises controlled by us and on servers (including cloud-based services) provided through reputable third parties such as Google;
- monitoring system access which can only be accessed by authenticated credentials; and
- monitoring and where necessary, auditing and updating our storage and data security systems and processes.
For defined activities governed by the Queensland Government, section 33 of the IP Act sets out when personal information may be transferred outside of Australia. Where The Australian Impact Group’s activities may necessitate the transfer of personal information outside of Australia in situations where (a) the transfer is necessary for the performance of the organisations functions in relation to the individual; and (b) the transfer is for the benefit of the individual in circumstances where it is not always practicable to seek the agreement of the
individual and in such cases, if it were practicable to seek the agreement of the individual, the individual would be likely to give the agreement sought.
When no longer required, we destroy or archive Personal Information and Sensitive Information in a secure manner.
Restricted access to information
Personal Information and Sensitive Information collected and held by The Australian Impact Group will only be accessed and used by people employed or engaged by the Australian Impact Group and as required in the fulfilment of their official duties and in a manner consistent with the original purpose of collection. Additionally, our staff and volunteers are bound by confidential information provisions in their contracts with the organisation. These provisions restrict the access, use and communication of Personal Information and Sensitive Information, including within the organisation.
Disclosure outside of Australian Impact Grouip
Information may be disclosed to organisations outside of the Australian Impact Groiup when required under the Act or another law. It may also be used or disclosed for secondary purposes in certain circumstances but only if:
- the secondary purpose is directly related to the primary purpose of collection and the individual would reasonably expect the use or disclosure of the information for the secondary purpose; or
- The Australian Impact Group reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety; or
- Australian Impact Group has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the Personal Information or Sensitive Information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons, authorities, or agencies.
6. Requests and Complaints
Accessing and updating information about you
You have the right to ask for, and if you do, we must give you access to your Personal Information and Sensitive Information and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will notify you in writing and explain our reasons if we refuse to give you access to, or correct, your information.
How to make a complaint about privacy
If you wish to make a complaint about how The Australian Impact Group has handled your Personal Information or Sensitive Information, please try to resolve the issue with the person you’ve been dealing with in the first instance. If you are not satisfied the outcome, please direct all complaints or enquiries to [email protected]. If we do not resolve your complaint to your satisfaction, you can the Office of the Australian Information Commissioner (“OAIC”). The OAIC is independent to us.
Please note we may use the information from your feedback to investigate and resolve individual issues. We may also use the information to provide feedback to our staff and to assist with improving service delivery.
If you need to contact The Australian Impact Group about privacy, please use the following details:
· Phone: 1300 467 119 · E-mail: [email protected]
· Write: Miranda Mears, Chair