Privacy & Personal Data Protection Policy
In its everyday business operations Employment Innovations (EI) makes use of a variety of data about identifiable individuals, including data about:
- Current, past and prospective employees
- Users of its websites
- Other stakeholders
In collecting and using this data, the organisation is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps Employment Innovations is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Employment Innovations systems.
2. Privacy and personal data protection policy
Employment Innovations respects the right to privacy and is committed to safeguarding the privacy of our clients and website visitors. We adhere to the Australian Privacy Principles contained in the Privacy Act 1988 (Cth Australia) and the privacy act 2020 (NZ). This policy sets out how we collect and treat personal information.
A privacy statement is a document that declares the intentions of the organisation in relation to client information and data, how personal information is stored, how clients can access this information and the purposes for which personal information is used and disclosed.
Employment Innovations privacy statement includes sections on the following areas:
- Collection of personal information
- How we collect personal data
- Use of personal information
- Disclosure of personal information
- Security of personal information
- Access to personal information
- Complaints about privacy
2.1. Collection of personal information
Employment Innovations will, from time to time, receive and store personal information entered onto our website or via Employment Innovations Service Desk, provided to us directly or given to us in other forms.
Before accessing services with Employment Innovations users will be required to provide some basic information such as name, phone number, address, and email address to enable us to send information, provide updates and process your service provision. We may collect additional information at other times, including but not limited to, when users provide feedback, when you provide information about personal affairs, change content or email preference, respond to surveys and/or promotions, provide financial or credit card information, or communicate with our customer support.
Additionally, we may also collect any other information provided by people interacting with us.
2.2. How we collect your personal information
2.3. Use of your personal information
Employment Innovations may use personal information collected to provide clients with information, updates, and our services. We may also notify of new and additional services and opportunities that are available. We may use personal information to improve our services and better understand the needs of individuals.
Employment Innovations may contact individuals by a variety of measures including, but not limited to telephone, email, sms or mail.
2.4. Disclosure of personal information
We may disclose personal information to any of our employees, managers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Policy.
Personal information is only supplied to a third party when it is required for the delivery of our services and has been discussed with the client.
We may from time to time need to disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, in the course of a legal proceeding or in response to a law enforcement agency request.
We may also use personal information to protect the copyright, trademarks, legal rights, property or safety of Employment Innovations, its clients or third parties.
Information that we collect may from time to time be stored, processed, or transferred between parties located in countries outside of Australia or New Zealand.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances.
By providing us with personal information, individuals consent to the terms of this Policy and the types of disclosure covered by this Policy. Where we disclose personal information to third parties, we will request that the third party follow this Policy regarding handling personal information.
2.5. Security of your personal information
Employment Innovations is committed to ensuring that the information provided to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
The transmission and exchange of information is carried out at your own risk.
2.6. Access to personal information
Individuals may request details of personal information that we hold about them in accordance with the provisions of the relevant ACT. This information will be provided within a reasonable time frame, free of charge. If an individual would like a copy of the information, which we hold about them or believe that any information we hold on them is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at email@example.com.
We reserve the right to refuse to provide you with information that we hold, in certain circumstances set out in the Privacy Act.
2.6.1. Complaints about privacy
If you have any complaints about our privacy practices, details of the complaint should be sent to firstname.lastname@example.org. We take complaints very seriously and will respond shortly after receiving written notice of the complaint.
When you visit Employment Innovations website
When you come to our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Third party sites
Our site may from time to time have links to other websites not owned or controlled by us. These links are meant for individual’s convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Employment Innovations is not responsible for the privacy practices of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
2.7. Data Protection Officer
A defined role of Data Protection Officer (DPO) has been established to oversee this Policy.
It is a requirement of the Privacy Act 1988 Notifiable Data Breaches (NDB) Scheme that when an organisation or agency the Privacy Act 1988 covers has reasonable grounds to believe an eligible data breach has occurred, they must promptly notify any individual at risk of serious harm. They must also notify the Office of the Australian Information Commissioner (OAIC).
Under the Privacy Act 2020, if when an organisation or business has a privacy breach that either has caused or is likely to cause anyone serious harm, they must notify the Privacy Commissioner and any affected people as soon as they are practically able.
Breaches must be handled in accordance with the Employment Innovations Personal Data Breach Notification Procedure (MP-23).
2.7.2. Our obligations as a cloud service provider
In addition to holding personal data on our own account, Employment Innovations also stores and processes the personal data of our cloud clients. In doing so, there are a number of additional obligations that must be fulfilled to allow our clients to stay within the law.
Our policy in this area is informed by ISO 27018 – Code of Practice for Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors which, as well as recommending specific enhancements to ISO 27001 controls, also provides the following policy guidance:
- We must provide our clients with the facilities to meet their obligations under law in activities such as accessing, amending and erasing individuals’ PII
- We must only use the cloud customer’s PII for their purposes, not our own
- The customer must be informed if we are required by law to disclose any of their data, unless we are prohibited from doing so
- Details of disclosures must be recorded
- We must tell our clients if we use sub-contractors to process their PII
- We must tell our clients if their PII is subject to unauthorised access
- It must be clear in which country or countries the customer’s PII is stored
EI may review, amend or update this policy at any time. All employees are required to comply with these changes.
How to Contact Us
- Telephone – (02) 8030 8888
- Post – PO Box Q1494, Queen Victoria Building, NSW 1230
- Facsimile – (02) 9929 4695
- Email – email@example.com / firstname.lastname@example.org