The purpose of this policy is to describe Nomergy’s policy and processes relating to the collection, handling, use and disclosure of personal information. The policy also provides a process for complaints about breaches of the privacy legislation, accessing personal information and how to have that information corrected.
The authority for the implementation of this policy is provided under the Privacy Act 1998 and Privacy Amendment (Enhancing Privacy Protection) Act 2012.
3. POLICY STATEMENT
Nomergy is committed to managing personal information in accordance with the Australian Privacy Principles, Privacy Act 1998 and Privacy Amendment (Enhancing Privacy Protection) Act 2012.
4. POLICY APPLICATION
The Privacy Act is the national legislation which ensures that organisations protect people’s personal information and are transparent about how they handle this information. It was amended in the Privacy Amendment (Enhancing Privacy Protection) Act 2012 and these changes came into force 12 March 2014.
The legislation incorporates 13 Australian Privacy Principles that regulate the handling of personal information:
Part 1- Consideration of personal information privacy
Australian Privacy Principle 1- open and transparent management of personal information
Australian Privacy Principle 2 - anonymity and pseudonymity
Part 2- Collection of personal information
Australian Privacy Principle 3 - collection of solicited personal information
Australian Privacy Principle 4 - dealing with unsolicited personal information
Australian Privacy Principle 5 - notification of the collection of personal information
Part 3- Dealing with personal information
Australian Privacy Principle 6 - use or disclosure of personal information
Australian Privacy Principle 7- direct marketing
Australian Privacy Principle 8 - cross-border disclosure of personal information
Australian Privacy Principle 9 - adoption, use or disclosure of government related identifiers
Part 4 - Integrity of personal information
Australian Privacy Principle 10 - quality of personal information
Australian Privacy Principle 11- security of personal information
Part 5- Access to, and correction of, personal information
Australian Privacy Principle 12 - access to personal information
Australian Privacy Principle 13 - correction of personal information
The following information specifies how Nomergy manages personal information across its business undertakings:
Personal information privacy
Personal Information is information that Nomergy holds which is identifiable as being about an individual or could reasonably identify an individual. Nomergy has implemented practices so that its management of Personal Information is open and transparent.
Nomergy is not practicably able to provide anonymity and pseudonymity options for its clients.
Collection of personal information
Collection of solicited personal information: Generally Nomergy collects personal information directly i.e. face to face, over the phone, email correspondence or through membership signups. The types of people include franchisees, employees, contractors, suppliers and members.
The types of personal information collected are as follows:
· names, job titles, contact address details;
· date of birth and gender;
· dietary preferences including allergies;
· credit card and bank details details;
· details of superannuation and insurance arrangements;
· educational qualifications, employment history and salary;
· visa or work permit status.
In some cases it may be necessary for Nomergy to collect sensitive information such as professional memberships, ethnic origin, criminal record and health information.
There may be times when information is collected from a third party via a reference check. This information is collected only from a source that is nominated by the person the information is about.
Nomergy may also collect personal information via Social Media, SMS mobile marketing or from a person’s use of its website via contact mailboxes or registration processes.
Dealing with unsolicited personal information: Whilst all information provided to Nomergy should be from the person that that information belongs to, there could arise a circumstance where Nomergy is provided with someone else’s personal information. When this occurs Nomergy will, as best it can, ascertain if permission has been given that allows an individual to provide this information on behalf of someone else.
Notification of the collection of personal information: Nomergy will, as soon as practicable, notify an individual that it has collected the information, where it was collected from and the purpose for which it was collected.
Information Storage: Nomergy stores information via secure servers and hard drives.
Privacy on Nomergy Website
Cookies are a common part of many commercial websites that allow small text files to be sent by a Website, accepted by a Web browser and then placed on a hard drive as recognition for repeat visits to the Site. Every time a person visits the Site, Nomergy servers, through cookies, pixels and/or GIF files, collect basic technical information such as domain names, the address of the last URL visited prior to clicking through to the Site, and the browser and operating system. Cookies do not need to be enabled to visit the Nomergy site, however, some parts of the site and some services may be more difficult or impossible to use if cookies are disabled.
