Frontline Human Resources (FHR) is committed to respecting your right to privacy and protecting your personal information. FHR is bound by the National Privacy Principles in the Privacy Act 1988 (Commonwealth) and its amendments and any other applicable laws and codes affecting your personal information. This Policy outlines how we manage your personal information, the sorts of personal information that is held and for what purpose, as well as how the information is collected, held, used and disclosed.
A copy of the Australian Privacy Principles (APPs) may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
2 WHAT IS PERSONAL INFORMATION AND WHY DO WE COLLECT IT?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
This personal information is obtained in many ways including interviews, correspondence, by telephone and facsimile, by email, via our website www.frontlinehr.com.au, from your website, from media and publications, from other publicly available sources and from third parties. We don’t guarantee website links or policy of authorised third parties.
We collect personal information for the primary purpose of providing our services to our candidates, clients and affiliates. We may also use personal information for secondary purposes closely related to the primary purpose, in circumstances where it would be reasonably expected. When collecting personal information we will, where appropriate and where possible, explain why we are collecting the information and how we intend to use it.
Employee Record: in relation to an employee, means a record of personal information relating to the employment of the employee.
Personal Information: recorded information or an opinion about an individual whose identity is apparent or can be reasonably ascertained from the information or opinion.
Record: a document, database (however kept) or a photograph or other pictorial representation of a person.
Sensitive information: information relating to an individual’s health, racial or ethnic origins, political or religious beliefs.
Non personal information: general information that is deemed to be non-personal such as aggregate average data pertaining to web site hits; information that is non- specific.
NPP: means the National Privacy Principles that are contained in Schedule 3 of the Privacy Act 1988 (Cth). The PSA establishes ten (10) NPPs as the minimum privacy standards for the private sector.
Privacy Officer:is an employee delegated by FHR with the responsibility of ensuring the Company complies with the Privacy Act, and who investigates
all alleged breaches of privacy.
From time to time FHR will ask for personal information via various methods including phone, fax and Forms in support of the service we provide.
FHR collects information to enable it to perform its business functions and activities. These may include without limitation:
- Labour hire and recruitment services
- Staff management
- Making contact with individuals and organisations it deals with
- Processing credit applications of, providing products and services to, and marketing to customers
- Selecting and doing business with suppliers and other industry participants, and
- Appointing and doing business with contractors
Personal Information is collected from you when you apply for a position, or on commencement of employment to enable processing of your employment and to maintain ongoing employment related functions such as, payroll, superannuation and personal and emergency contact details.
At the time of collection, you will be informed it is a legal requirement. For example, if immigration or tax law requires it.
At or before FHR collects personal information the company will take all reasonable steps to ensure that you are aware of:
- who FHR is and how to contact us
- how to gain access to the information held about you
- the organisation or the types of organisation that FHR usually discloses information of that kind
- any law that required that particular type of information to be collected
- the consequences (if any) for you if all or part of the information is not provided.
FHR will endeavour, where reasonable and practicable, to collect your personal information directly from you. Where FHR collects information about you from someone else FHR will take all reasonable steps to ensure that you, as well as the third party, have been made aware of all the bullet points above. The only exception to this is where making the third party aware of this information would pose a serious threat to the life or health of yourself or another person.
6 USE AND DISCLOSURE
FHR only uses personal information for the purposes for which it was given to us, or for purposes that are directly related to one of our functions or activities.
FHR will only disclose your personal information to third parties if:
- you have authorised the third party to have access to your personal information. Such parties include but are not limited to Superannuation funds and financial institutions.
- you would reasonably expect or have been told that information of that kind is usually passed to those individuals, bodies or agencies
FHR will only disclose your personal information without your express authorisation under the following circumstances:
- when required or authorised to do so by law. For example, to satisfy warrants, subpoenas, court orders or Workers Compensation Commission Orders
- where if there are reasonable grounds that the disclosure is necessary to prevent or lessen a serious and imminent threat to the life or health of you or another person
- where it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue
7 DATA QUALITY
FHR takes all reasonable steps to ensure that the personal information we collect is accurate, up-to-date and complete. These steps include maintaining and updating personal information when we are advised by individuals that the information has been changed, and at other times as necessary.
