Introduction
In the course of doing business, there may be circumstances where Bamara, hereafter referred to as “the Company”, collects personal information. Personal information is information or an opinion about an individual who is reasonably identifiable.
The Bamara Privacy Policy has been developed to ensure that such information is handled and protected appropriately and in accordance with the 13 Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (‘Act’).
This Policy sets out the broad controls that the Company has adopted to govern the way it collects and uses personal information, the circumstances under which it may disclose personal information to third parties, how persons can access their personal information held by the Company, and what they can do if they are unhappy with the Company’s treatment of their personal information.
The Company may make changes to the Bamara Privacy Policy from time to time, without notice, via the uploading of an updated version of the policy on the Company website at https://bamara.com.au/
Scope
1.1 Who does this policy apply to?
This policy applies to any individuals whose personal information we may hold or collect including
- Employees
- contractors, consultants or suppliers of goods or services
- participants in programs or services delivered by us
- A person whose information may be given to us by a third party
- A person seeking employment with us
The Company will be fair and open about the way we collect information about you and what we intend to do with the information we collect.
Values Statement
At Bamara our values of People + Community, Opportunity + Excellence, Trust + Respect and Sustainability underpin everything we do. Our values guide us in our behaviours and reflect our commitment to our clients, community and each other.
Policy
a. What information does this policy refer to?
This Policy applies to personal information and sensitive information.
b. Purpose of this privacy policy
The purpose of this privacy policy is to;
- Describe the types of personal information that we collect, hold, use and disclose.
- Outline our personal information handling procedures.
- Explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected.
- Explain our procedures in the event that your personal information is disclosed without authorisation.
- Provide information about how to access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
What is personal information?
Bamara, including its employees, contractors and agents, is subject to the Privacy Act 1988 and to the requirements of the Australian Privacy Principles (APP’s) contained in the Privacy Act.
The APPs regulate how organisations can collect, hold, use and disclose personal information and how you can access and correct that information.
“Personal Information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.
Common examples include your name, telephone number, email address and date of birth.
Sensitive Information
In this Policy there are also references to sensitive information, which is a subset of personal information. “Sensitive Information” is information or an opinion about a person that is of a sensitive nature, including information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a Trade Union, sexual orientation or practices, criminal record, or health, genetics, biometrics or disability.
What is not personal information?
Information where the Company has removed any references to a person, so that the person cannot be reasonably identifiable from the information, is not personal information.
The Company may use this information for its own purposes and gain. For example, that fact that x jobseekers aged 20-40 have accessed our services, is not personal information.
Collection of personal information
The Company collects information in a variety of ways in the course of running our business, including:
- Providing services to Jobseekers, trainees and other parties;
- Engaging suppliers, contractors, labour hire workers and other personnel;
- Responding to questions about our services and our business;
- Responding to complaints and enquiries via our online complaints process;
- Interacting with people via our website or via social media and related platforms;
- Conducting trade promotions and information sessions;
- Via security processes at our sites including our sign in registers
- Credit Card details.
Bamara complies with the Payment Card Industry Data Security Standards.
The kinds of personal information that the Company collects and holds depends on the circumstances, but can include names, addresses and other contact details, details about a person’s work experience and other qualifications, date of birth, driver’s licence details, bank account details and photographs.
Means of collection
The Company collects most personal information directly from the person, unless the person consents to the collection of information by someone else other than them, or the Company is required or authorized under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual. Third parties may also share information with us about people, including the Government, Centrelink and other related parties. Where reasonable and practicable, the Company will collect personal information directly from you and inform you that this is being done.
When the Company collects personal information, the Company will take reasonable steps to ensure that the person is aware of:
- the collection;
- the purpose of the collection;
- the main consequences (if any) if the information is not collected;
- the types of organisations (if any) to which the information may be disclosed (including those located overseas);
- any law that required the particular information to be collected; and
- the fact that this Policy contains details on access, correction and complain
Personal information collected by the Company is held in a variety of formats including hardcopy and on our computer systems.
If the Company received solicited information (personal information that the Company has not requested) and the Company determines that they could not have collected this information, if requested, under the Australian Privacy Principles, and the information is not contained in a Commonwealth record, the Company shall destroy or de-identify the information if it is lawful and reasonable for the Company to do so.
Where practicable, you may deal with the Company anonymously or by pseudonym, however in some circumstances this may not be practicable and the Company may need to request personal information.
Collection of sensitive information
The Company only collects, holds and handles information about you that is necessary for the Company to perform the services that are requested of the Company, that is otherwise reasonably necessary for business activities or if required by an Australian law or court. The Company will not collect sensitive information unless the person to whom it relates consents to the collection and, the information is reasonably necessary for one or more of the Company’s business functions or activities. The exception to this is where collection is required or authorised by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) life or health or is necessary in relation to legal proceedings (current, anticipated or potential), or another permitted exception in the Act applies.