User login information: Nomergy uses login information, including, but not limited to, IP addresses, ISPs, and browser types, to analyse trends, administer the site, track a user's movement and use, gather broad demographic information and provide personal web page access to authorized customers.
Dealing with personal information
Use or disclosure of personal information: As part of a users agreement with Nomergy, their delivery address information will be provided to third party food providers for eh delivery of their nutritional products. This is specifically related to their use of their membership with Nomergy. Nomergy will not disclose personal information to any other third party unless it has the consent of the person to do so. The exception to this is where Nomergy is required by law to provide the information.
Direct marketing: Nomergy will not disclose or use personal or sensitive information for the purposes of direct marketing unless permission has been given that allows for this to occur. Membership agreements with Nomergy provide authorisation for personal information to be used for internal marketing purposes only.
Cross-border disclosure of personal information: Nomergy’s IT Systems are Australia based and no information is kept outside of Australia. All information contained within its IT System is used solely for purpose of managing a person’s membership and access to the Nomergy products.
Adoption, use or disclosure of government related identifiers: Nomergy does not use or adopt government related identifiers. Nomergy may disclose an identifier (i.e. employee tax file number) where there is a government statutory requirement for an employer to do so.
Integrity of personal information
Quality of personal information: Nomergy will take practically reasonable steps to ensure that the personal information that that it collects is accurate, up-to-date and complete. Members of Nomergy are able to at any time update their personal information.
Security of personal information: Nomergy will take all practically reasonable steps to ensure that information it has collected is protected from misuse, interference and loss, unauthorised access, modification or disclosure.
Where the information is no longer required, Nomergy will destroy the information or ensure that it is de-identified.
Access to, and correction of, personal information
Access to personal information: A person is entitled to access their personal information held by Nomergy. To access personal information, a request should be made in writing to Nomergy. The request will be responded to within 7 business days.
Nomergy may refuse access if:
· it reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
· giving access would have an unreasonable impact on the privacy of other individuals; or
· the request for access is frivolous or vexatious; or
· the information relates to existing or anticipated legal proceedings between the entity and the individual, and would not be accessible by the process of discovery in those proceedings; or
· giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
· giving access would be unlawful; or
· denying access is required or authorised by or under an Australian law or a court/tribunal order;
· both of the following apply:
· it has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the entity's functions or activities has been, is being or may be engaged in;
· giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
· giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
· giving access would reveal evaluative information generated within the entity in connection with a commercially sensitive decision-making process.
In the event of refusal, Nomergy will provide a written explanation and provide details of the associated complaints process.
Correction of personal information: Nomergy will take all reasonable steps to ensure that information is accurate, up to date, complete, relevant and not misleading. Where Nomergy or the person the information is about believes that this is not the case, all necessary actions will be taken to ensure that the information is corrected.
If a person, or an organisation, wishes to complain about how Nomergy has handled personal information, it may do so by contacting the General Manager, Nomergy and providing the complaint in writing.
General Manager: Andy Peat
Contact details: email@example.com
5. ROLES AND RESPONSIBILITIES
Directors – Nomergy
General Manager – Andy Peat
The General Manager is also responsible for responding to complaints about the handling of personal information.
Staff are responsible for:
· maintaining an awareness of privacy requirements
· appropriately using Nomergy Systems to manage personal information;
· ensuring all personal information is secure; and
· not disclosing any information to third parties.
6. EFFECTIVE DATE
This policy is effective from 16 December 2015.
7. FURTHER INFORMATION
Should you require any further information or clarification, please contact Nomergy via email: firstname.lastname@example.org
Approved: Andy Peat
Date: 12 December 2015
Description / comments
12 December 2015
New Nomergy Policy
9. DEFINITIONS / GLOSSARY OF TERMS
Personal information - means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information - means:
a) information or an opinion about an individual's:
i. racial or ethnic origin; or
ii. political opinions; or
iii. membership of a political association; or
iv. religious beliefs or affiliations; or
v. philosophical beliefs; or
vi. membership of a professional or trade association; or
vii. membership of a trade union; or
viii. sexual preferences or practices; or
ix. criminal record;
that is also personal information; or
b) health information about an individual; or
c) genetic information about an individual that is not otherwise health information.
Chat to a Nomergy Expert on 1300 666 374 or email us below