As the accuracy of information held depends largely on the information you provide, we recommend that you:
- advise FHR immediately if there are any errors in your personal information and
- keep your personal information up-to-date by advising FHR with any changes. For example, by completing a Personal and Banking Detail Form and submitting it to Payroll in Melbourne
It is important that your personal information is up to date. We will take reasonable steps to make sure that your personal information is accurate and complete; if you find that the information we have is not up to date, please advise FHR as soon as possible so we can update our records and ensure we can continue to provide quality services to you.
If FHR holds personal information about you and we are able to establish that the information is not accurate, up-to-date and complete, FHR will take reasonable steps to correct the information unless it is considered that there is a reason under the Privacy Act, FOI Act, or other relevant law not to do so.
If FHR does not agree to make the requested changes to personal information the individual may make a statement about the requested changes and this statement will be attached to the record.
To access your personal information or request changes to the information please contact the Privacy Officer on 1800 642 006.
8 DATA SECURITY
FHR stores your personal information in a combination of electronic and paper formats. FHR takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include password protection for electronic files, securing paper files in locked cabinets and secured areas, physically restricting access to files and cabinets, and giving access to authorised personnel only.
Where electronic records are secured by passwords, all passwords are kept secure and are not to be shared with colleagues and are changed periodically.
Records of personal information are not stored indefinitely. For current and former employees’ records are kept for the duration of the employment relationship and are then archived externally for a period of seven (7) years.
Where candidates for roles have been made an offer of employment and accepted all recruitment materials including the application, resume, interview notes and email correspondence and other information is to be kept on the personnel file.
Where candidates for roles have not progressed through the recruitment process and made an offer all recruitment materials as detailed above shall be filed centrally for a period of six (6) months.
Information of candidates received from other agencies and who are not considered for roles will not be retained.
Personal information is destroyed when no longer required via a secure service provider or is deleted from electronic systems.
This Policy will be made available to any person who asks for it. FHR on request will let an individual know generally what sort of personal information it holds for that individual, for what purpose and how it collects, holds, uses and discloses that information.
You have the right to access personal information held about you by FHR and FHR will provide you with that access except to the extent that:
- providing access would pose a serious and imminent threat to the life or health of any individual
- providing access would have an unreasonable impact upon the privacy of other individuals
- the request for access is frivolous or vexatious
- the information relates to existing or anticipated legal proceedings between FHR and you, and the information would not be accessible by the process of discovery in those proceedings; or
- providing access would reveal the intentions of FHR in relation to negotiations with you in such a way as to prejudice those negations; or
- providing access would be unlawful under legislation such as the Privacy Act, Freedom of Information Act 1982 (Cth) (FOI Act); or
- denying access is required or authorised by or under law; or
- providing access would be likely to prejudice an investigation of possible unlawful activity
If FHR does not agree to provide access to personal information, we will provide you with reasons and you may seek a review of our decision or may appeal our decision under the FOI Act.
10.1 Exemptions from the Privacy Act
Employee records, including those of former employees of FHR, are exempt from the Privacy Act. Where the ‘employee records’ exemption applies, you do not have the right under the Privacy Act to access personal information held about you.
An employee record is defined as a record of personal information relating to the employment of the employee. Examples of personal information relating to the employment of the employee are health information about the employee and personal information which includes:
- the engagement, training, disciplining or resignation of the employee;
- the termination of the employment of the employee;
- the terms and conditions of employment of the employee;
- the employee’s personal and emergency contact details;
- the employee’s performance or conduct;
- the employee’s hours of employment;
- the employee’s salary or wages;
- the employee’s recreation, long service, sick, personal, maternity, paternity or other leave;
Although you have no legal right to review your employment records, FHR may grant access to certain information under its sole discretion. You need to put your request in writing to the Privacy Officer and specify what information you would like to access.
