Privacy Policy

Under the IntoWork Australia Privacy Policy, the objective of this policy is the effective management of personal information at IntoWork Australia and the IntoWork Australia Group of businesses.

Personal information is defined as information or an opinion about an individual who is reasonably identifiable.

It is recognised that the management of personal information includes the collection, maintenance, security, use and disclosure of the information.

IntoWork Australia acknowledges the obligation to protect the privacy and personal information of our clients and staff in accordance with privacy legislation and the Australian Privacy Principles.

It is the policy of IntoWork Australia and our businesses that:

1. Personal information is managed in accordance with the privacy legislation, the Australian Privacy Principles and the IntoWork Information Security Management System

2. A person with appropriate knowledge and experience in the requirements of the Australian Privacy Principles has a defined role to act as the businesses’ Privacy Officer

3. A Privacy Statement is implemented and maintained by businesses to achieve the objective of this policy and the management of personal information specific to their operations

4. The IntoWork Australia Privacy Policy and the Privacy Statement are made available on the business’s website

5. Documented procedures are implemented and maintained by businesses for providing access to an individual’s personal information and for making a privacy inquiry or complaint.

6. Management and staff involved in the management of personal information are provided with appropriate information and instruction for the implementation of the Australian Privacy Principles

7. The personal information management systems are periodically reviewed as a basis for continual improvement of its suitability and effectiveness

Implementation of this policy at each IntoWork Australia business is the responsibility of their senior management. The maintenance and review of this policy is the responsibility of the Group CEO. The review will be conducted in consultation with the senior management of IntoWork Australia businesses.

This policy has been developed in consultation with interested parties and with consideration to access and equity principles and legislative requirements.

Guidance Notes

These Guidance Notes accompany the IntoWork Australia Privacy Policy. They are provided to assist in achieving the objective of the Policy at each IntoWork Australia business. They are not part of the policy and are guidance for compliance only. Additional information and assistance with the development and implementation of the required management systems is available by contacting IntoWork Australia.

1. Personal information is managed in accordance with the privacy legislation, the Australian Privacy Principles and the IntoWork Information Security Management System.

There are 13 Australian Privacy Principles prescribed under the Commonwealth Privacy Act 1988. Senior management has the responsibility for the development and implementation of systems for complying with the Principles. The IntoWork Information Security Management System (ISMS) is implemented Group wide. It consist of policies, procedures, controls and process for the management of information security and privacy.

2. A person with appropriate knowledge and experience in the requirements of the Australian Privacy Principles has a defined role to act as the businesses’ Privacy Officer.

Senior management should allocate the role of Privacy Officer to an appropriate person. The role should be developed and documented. Their role typically involves providing information and advice to businesses on meeting their privacy obligations and dealing with applications for access to personal information and privacy inquiries and complaints. The Privacy Officer is not responsible for compliance with the privacy obligations of the business.

3. A Privacy Statement is implemented and maintained by businesses to achieve the objective of this policy and the management of personal information specific to their operations.

The IntoWork Australia policy is an overarching privacy policy implemented Group wide. Each business requires a Privacy Statement that addresses their specific personal information management requirements and industry standards. The Statement provides the opportunity for businesses to document their own systems and processes for compliance with the Australian Privacy Principles. Business Leaders should review the requirements of Principle 1.3 of the Australian Privacy Principles when developing the Statement.

4. The IntoWork Australia Privacy Policy and the organisation’s Privacy Statement are made available on the business’s website.

The Australian Privacy Principles require that businesses make their privacy policy available free of charge. The business’s Privacy Statement will also need to be made available to meet the requirements of Principle 1.3. Guidance material from the Office of the Australian Information Commissioner indicates that the use of an organisation’s website is appropriate.

5.
Documented procedures are implemented and maintained for providing access by a business to an individual’s personal information and for making a privacy inquiry or complaint.

The Australian Privacy Principles require a business, when requested, to provide access for an individual to their personal information. The Principles also require a business to respond to inquiries for privacy information or a complaint. The procedures and other relevant information regarding an application are required to be included in the Privacy Statement (see Principle 1.4).

6. Management and staff involved in the management of personal information are provided with appropriate information and instruction in the implementation of the Australian Privacy Principles.

This requirement is not specifically stated in the Australian Privacy Principles. Each business would require processes to ensure that those involved in the management of personal information were aware of the requirements under the Principles. Resources have been developed by IntoWork Australia for use by businesses for staff information and instruction.

7. The personal information management systems are periodically reviewed as a basis for continual improvement of its suitability and effectiveness.

The review is the responsibility of each business. The aim of the review is to determine the suitability, adequacy and effectiveness of the management of personal information at the business. The review should include identifying opportunities for improvement and determining changes to current or new arrangements in light of the new findings.

Last updated 31st August 2021.