This policy explains the types of personal information Brennan and Associates collects, how this information is used and under what circumstances, and to whom it may be disclosed.
We will regularly review this policy to ensure it contains an update-to-date statement of how Brennan and Associates will manage your personal information.
The Privacy Act 1988 gives you a number of rights designed to protect your privacy. These rights are set out in thirteen Australian Privacy Principles contained in the Privacy Act 1988.
You should read this policy if you are:
- A customer who has complained or is thinking about complaining to Brennan and Associates
- An employer dealing with Brennan and Associates
- A person whose personal information may be given to or held by Brennan and Associates
- A person employed by or seeking employment with Brennan and Associates
- A contractor or other stakeholder
What personal information do we collect and hold?
Personal information is broadly defined in the Privacy Act 1988 under Part II, Division 1, 6-interpretations as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
Some examples of personal information that Brennan and Associates collects include:
- Names, addresses, telephone numbers and email addresses
- Letters of offer and employment contracts
- Work rosters, sign-in sheets, pay slips and bank statements
- Statements or interviews taken by operatives of Brennan and Associates which allow the person who made the statement or people referred to in the statement to be identified.
The definition of personal information only relates to natural persons. It does not extend to other legal persons, such as companies.
The Privacy Act 1988 includes a subset of personal information called ‘sensitive information’ to which higher privacy standards apply. Higher standards apply because inappropriate handling of this kind of information can have adverse consequences for the individual concerned. In some circumstances, Brennan and Associates may collect and hold sensitive information. Sensitive information is defined as information or an opinion about an individual’s:
- Racial or ethnic origin
- Membership of a professional or trade association
- Membership of a trade union
- Criminal record
- Health information about an individual
How we collect your personal information
We will only collect personal information by lawful and fair means. We may collect personal information from you in a range of circumstances, including:
- When you email or telephone us
- When you lodge a complaint
- When we investigate a complaint
- When we conduct investigations on behalf of clients
- When we conduct surveillance on behalf of clients
When you visit our website, anonymous information about your visit may be recorded. The information recorded only confirms how you used the site (which may include your server address, the date and time of your visit, the pages you accessed, the information you downloaded and the type of internet browser you used); it does not record any personal information about you.
However if you email us or contact us through our website we do collect personal information about you. This may include personal details such as your name, address and email address.
Brennan and Associates will not ask you for personal information we do not need.
We collect personal information when it is reasonably necessary for, or directly related to, our functions or activities. We also collect personal information related to human resource management and other corporate service functions as part of our incidental and support activities.
We usually only collect personal information about you directly from you or from your authorised representative. However, sometimes we will collect your personal information from a third party or from publicly available sources. We will only do this if:
- you consent, or
- we are required or authorised under other legislation, or
- it is unreasonable or impracticable to collect it directly from you.
For example, we may use google searches, white pages, internet articles and social media to locate people where other methods of locating them have failed.
Other forms of information or intelligence gathering may include statement taking, surveillance, personal recorded interviews, canvasses etc.
We also collect personal information from our staff to maintain current employee information for employment related purpose. This information can include:
- applications for employment, including résumés and referee reports
- notes from selection committees during a selection process
- employment contracts and other records related to terms and conditions of employment
- details of financial and other personal interests for the purpose of managing potential or perceived conflicts of interest
- proof of Australian citizenship
- copies of academic qualifications
- medical certificates or health related information
- contact details
- superannuation contributions
- information relating to an employee’s training and development.
We can only collect sensitive personal information if it is reasonably necessary for, or directly related to, our functions and activities and:
- you consent to us collecting it
- we reasonably believe that the information is necessary to lessen or prevent a serious threat to the life, health or safety of any individual, or to public health and safety, and it is unreasonable or impracticable to obtain your consent
- we have reason to suspect that unlawful activity or misconduct of a serious nature relating to our functions or activities has been or is being engaged in and we reasonably believe the information is necessary for us to take appropriate action
How your personal information is held
The personal information we collect is held in secure electronic databases. Some personal information is also held in paper files.
When necessary for their work, the following staff members have access to the electronic databases and paper files containing information about workplace complaints:
- Office staff and management;
- Records management staff
We take reasonable steps to preserve your personal information from loss, misuse, interference, as well as unauthorised access, modification or disclosure. Only people who have a business need to access the personal information held on our databases can access this information. The databases maintain audit trails whenever personal information is created, amended or deleted.
