Serendipity (WA) Pty Ltd trading as Advanced Personnel Management (APM) and its related companies is strongly committed to maintaining the privacy of personal information it collects as part of the services it offers. APM places great importance on protecting the privacy of its employees, valued clients, customers and other stakeholders.
References in this policy to APM 'us' 'we' or 'our' include all entities controlled by Serendipity (WA) Pty Ltd.
The purpose of this policy is to:
- Give you a better and more complete understanding of the kinds of personal information that we collect and hold
- Clearly and concisely communicate how and when your personal information is collected, disclosed, used, held and otherwise handled by us
- Inform you about the purposes for which we collects, holds, uses and discloses personal information
- Provide you with information about how you may access your personal information, and seek correction of your personal information
- Provide you with information about how you may make a complaint, and how we will deal with any such complaint
- Advise you of the circumstances in which we are likely to disclose your personal information to overseas recipients
This policy sets out how we will comply with our obligations under the Data Protection Act 1998, which regulate how we may collect, use, disclose and hold your personal information, and how you may access and correct personal information held about them.
We will ensure that all of our officers, employees and subcontractors are aware of and understand APM’s obligations and their own obligations under the Act and are provided with training to enable them to fulfil these obligations.
We will also achieve this through maintaining internal policies and processes to prevent personal information being collected, held, shared / exchanged, accessed or disposed of improperly.
What is personal information?
Collection of personal information
We do not collect personal information unless it is reasonably necessary for, or directly related to, one or more of our functions or activities.
Personal information collected by us will usually fall into one of the following categories:
- Contact information (name, age, address, email address and telephone numbers);
- Employment information (e.g. employment history, work performance, absences, workplace incidents, next of kin information);
- Financial information (e.g. bank account details);
- Sensitive information (e.g. health, medical history, criminal history, religious beliefs, trade union activity);
- Information obtained to assist in managing client and business relationships
We may collect your information from you in a variety of ways including face-to-face, over the telephone, through an online form or portal, through a paper form or by email. Sometimes we will collect personal information from a third party or a publicly available source if it is unreasonable or impracticable to collect the personal information directly from you (e.g. checking a work history).
You may choose to deal with us anonymously or under a pseudonym where lawful and practical. Where anonymity or the use of a pseudonym will render APM unable to provide the relevant service or reasonably conduct business, we may request that you identify yourself.
Why do we collect, use and store your personal information?
We collect, use and store your personal information to provide you with services including:
- Recruitment / Employment Services
- Employee Management
- Injury Management and Assessment
- Labour Market Research
- Ergonomic Assessments and Advice
- Occupational Safety and Health
- Psychological Assessments / Counselling
- Insurance Claims and Assessments
- Training / Education
- Client and Business Relationship Management
Our services, functions and activities, as well as those of our contracted service providers, may change from time to time.
We are committed to keeping personal information secure and safe. Some of the ways we do this are:
Protecting and storing your personal information
Although we take all reasonable steps to secure personal information from loss, misuse and unauthorised access, there is an inherent risk of loss of, misuse of or unauthorised access to such information. APM will not be held responsible for such actions where the security of the personal information in not within our control or we cannot reasonably prevent such an incident.
- Requiring employees and contractors to enter into confidentiality agreements
- Secure hard copy document storage (i.e. storing hard copy documents in locked filing cabinets)
- Security measures for access to computer systems
- Password protected data storage devices such as laptops, tablets and smart phones
- Providing a discreet environment for confidential discussions
- Access control for our buildings including waiting room / reception protocols and measures for securing the premises when unattended
- Security measures for our websites
We will only use and disclose personal information for the primary purpose for which it was initially collected, or for purposes which are directly related to one of our functions or activities.
Who will we disclose your personal information to?
APM contracts out some of its functions and relies on third party suppliers or contractors to provide specialised services such as employment services, “cloud computing” technology and data storage services, legal advice, insurance broking, security services, and financial services. If personal information is provided to these suppliers and contractors in order to enable them to perform the agreed tasks, we will take reasonable measures to ensure that the supplier or contractor handles the personal information in accordance with the Act.
We will not disclose your personal information to government agencies, private sector organisations or any third parties unless one of the following applies:
- You have consented
- We believe that you would reasonably expect, or have been told, that information of that kind is usually passed to those individuals, bodies or agencies
- It is otherwise required or authorised by law
- It is reasonably necessary for enforcement related activities conducted by, or on behalf of, an enforcement body (e.g. police)
We will ensure that all personal information we collect, use or disclose is accurate, complete and up-to-date. Please contact APM’s Information Security Manager (details below) if you are aware of any personal information that does not meet this objective.
Accuracy of Personal Information
If we are aware that we hold personal information that (having regard to the purpose for which it was collected) is inaccurate, out of date, incomplete, or irrelevant, we will take reasonable steps to correct that information.
You may seek access to, and correction of, personal information held by us in accordance with the section below “How can I access my personal information and contact APM?”
How can I access my personal information and contact APM?
Please contact us if you would like to seek access to or correct the personal information we hold about you:
APM Information Security Manager – Unit 40, Newtown Shopping Centre, Birmingam B19 2SS | 0121 359 3024
Under the Act, we may refuse to grant access to personal information if:
- We believes that granting access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- Granting access would have an unreasonable impact upon the privacy of other individuals
- Denial of access is required or authorised by law or by a Court or Tribunal order
- Giving access would be unlawful
- The request for access is frivolous or vexatious
- Legal proceedings are underway or anticipated and the information would not be accessible by way of the discovery process in those proceedings
- Giving access would reveal the intentions of APM in relation to negotiations between APM and you in such a way as to prejudice those negotiations
- Giving access is likely to prejudice enforcement related activities conducted by, or on behalf of, an enforcement body
- Giving access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to APM’s functions or activities
- Giving access would reveal information in connection with a commercially sensitive decision making process
If we do not agree to make a correction to personal information, you may provide a statement about the requested corrections, and we will ensure that the statement is apparent to any users of the relevant personal information.
If we do not agree to provide access to personal information or to correct the personal information, we will provide you with written reasons for the refusal and the mechanisms available to complain about the refusal.
If you consider that there has been a breach, you are entitled to complain to APM.
How do we handle complaints?
All complaints are to be in writing and directed to the Information Security Manager using the contact details above. A Complaint Form can be completed. APM will acknowledge receipt of a written complaint within 2 business days.
APM’s Information Security Manager will investigate the complaint and attempt to resolve it within 20 business days after the written complaint was received. Where it is anticipated that this timeframe is not achievable, we will contact the person making the complaint to provide an estimate of how long it will take to investigate and respond to it.
Monitoring and training