1. Purpose and scope
Sycle respects the privacy of its clients, Employees, perspective employees and all others in which it deals with. This policy describes the types of private data we collect and describes how we use private information, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.
Geelong Landfill Pty Ltd trading as Sycle (ABN 87 169 212 828) and its related bodies corporate (Us/We)….
2. Definitions
‘APP’ means Australian Privacy Principles.
‘Sycle’ means Geelong Landfill Pty Ltd trading as Sycle and any other related bodies corporate.
‘Employee’ means a full time, part time, casual or volunteer employee of Sycle and includes directors, contractors and agents of Sycle.
‘Personal Information’ means information or opinion about an identified individual, or an individual who is reasonably identifiable.
‘Privacy Act’ means the Privacy Act 1988 (Cth) and related regulations as updated and amended from time to time.
3. Responsibilities
• Implementation of policy and processes: Director
• Complaints regarding privacy: HR Manager
Assessing and Correcting Personal Information
You may request access to personal information Sycle holds about you and you may request corrections be made to that information.
Sycle will generally provide you with access to any personal information we hold about you on request. In limited circumstances, however, access may be refused if required or permitted by law. If Sycle does not provide you with access, we will explain the reasons for our refusal in writing.
Sycle will not charge you for making an application to access your personal information but may charge a reasonable fee to cover the cost of giving access, such as photocopying costs. Sycle will advise you if such a charge applies before your request is dealt with.
How Does Sycle Secure Personal Information?
Your personal information is held on databases and physical files. Sycle takes appropriate technical, organisation and physical measures to keep your personal information secure.
If Sycle outsources services involving the use of personal information, it will take steps to ensure the protection of your personal information.
Website
In the course of using our website, you may provide us with personal information. Sycle takes all reasonable steps to ensure its security within our own system.
Sending Personal Information Overseas
Before disclosing personal information to an overseas recipient, Sycle will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.
Sycle will be accountable for the overseas recipient’s acts or practices in relation to the information that would breach the APPs.
Company Software
If an Employee is using company software on a personal or work device for work purposes, Sycle may have access to location information which relates directly to an Employee’s employment. Employees will have access to this information kept ensuring transparency. Sycle will rectify the information if it is found to be incorrect or incomplete.
Complaints Procedure
This Privacy Complaint Handling Procedure sets out the process Sycle will undertake to deal with complaints regarding breaches of Australian privacy law including under the Privacy Act and State and Territory legislation relating to health information.
Any complaints should be made in writing to Sycle HR Manager.
Sycle will resolve all privacy complaints through this procedure:
• Step 1: A privacy complaint is received (Complaint).
• Step 2: Within (5) business days following receipt of the Complaint, Sycle will send a communication via post, fax or email to the person who made the complaint (Complainant) acknowledging receipt of the Complaint.
• Step 3: Following the acknowledgment of receipt of the Complaint (as outlined in Step 2), a Sycle investigator will notify the Complainant via post, fax or email, that they have been assigned to investigate the Complaint and commence the investigation.
• Step 4: The investigator will investigate the Complaint. During this process, the investigator may request further information from the Complainant.
• Step 5: Within thirty (30) business days from the date all information is received, the Investigator will contact the Complainant via post, fax or email, notifying the Complainant of proposed avenues of resolution. The Complainant and the investigator may work together to collaboratively resolve the Complaint to the Complainant’s satisfaction. Sycle will notify the individual if additional time is needed to respond due to the complexity of the inquiry.
• Step 6: If the Complaint cannot be resolved by the Complainant and the Investigator in accordance with Step 5, then the Investigator will notify the HR Manager (Notification) who will then take steps to resolve the matter.
• Step 7: Following receipt of all requested information, the HR Manager will contact the Complainant via post, fax or email, and propose an avenue(s) of resolution.
• Step 8: If the Complainant agrees to the proposed avenue(s) of resolution, the Complainant and the HR Manager will work together to close the matter.
• Step 9: In circumstances where resolution cannot be achieved in accordance with Steps 1 to 8, the HR Manager will advise the complainant that they may direct their Complaint to the Federal Privacy Commissioner or take independent advice as to their rights.
The Complainant may contact the Federal Privacy Commissioner as follows:
• By telephone: 1300 363 992
• By writing: Director of Complaints, Office of Federal Privacy Commissioner, GPO Box 5218, Sydney NSW 1042
• By email: enquiries@oaic.gov.au
6. Enforcement
Employees must comply with the requirements of this policy. Any breach of this policy may result in disciplinary action.
7. Document Review
Sycle reserves the right to vary, replace or terminate this policy from time to time.
8. Email security
In accordance with our email security policy, any emails that you send to (entity) will automatically be screened and scanned. This could result in the email itself, any attachments or any images being automatically blocked and forwarded to our IT administrators. If this is the case, our IT administrators will review the email for security purposes only and not thereafter to authorise the content where applicable.