This policy sets out Urbis’ approach to compliance with the Australian Privacy Principles (APP).
Statement of policy
Urbis has policies and procedures in place that are designed to ensure compliance with the Privacy Act 1988 (the Privacy Act) and to ensure we adhere to with APPs set out in the Privacy Act.
The APPs establish minimum standards in relation to the collection, holding, use, disclosure, management, access, correction and disposal of personal information about natural persons, including the employees.
‘Personal information’ is defined under the Act as any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
The legislation is designed to prevent organisations from retaining personal information that is not necessary for their functions or activities. Organisations are also prohibited from acting deceptively while collecting information, and in general, information should only be used for the purpose of which it was collected.
Collection of personal information
From time to time, Urbis collects personal information about of employees (and their next of kin), clients, suppliers, research participants, event attendees and others. We only collect the information we need to fulfil the purpose of collecting it. Common examples include
- name and contact information of employees (and prospective employees), clients and potential clients, contacts, subscribers, research participants, collaborators and advisors, suppliers, sub-contractors and potential sub-contractors, research participants and event participants.
- education, employment and work history of employees (and prospective employees) and sub-contractors
- bank account details of employees, sub-contractors and creditors
- other data about individuals generally collected for research purposes.
Urbis collects personal information in a fair, lawful, and not unreasonably intrusive manner. People about whom we collect personal information are informed of:
- the name and details of the organisation collecting the data
- the kinds of personal information that the organisation collects and holds
- the manner in which the organisation holds personal information
- the purposes for which the data is collected
- the fact that the person, including the employee can access the information on request
- any law that requires the information to be collected.
We seek specific consent to collection, use and disclosure where this is not obvious or clearly implied at the point of collection. In particular, we always seek informed consent to collect information for research purposes.
Use and disclosure
Urbis will not use or disclose personal information for any purpose other than the primary purpose for which it was collected, unless the person has consented to further use or disclosure. At Urbis, we may collect information for a range of primary purposes including:
- business administration (e.g. human resources, client and debtor management)
- marketing (e.g. subscriber databases, client profiling or events management)
- research (e.g. market research or social research).
We may use or disclose information for a secondary purpose when the purpose is related to the primary purpose, or where the person would reasonably expect Urbis to use or disclose. In all other circumstances, we seek consent prior to use or disclosure.
In the unlikely event that personal information is disclosed to an overseas recipient, Urbis will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Urbis takes reasonable steps to ensure that the data we maintain is accurate, complete and up to date. We do this through designing good collection mechanisms (which may include data validation), providing training to staff collecting information, and through conducting audits and reviews of databases which hold personal information.
Urbis takes reasonable steps to protect the information we hold from misuse, interference and loss, and from unauthorised access, modification or disclosure. We do this by securing our electronic storage systems via firewalls and password protection, and our premises through secure entry. We also use lockable storage facilities where personal information is held in hard copy form.
Urbis informs the person on what type of information we hold and for what purposes, as well as how we collect, hold and disclose the information. We generally do this through the use of collection and consent statements at the point of collection.
Access and correction
Where Urbis holds information about an individual, including an employee, we allow the individual access to correct the information on request provided that the request is not frivolous or vexatious, and it would not intrude unreasonable upon the privacy, health or safety of another individual, public health or public safety, or relates to a commercially sensitive decision making process.
Where we decide not to grant access under this policy, we provide a clear explanation for the decision.
Urbis does not collect sensitive information about a person, including information relating to race, religion, political affiliation or union membership unless the person has consented or the information is required by law.
You can contact the Urbis Privacy Officer about any privacy issues by emailing firstname.lastname@example.org or calling 1800 244 863.
If we take more than 30 days to respond to your privacy complaint, or if you are dissatisfied with the outcome, you can make a complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner. The OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au.