EPM Partners is committed to protecting the personal information that we collect, use and disclose.
This policy supports our need to collect information and the right of the individual to privacy.
It ensures that we can collect personal information necessary for our services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect their personal information.
This policy sets out how EPM Partners is to collect, hold, manage, use, disclose or transfer personal information in accordance with the National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act. This policy sets out how we collect and treat your personal information
All EPM Partners staff must act in accordance with this policy.
EPM Partners must collect and handle personal information in accordance with the National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act.
The Accountable Officer for this policy is the Managing Director. The Accountable Officer is responsible for the:
- development of this policy,
- implementation of any supporting protocols, processes and guidelines, and
- ongoing monitoring of compliance with this policy.
Governance and Reporting
Compliance with this policy is overseen by the Managing Director.
This policy will be reviewed and updated from time to time to take account of new laws, technology and processes. The review process will be completed by the Managing Director.
For more information about this policy, contact the Managing Director on Stuart.Penny (at) epmpartners.com.au.
Throughout this policy:
- Personal information means recorded information or opinion, whether true or not, about a person whose identity is apparent, or can reasonably be ascertained, from the information. The information or opinion can be recorded in any form.
- Sensitive information means information or opinion (that is also personal information) about a person’s racial or ethnic origin, political opinions, religion, philosophical beliefs, sexual preferences or practices, membership of a political association, professional/trade association or trade union, or an individual’s criminal record.
Personal information is collected and used by EPM Partners for the following purposes:
- to plan, fund, implement, monitor, regulate and evaluate our services and functions
- to fulfill statutory and other legal functions and duties
- to comply with reporting requirements
EPM Partners has adopted the Information and Health Privacy Principles in the Privacy and Data Protection Act 2014 as minimum standards when dealing with personal information.
This means that, subject to some exceptions (see below), EPM Partners must not do an act, or engage in a practice, that contravenes an Information Privacy Principle in respect of personal information collected, held, managed, used, disclosed or transferred by it.
Information Privacy Principles
EPM Partners applies the key National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act
Collection of Personal Information
EPM Partners will only collect personal information if the information is necessary for one of its functions or activities.
Where the personal information of an individual is collected, reasonable steps should be taken to ensure that the individual is aware of:
- the identity of EPM Partners and how to contact us
- the fact that the individual can gain access to the information
- who EPM Partners usually discloses information of that kind to
- any law that requires the information to be collected
- the main consequence (if any) for the individual if all or part of the information is not provided to EPM Partners.
Use and Disclosure
EPM Partners must only use or disclose personal information for the primary purpose for which it was collected, unless:
- use or disclosure is for a related secondary purpose and the individual would reasonably expect EPM Partners to use or disclose the information for that secondary purpose
- the individual has provided consent
- use or disclosure is reasonably necessary to carry out a law enforcement function
- use or disclosure is otherwise required, permitted or authorised by law.
EPM Partners values information as an important resource. Accordingly, EPM Partners must take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete, up to date and relevant to EPM Partners functions or activities.
EPM Partners is guided by the principle that all information is well governed and managed. Accordingly, EPM Partners must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. This includes destroying or permanently de-identifying personal information if it is no longer needed.
To enable greater access to government decisions, EPM Partners information should be easy to find, access and use. This means that EPM Partners must have, and make available, clearly expressed policies on its management of personal information.
On request by a person, EPM Partners must take reasonable steps to let the person know, generally:
- what sort of personal information it holds
- for what purposes such information has been collected
- how it collects, holds, uses and discloses that information.
Access and Correction
Individuals have a right to access, and to correct, their personal information held by EPM Partners.
EPM Partners limits its adoption and sharing of unique identifiers.
EPM Partners will:
- not assign unique identifiers to individuals unless the assignment is necessary to enable it to carry out its functions efficiently
- only adopt (as its own unique identifier of an individual), use or disclose a unique identifier assigned by another organisation in limited circumstances.
Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering into transactions with EPM Partners.
Transborder data flows
EPM Partners will only transfer personal information about an individual to someone who is outside Australia in limited circumstances. Specifically, EPM Partners should only transfer personal information outside Australia if:
- the individual consents to the transfer
- EPM Partners reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which is very similar to the National Privacy Principles contained within Australian Privacy Act 1988 (Cth) and February 2018 amendments.
- EPM Partners has taken reasonable steps to ensure that the transferred information will not be held, used or disclosed inconsistently with the Australian Privacy Act 1988 (Cth) and February 2018 amendments.
EPM Partners will only collect sensitive information in limited circumstances. For example, EPM Partners can collect sensitive information if the individual has consented or if the collection is required by law.
EPM Partners is guided by the principle that information is open for sharing and reuse. Accordingly, the information privacy requirements contained within this policy should be balanced with EPM Partners intention to share information to the maximum extent possible.
Australian privacy law also stipulates certain situations where EPM Partners does not need to comply with the Information Privacy Principles. Should they arise, exceptions to the application of the Information and Health Privacy Principles should be approved by the Managing Director.
EPM Partners will be efficient and fair when investigating and responding to information privacy complaints. EPM Partners will investigate and respond to complaints.
For more information about this policy, contact EPM Partners Managing Director at Stuart.Penny (at) epmpartners.com.au.
Privacy and Data Protection Act 2014