Protecting participants confidentially in telephone consultations
Bamara participants and staff commonly use the telephone to conduct phone appointments and discuss personal information. Unlike face-to-face conversations, callers cannot identify each other visually therefore staff will be required to obtain necessary information from the participant to be able to identify them.
Discussions should take place in the workplace and not be audible to other members of staff or the general public.
Conversations of a sensitive or confidential nature should be conducted whereby the information is protected from unauthorised persons and where possible should be conducted in a private room so conversation cannot be overheard.
Before providing any information to a client you need to ensure the client’s identity. This may be done by asking for their date of birth, address or a client number as provided by Services Australia. Following are some tips to help maintain confidentiality.
- Never give client information over the phone if external stakeholders are requesting information. If unsure discuss this with your Team Leader
- Keep your voice down especially when speaking with participants for fear that others can hear you
- Be particularly careful when speaking to the client’s family member or friend. Ensure you know who they are and what you are permitted to say and not say. Information can only be disclosed if the person you are speaking to an authorised nominee which is in ESS Web on the participants Registration Screen; and is limited to information relating to Mutual Obligation Requirements, appointments and activities.
Bamara is committed to providing an environment that is free from discrimination, harassment and victimisation where participants are treated with dignity, courtesy and respect.
Information can only be provided to external stakeholder such as Services Australia, family and other workers (except where there a legislative requirement based on indicators of risk harm) when the client has given ‘informed consent’. Such a request must be made in writing and addressed to the Bamara Privacy Officer. Refer to accessing personal information in the privacy policy.
If you have any doubts or are placed in a situation of uncertainty, discuss them with your Manager. Client confidentiality and privacy are always to be maintained.
Cookies
The Company uses ‘cookies’ and other similar technologies in electronic communications to help us collect information about the way you interact with our content online and help the Company to improve your experience when visiting the Company website.
Cookies are data files that your browser places on your computer or device. They remember the type of browser that the visitor is using and which additional browser software the user has installed. They remember preferences such as languages and region, which remain as your default settings when you next revisit the website. The cookies also allow the user to rate pages and fill in comment forms on the website.
Cookies cannot collect any information stored on your computer or files. Users can visit www.allaboutcookies.org for more information and details on how to delete or reject cookies.
Additional information regarding credit information
In connection with the operation of the Company, the Company collects and uses credit information of individuals.
The types of credit information that the Company collects and uses for the purposes of assessing an application for credit include:
- 1. names, addresses and other contact details of account holders and guarantors (both prospective and current);
- 2. bank account details
- 3. driver’s licence details
- 4. financial information
Such information is collected from the relevant individual and from credit reporting bodies, as well as from publically available information. The Company uses the information collected to create an internal credit assessment report.
The Company does not disclose credit information to credit reporting bodies, except for an individual’s identity in order to obtain a credit check from the credit reporting body.
Google Analytics
The Company uses Google Analytics to collect information about how people use our website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites. The information the Company obtains from Google Analytics helps us understand user needs and offer a better user experience.
By using the Bamara website, you consent to the processing of data about you by Google in the manner described in Googles Privacy Policy which is available at: http://google.com/intl/en/policies/privacy . You can opt out of Google Analytics by using the Google Analytics opt-out browser add-on. Further information is available at: https://tools.google.com/dlpage/gaoptout
Use or disclosure of personal information
The use to which the Company can put personal information depends on the reason for which it was collected. The Company may use personal information for its primary purpose of collecting the information, or for a related secondary purpose that we could reasonably be expected to use the personal information for.
The Company respects the privacy of personal information and will take reasonable steps to keep it strictly confidential.
The Company will disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected. Where such disclosure is necessary, the Company will require that the third party undertake to treat the personal information in accordance with the APP.
Otherwise, the Company will only disclose personal information to third parties without the consent of the person to whom the information relates if the disclosure is:
- necessary to protect or enforce Bamara’ rights or interests or to defend any claims;
- necessary to prevent or lessen a serious threat to a person’s health or safety;
- required or authorised by law;
- permitted by another exception in the Act
If the Company uses or discloses personal information to third parties in accordance with the above, the Company must make a written note of the use of disclosure.
The Company may disclose personal information to a related Bamara company in Australia or overseas, subject to the provisions of the Act. In such circumstances, the related company will only use the personal information for the same purposes that the disclosing Bamara Company is authorised to use the personal information for and take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Direct marketing
Under no circumstances shall the Company sell personal information.
