In the course of doing business, there may be circumstances where PeoplePlus Enterprises Pty Ltd (trading as PeoplePlus), hereafter referred to as “the Company”, collects personal information. Personal information is information or an opinion about an individual who is reasonably identifiable.
This Policy sets out the broad controls that the Company has adopted to govern the way it collects and uses personal information, the circumstances under which it may disclose personal information to third parties, how persons can access their personal information held by the Company, and what they can do if they are unhappy with the Company’s treatment of their personal information.
Who is PeoplePlus?
In this policy PeoplePlus Australia (‘the Company’) refers to group of companies that trade under PeoplePlus Enterprises Pty Ltd including, PeoplePlus, AETS, PeoplePlus Education, and all related entities.
1.1 Who does this policy apply to?
This policy applies to any individuals whose personal information we may hold or collect including
contractors, consultants or suppliers of goods or services
participants in programs or services delivered by us
A person whose information may be given to us by a third party
A person seeking employment with us
The Company will be fair and open about the way we collect information about you and what we intend to do with the information we collect
a. What information does this policy refer to?
This Policy applies to personal information and sensitive information.
- Describe the types of personal information that we collect, hold, use and disclose
- Outline our personal information handling procedures
- Explain our authority to collect your personal information, why it may be held by us, how it is used and how it is protected
- Explain our procedures in the event that your personal information is disclosed without authorisation
- Provide information about how to access your personal information, correct it if necessary and complain if you believe it has been wrongly collected or inappropriately handled.
What is personal information?
PeoplePlus, including its employees, contractors and agents, is subject to the Privacy Act 1988 and to the requirements of the Australian Privacy Principles (APP’s) contained in the Privacy Act.
The APPs regulate how organisations can collect, hold, use and disclose personal information and how you can access and correct that information.
“Personal Information” is information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not.
Common examples include your name, telephone number, email address and date of birth.
In this Policy there are also references to sensitive information, which is a subset of personal information. “Sensitive Information” is information or an opinion about a person that is of a sensitive nature, including information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a Trade Union, sexual orientation or practices, criminal record, or health, genetics, biometrics or disability.
What is not personal information?
Information where the Company has removed any references to a person, so that the person cannot be reasonably identifiable from the information, is not personal information.
The Company may use this information for its own purposes and gain. For example, that fact that x jobseekers aged 20-40 have accessed our services, is not personal information.
Collection of personal information
The Company collects information in a variety of ways in the course of running our business, including:
- Providing services to Jobseekers, trainees and other parties;
- Engaging suppliers, contractors, labour hire workers and other personnel;
- Responding to questions about our services and our business;
- Responding to complaints and enquiries via our online complaints process;
- Interacting with people via our website or via social media and related platforms;
- Conducting trade promotions and information sessions;'
- Via security processes at our sites including our sign in registers
The kinds of personal information that the Company collects and holds depends on the circumstances, but can include names, addresses and other contact details, details about a person’s work experience and other qualifications, date of birth, driver’s licence details, bank account details and photographs.
Means of collection
The Company collects most personal information directly from the person, unless the person consents to the collection of information by someone else other than them, or the Company is required or authorized under an Australian law, or a court/tribunal order, to collect the information from someone other than the individual. Third parties may also share information with us about people, including the Government, Centrelink and other related parties. Where reasonable and practicable, the Company will collect personal information directly from you and inform you that this is being done.
When the Company collects personal information, the Company will take reasonable steps to ensure that the person is aware of:
- the collection;
- the purpose of the collection;
- the main consequences (if any) if the information is not collected;
- the types of organisations (if any) to which the information may be disclosed (including those located overseas);
- any law that required the particular information to be collected; and
- the fact that this Policy contains details on access, correction and complain
Personal information collected by the Company is held in a variety of formats including hardcopy and on our computer systems.
If the Company received solicited information (personal information that the Company has not requested) and the Company determines that they could not have collected this information, if requested, under the Australian Privacy Principles, and the information is not contained in a Commonwealth record, the Company shall destroy or de-identify the information if it is lawful and reasonable for the Company to do so.
Where practicable, you may deal with the Company anonymously or by pseudonym, however in some circumstances this may not be practicable and the Company may need to request personal information.
Collection of sensitive information
The Company only collects, holds and handles information about you that is necessary for the Company to perform the services that are requested of the Company, that is otherwise reasonably necessary for business activities or if required by an Australian law or court. The Company will not collect sensitive information unless the person to whom it relates consents to the collection and, the information is reasonably necessary for one or more of the Company’s business functions or activities. The exception to this is where collection is required or authorised by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) life or health or is necessary in relation to legal proceedings (current, anticipated or potential), or another permitted exception in the Act applies.
The Company uses ‘cookies’ and other similar technologies in electronic communications to help us collect information about the way you interact with our content online and help the Company to improve your experience when visiting the Company website.
Cookies are data files that your browser places on your computer or device. They remember the type of browser that the visitor is using and which additional browser software the user has installed. They remember preferences such as languages and region, which remain as your default settings when you next revisit the website. The cookies also allow the user to rate pages and fill in comment forms on the website.
Cookies cannot collect any information stored on your computer or files. Users can visit www.allaboutcookies.org for more information and details on how to delete or reject cookies.
Additional information regarding credit information
In connection with the operation of the Company, the Company collects and uses credit information of individuals.
The types of credit information that the Company collects and uses for the purposes of assessing an application for credit include:
names, addresses and other contact details of account holders and guarantors (both prospective and current);
bank account details
driver’s licence details
Such information is collected from the relevant individual and from credit reporting bodies, as well as from publicly available information. The Company uses the information collected to create an internal credit assessment report.