If a substantial data breach has or may have occurred (i.e., your personal information is shared with unauthorised entities), we will promptly notify you about the actual or potential breach.
We take steps to ensure that the personal information we hold is accurate, up to date and complete. These steps include maintaining and updating personal information when we are told by individuals that their personal information has changed, and at other times as necessary.
When no longer required, personal information in paper files is destroyed in a secure manner, in accordance with company guidelines. The personal information held in our electronic databases is deleted in a secure manner when it is no longer needed.
How we use and disclose your personal information
Protecting your privacy and the confidentiality of your personal information is important to us, as it is fundamental to the way we conduct business. Brennan and Associates is sensitive to privacy issues and treats very seriously the ongoing trust people have placed in us.
Whilst your personal information is being provided to a representative of Brennan and Associates, we are bound by confidentiality and non-disclosure agreements and are prohibited from using the information for any other purpose. We also ensure we are aware of our obligations under the Privacy Act 1988 and that we agree to be bound by these obligations.
We only use personal information for the purpose for which it is collected and directly related purposes. We do not disclose personal information to any outside third party organisation, unless it is the party on behalf of which we are conducting the relevant inquiries or activities on behalf of. In this case, we make sure that the third party is bound by the same privacy rules we follow.
We will not use it for another purpose or give it to government agencies, organisations or anyone else unless:
- you consent to it being used or disclosed for another purpose
- you would reasonably expect us to use or disclose the information for another purpose and that purpose is related to the purpose for which it was collected (or directly related if it is sensitive information)
- its use or disclosure is required or authorised by an Australian law or a court or tribunal order
- the use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any person, or to public health or safety
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being, or may be engaged in and we reasonably believe that use or disclosure is necessary to take appropriate action in relation to the matter
- the use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim
- we reasonably believe that the use or disclosure is reasonably necessary for enforcement related activities conducted by or on behalf of an enforcement body.
Overseas disclosure of personal information
It is unlikely that we will disclose your personal information to persons or organisations located overseas. However, if we are required to do so to progress your matter or for some other reason, we will seek your consent before making the disclosure. In such circumstances, we will take reasonable steps to ensure that the person or organisation we are disclosing the information to does not breach your rights under the Privacy Act 1988 or is subject to a law or binding scheme that has the effect of protecting the information in a way that is, overall, at least substantially similar to the Australian Privacy Principles. For example, we may contact the person or organisation who is overseas and ask them for written confirmation that they will deal with the information in a manner that is consistent with your rights under the Privacy Act 1988.
It is not practicable to list every country to which we may provide personal information as this will vary depending on the circumstances.
How you can access and correct your personal information
You can ask to access the personal information we hold about you, or ask that we change this information if it is inaccurate, out of date, incomplete, irrelevant or misleading.
We may ask you to put your request in writing and provide us with some proof of identification before releasing or changing your personal information.
We will respond to your request within 30 days after the request is made.
If you request access to the personal information we hold about you, or ask that we correct your personal information, we will allow such access or make the changes requested if it is reasonable and practical to do so, unless there is a sound reason under the Privacy Act or other relevant law to withhold the information or not make the changes. If we refuse to grant you access to or change the information, we will provide you with written reasons for doing so within 30 days.
There are no fees for requesting access to your personal information.
How you can complain
If you have a complaint about the way we have dealt with your personal information, please contact our company Privacy Officer. The contact details for the Privacy Officer are given below.
Privacy Officer – Brennan and Associates – PO Box 105, Belmont WA, 6984 or email firstname.lastname@example.org
If you make a complaint, we will contact you to discuss the details of your complaint and may ask you to provide more information.
We will make all attempts to respond to and deal with your complaint promptly and within a reasonable time. We will act to resolve the matter when it is reasonable and practical to do so.
You also have the option of contacting the Privacy Commissioner at the Office of the Australian Information Commissioner if you have a complaint about the way we have handled your personal information. If you make a complaint directly to the Privacy Commissioner, the Privacy Commissioner may recommend you try to resolve the complaint directly with us in the first instance.
If you are not satisfied with our complaint handling process in response to your privacy complaint, you have the option of contacting the Commonwealth Ombudsman.