Information security
The Company will take all reasonable steps to ensure that all personal information held by the Company is secure from any unauthorised access or disclosure. The Company stores personal information in archive systems for a period the Company considers reasonable depending on the primary purpose for which the information was collected. Only properly authorised people who have a need to access personal information to perform their job will be able to see or use that information.
Personal information will be de-identified or destroyed when it is no longer required such that it cannot re-identified at a later date.
The Company will ensure that its employees receive training about the management of personal information relevant to their respective roles and responsibilities in accordance with the Company’s Information Security Policy.
Adoption of government related identifiers
The Company will not adopt a government related identifier of an individual as its own identifier of the individual unless the adoption of the government related identifier is required or authorized by or under an Australian law or court/tribunal order.
The Company will not use or disclose a government related identifier of an individual unless:
- the use or disclosure of the identifier is reasonably necessary for the organization to verify the identity of the individual for the purposes of the organisations activities or functions; or
- the use or disclosure of the identifier is reasonably necessary for the organization to fulfil its obligations to an agency or a State or Territory authority; or
- any other exception provided for in subclause 9.2 and 9.3 of the Act
Accessing personal information
A person may request to access personal information about themselves held by the Company. Such a request must be made in writing and addressed to the Bamara Privacy Officer at the address below:
Bamara Privacy Officer
Shop 12, 23 Pulteney Street,
Taree NSW 2430
E: privacyofficer@bamara.com.au
Dealing with requests for access
The Bamara Privacy Officer, or delegate of the Company, must respond to the request for access to personal information within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Refusal to give access
If the Company refuses to give access to the information, or to give access in the manner requested by the individual, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators,
and take steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
Correction to personal information
The Company will take reasonable steps to ensure the accuracy and completeness of the personal information they hold. However, if the Company is satisfied that, having regard to a purpose to which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or the individual requests the Company to correct the information, the Company must take steps (if any) as are reasonable in the circumstances to correct the information to ensure, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. If a person believes that any personal information that the Company holds about them is inaccurate or out of date, then they should contact the Bamara Privacy Officer.
If the Company corrects personal information and the individual requests the Company notify a third party of the correction; the Company must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
If the Company refuses to correct personal information, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators
Notifiable Data Breach Scheme
As an organisation regulated by the Privacy Act 1988, Bamara abide by the requirements of the Notifiable Data Breach Scheme (NDB scheme).
The NDB scheme requires Bamara to notify individuals and the Office of the Australian Information Commissioner (OAIC) about eligible data breaches. An eligible data breach occurs when the following criteria are met:
- There is unauthorised access to, or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
- This is likely to result in serious harm to any of the individuals to whom the information relates.
- The entity has been unable to prevent the likely risk of serious harm with remedial action.
In the unlikely event of an eligible data breach, Bamara will manage the circumstances according to our Data Spill Policy and any State or Federal Government deed or contractual requirements.
Complaints
If a person wishes to complain about any breach by the Company of this policy, the Australian Privacy Principles, Privacy Act or another code or law which binds the Company (if any), a complaint may be lodged in writing by post or email to the address provided.
Bamara Privacy Officer
Shop 12, 23 Pulteney Street,
Taree NSW 2430
E: privacyofficer@bamara.com.au
If the Company is unable to resolve the matter, you may raise your concern with the Office of the Australian Information Commissioner (OAIC):
- P: 1300 363 992
- E: enquiries@oaic.gov.au
- GPO BOX 5218 SYDNEY NSW 2001
Copyright Notice
This work is copyright. Apart from any use permitted under the Copyright Act 1968, no part may be reproduced by any process, nor may any other exclusive right be exercised, without the permission of Bamara.
Ownership
Bamara is nominated as the Owner of this policy.
Disclaimer
This Policy and Procedure document is designed to assist employees of Bamara in performing their duties and responsibilities, and otherwise to set out general information in relation to certain subjects.
To the extent that this Policy and Procedure document requires an employee of Bamara to do, or refrain from doing something, it constitutes a direction from Bamara to the employee, with which the employee must comply. Non-compliance may lead to disciplinary action up to, and including termination of employment.
Bamara may alter or withdraw this Policy from time to time, or choose not to apply any part or all of this procedure in a particular instance at its absolute discretion, unless expressly stated otherwise in this document, or in an underlying template document contained on or linked through this page. Because this policy and procedure document and any underlying policies and procedures may be changed by Bamara from time to time, this site should always be accessed to ensure that the policy and procedure being accessed is the current version. Employees should not rely on printed documents without checking the current status of this Policy and Procedure via Bamara SharePoint.