The Company does not disclose credit information to credit reporting bodies, except for an individual’s identity in order to obtain a credit check from the credit reporting body.
The Company uses Google Analytics to collect information about how people use our website. Google Analytics does this by using cookies to understand the types of websites you visit and the way you interact with those websites. The information the Company obtains from Google Analytics helps us understand user needs and offer a better user experience.
Use or disclosure of personal information
The use to which the Company can put personal information depends on the reason for which it was collected. The Company may use personal information for its primary purpose of collecting the information, or for a related secondary purpose that we could reasonably be expected to use the personal information for.
The Company respects the privacy of personal information and will take reasonable steps to keep it strictly confidential.
The Company will disclose personal information to third parties if it is necessary for the primary purpose of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected. Where such disclosure is necessary, the Company will require that the third party undertake to treat the personal information in accordance with the APP.
Otherwise, the Company will only disclose personal information to third parties without the consent of the person to whom the information relates if the disclosure is:
necessary to protect or enforce PeoplePlus’ rights or interests or to defend any claims;
necessary to prevent or lessen a serious threat to a person’s health or safety;
required or authorised by law;
permitted by another exception in the Act
If the Company uses or discloses personal information to third parties in accordance with the above, the Company must make a written note of the use of disclosure.
The Company may disclose personal information to a related PeoplePlus company in Australia or overseas, subject to the provisions of the Act. In such circumstances, the related company will only use the personal information for the same purposes that the disclosing PeoplePlus Company is authorised to use the personal information for and take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.
Under no circumstances shall the Company sell personal information.
The Company will take all reasonable steps to ensure that all personal information held by the Company is secure from any unauthorised access or disclosure. The Company stores personal information in archive systems for a period the Company considers reasonable depending on the primary purpose for which the information was collected. Only properly authorised people who have a need to access personal information to perform their job will be able to see or use that information.
Personal information will be de-identified or destroyed when it is no longer required such that it cannot re-identified at a later date.
The Company will ensure that its employees receive training about the management of personal information relevant to their respective roles and responsibilities in accordance with the Company’s Information Security Policy.
Adoption of government related identifiers
The Company will not adopt a government related identifier of an individual as its own identifier of the individual unless the adoption of the government related identifier is required or authorized by or under an Australian law or court/tribunal order.
The Company will not use or disclose a government related identifier of an individual unless:
the use or disclosure of the identifier is reasonably necessary for the organization to verify the identity of the individual for the purposes of the organisations activities or functions; or
the use or disclosure of the identifier is reasonably necessary for the organization to fulfil its obligations to an agency or a State or Territory authority; or
any other exception provided for in subclause 9.2 and 9.3 of the Act
Accessing personal information
A person may request to access personal information about themselves held by the Company. Such a request must be made in writing and addressed to the PeoplePlus Privacy Officer at the address below:
PeoplePlus Privacy Officer
Level 6, 22 William Street
Melbourne VIC 3000
Dealing with requests for access
The PeoplePlus Privacy Officer, or delegate of the Company, must respond to the request for access to personal information within a reasonable period after the request is made and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.
Refusal to give access
If the Company refuses to give access to the information, or to give access in the manner requested by the individual, the Company must give the individual a written notice that sets out:
the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
the mechanisms available to complain about the refusal; and
any other matter prescribed by the regulators,
and take steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual.
Correction to personal information
The Company will take reasonable steps to ensure the accuracy and completeness of the personal information they hold. However, if the Company is satisfied that, having regard to a purpose to which the information is held, the information is inaccurate, out-of-date, incomplete, irrelevant or misleading; or the individual requests the Company to correct the information, the Company must take steps (if any) as are reasonable in the circumstances to correct the information to ensure, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. If a person believes that any personal information that the Company holds about them is inaccurate or out of date, then they should contact the PeoplePlus Privacy Officer.
If the Company corrects personal information and the individual requests the Company notify a third party of the correction; the Company must take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
If the Company refuses to correct personal information, the Company must give the individual a written notice that sets out:
- the reasons for the refusal, except to the extent that, having regard to the grounds for the refusal, it would be reasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulators
Notifiable Data Breach Scheme
As an organisation regulated by the Privacy Act 1988, PeoplePlus abide by the requirements of the Notifiable Data Breach Scheme (NDB scheme).
The NDB scheme requires PeoplePlus to notify individuals and the Office of the Australian Information Commissioner (OAIC) about eligible data breaches. An eligible data breach occurs when the following criteria are met:
- There is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur).
- This is likely to result in serious harm to any of the individuals to whom the information relates.
- The entity has been unable to prevent the likely risk of serious harm with remedial action.
In the unlikely event of an eligible data breach, PeoplePlus will manage the circumstances according to our Data Spill Policy and any State or Federal Government deed or contractual requirements.
If a person wishes to complain about any breach by the Company of this policy, the Australian Privacy Principles, Privacy Act or another code or law which binds the Company (if any), a complaint may be lodged in writing by post or email to the address provided, addressed to the PeoplePlus Privacy Officer.
PeoplePlus Privacy Officer
Level 6, 22 William Street
Melbourne VIC 3000
If the Company is unable to resolve the matter, you may raise your concern with the Office of the Australian Information Commissioner (OAIC):
- Ph: 1300 363 992
- E: email@example.com
- GPO BOX 5218 SYDNEY NSW 2001