FHR is entitled to refuse to provide access to some or all of the materials requested. Examples of the types of information that may be reasonably refused access to is:
- where disclosure might unreasonably impact on the privacy of another individual. For example, a disciplinary matter involving another employee
- where disclosure might prejudice an investigation of suspected unlawful activity. This can include commission of a crime or a breach of the individual’s employment obligations. For example, suspected theft of company or client property and/or assets, breach of confidence, insider trading, inappropriate or unlawful email or internet use.
- the information relates to an existing legal dispute. Examples include a worker’s compensation claim or sexual harassment complaint.
The Privacy Act does not apply to individual’s applying for work with HR and who have entered the recruitment process. The Privacy Act only applies once the employment relationship has begun or when the employment relationship has ended.
FHR will not use or disclose the identifiers for individuals used by governments, other agencies or service providers, unless permitted under prescribed circumstances under the Act. Identifiers include a number assigned by an organisation to an individual to identify uniquely the individual for the purpose of the organisations’ operations. However, an individuals’ name or ABN is not an identifier.
Wherever it is lawful and practicable, individuals have the option of not identifying themselves when entering transactions with FHR.
13 TRANSBORDER DATA FLOWS
FHR will only transfer personal information to another party in another country where it will be for the benefit of the individual. FHR will always endeavour to obtain the consent of the individual and will take reasonable steps to ensure that the information will not be held, used or disclosed by the recipient inconsistently with the NPP.
14 SENSITIVE INFORMATION
Sensitive Information means information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
that is also personal information; or
- health information about an individual; or
- genetic information about an individual that is not otherwise health information.
FHR will not collect sensitive information about you unless:
- you have consented
- the collection is required by law
- the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is physically or legally incapable of giving consent to the collection or physically cannot communicate consent to the collection
- the collection is necessary for the establishment, exercise or defense of a legal or equitable claim
FHR may collect health information from you as part of the recruitment process and in the context of the employment relationship in order to assess your fitness for duty.
15 BREACH OF PRIVACY - COMPLAINTS PROCEDURE
Step 1 Submission of complaint
The complaint must be in writing and can be submitted either by letter or by the Privacy Complaint Form. A complaint should;
- specify the name and address of the complainant
- briefly describe the conduct that gave rise to the interference with their privacy
- specify what action they have taken to rectify the problem
- describe any response provided by the complainant
- the complaint must be forwarded to FHR’s Privacy Officer
- the Privacy Officer must acknowledge receipt of the complaint in writing within 14 days of receipt
Step 2 Processing of Complaint
On receipt of the complaint the Privacy Officer will request from relevant employees in the area of the company for documents in relation to the complaint. The employees will:
- conduct/supervise the search for relevant documents within their area
- complete the provided certification that a thorough and exhaustive search of documents in their area has been conducted
- indicate the location of other documents relevant to the complaint but not held in their area
- provide additional information which may assist in resolving the complaint
- forward original documents held
Step 3 Complaint Resolution
The Privacy Officer will forward to the Directors, for advice, details of the breach and possible resolutions. This may include a written apology, retraining of staff, changing procedures, amending or deleting personal information.
Step 4 Reporting
The Privacy Officer will forward a report to the Directors on the status of the complaint and actions taken to resolve the issue.
- reviewing and authorising this Policy and Procedure and any amendments at the sole discretion of FHR
- understanding and complying with the Privacy Act
16.2 Privacy Officer
- considering applications for access to personal information or requests for changes to personal information
- communicating the outcomes of requests to access or change personal information
- responding to all email or written correspondence in a timely manner
- investigating all complaints of alleged breaches of privacy in a timely manner
- delegating their responsibilities when on leave or absent so at all times a Privacy Officer is available within the business
16.3 Manager & Supervisors
- accurately completing and submitting forms and other documents detailing employee information
- ensuring all employee information is kept in personnel files
- updating their personal information as it changes by completing and submitting Personal and Banking Detail Form and other documentation
- ensuring all personal information provided to FHR is accurate, complete, and correct
- not breaching another employee’s privacy
16 RELATED DOCUMENTS
- Bullying/Harassment/Discrimination Policy
- Bullying/Harassment/Discrimination Complaint Form
- Electronic Resources Policy
- Performance Management Policy
- Personal & Banking Detail Form
- Social Media Policy
- Standards of Behavior Policy