1. Introduction

1.1 Definitions and Acronyms

2. Collecting Personal Information

The Company is committed to providing quality services to you and this procedure outlines our ongoing obligations to you in respect of how we manage your Personal Information.

This procedure explains the types of personal information the Company collects and stores, why and how it is collected, used and disclosed. The HR Manager is responsible for the application of the APP.

The Company will only ask for personal information it reasonably requires in order to conduct business and/or comply with legal requirements. It will not collect, buy, rent or otherwise acquire personal information from third parties, without the employee’s consent.

The Company will notify employees:

• Of the purpose for which the information is collected;
• To whom it might disclose the information;
• About laws that require this information to be collected; and
• The consequences if all/part of the information is not

2.1 Compliance

The Company complies with APP that relate to:

• Collection;
• Use and disclosure;
• Data quality and security;
• Storage;
• Openness;
• Individual access and correction; and
• The international or trans-border data flows of personal

2.2  What Information is Collected?

The type of information collected depends on the Company’s needs to conduct its business. Examples of information types:

• Name, address and contact details;
• Usernames and passwords;
• Information contained in identification documents such as drivers’ licences, passports, TFN;
• Academic qualifications and employment history;
• Medical pre-employment and monitoring data;
• Criminal record check;
• Bank account details and tax file number; and
• Commercial trade references and credit

2.3 Collection of Information

Generally, personal information is collected directly from the individual when they deal with the Company either in person, over the phone, via email or when a questionnaire is completed.

2.4 Use and Disclosure

Subject to the exceptions set out in the APP, e.g. the disclosure of personal information allowed or required by law, personal information will only be used and/or disclose for:

• The primary purpose it was collected for; and/or
• A related purpose that would be reasonably expected, without further

2.5 Disclosure to a Third Party

The Company will only disclose personal information to third parties with the consent of the individual concerned, if that disclosure is necessary for the purposes the information was collected.

Instances where it would be necessary to disclose personal information to a third party include, but are not limited to:

• The external administration of an employee’s superannuation plan;
• Financial institutions, for payroll administration;
• Disability and death insurers, to enable claims to be processed;
• Clients where personal information is required to grant site access;
• A medical assessment provider;
• For processing Company insurance claims;
• External IT service providers, to ensure the security of computer networks; and
• Credit checks on

3. Security Measures

The Company stores personal information in a range of hardcopy and electronic formats.

Hardcopy information is protected by:

• Locking it in cabinets;
• Only allowing access to necessary employees;
• Keyed access;
• Security alarms; or
• Surveillance cameras. Electronic information is protected by:
• Access controls, g. user passwords or limited access to shared network drives;
• Virus checking and backing-up data; and
• Specialised IT support to deal with security

Transmission of personal information by electronic means may involve unsecured telecommunications lines. Security is enhanced by:

• Checking facsimile numbers before sending personal information;
• Confirming receipt;
• Pin numbers and passwords for the use of some transmissions; and
• Encryption of data for high risk

3.1 Access

Individuals inquiring about their rights and remedies, can access detailed information at the Australian Privacy Commissioner’s website: www.privacy.gov.au/publications/npps01.html

Employees must not disclose private information that comes to their attention during their job.

Personal information will not be released to another individual or organisation, unless written approval is provided to the HR Manager. The request must specify the type of information required and the reason. The HR Manager will reject the request if they believe it breaches the Privacy Act.

3.2  Altering Records

The Company will take reasonable steps to correct personal information that is inaccurate, by undertaking discussions to satisfy both parties, keeping in mind that it is inappropriate to delete or alter original information.

3.3  Complaints

Complaints about a possible breach of privacy must be in writing, addressed to the HR Manager and clearly set out the nature of the complaint.

3.4 Breaches

Management is committed to notifying individuals whose personal information is involved in a data breach that is likely to result in serious harm.

This notification shall include recommendations about the steps individuals should take in response to the breach. Any actual or suspected breach will be reported to General Counsel for assessment and development of the step by step response.

3.5  Contact Details

If you have any questions in relation the this procedure or the management of your personal information you can contact our HR Manger by email at hradmin@contractresources.com