1.1 From time to time BridgePoint Group Pty Ltd and it’s related entities (“the Company”) is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to, its clients, contractors, suppliers and employees) in the performance of its business activities.
1.2 This document sets out the Company’s policy in relation to the protection of personal information.
1.3 The protection of personal information is governed by the Privacy Act 1988 (Cth) (“the Act”) and regulated by the Australian Privacy Principles (“the APPs”). The Company complies with the APPs in respect of its treatment of your personal information.
2. What is personal information?
‘Personal information’ means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is reasonably identifiable from the information or opinion.
3. Employee records
3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.
3.2 An ‘employee record’ is a record of personal information relating to the employment of an employee. Examples of personal information relating to the employment of the employee include, but are not limited to, health information and information about the engagement, training, disciplining, resignation, termination, terms and conditions of employment of the employee. Please see the Act for further examples of employee records.
4. Anonymity and pseudonymity
4.1 You have the option of not identifying yourself, or using a pseudonym, when dealing with the Company in relation to a particular matter. This does not apply:
(a) where the Company is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
(b) where it is impracticable for the Company to deal with individuals who have not identified themselves or who have used a pseudonym.
4.2 However, in some cases if you do not provide the Company with your personal information when requested, the Company may not be able to respond to your request or provide you with the goods or services that you are requesting.
(a) Kinds of information that the Company collects and holds
5. Types of personal information collected by the Company
5.1 The Company collects personal information that is reasonably necessary for one or more of its functions or activities.
5.2 The type of information that the Company collects and holds may depend on your relationship with the Company. For example:
(a) Candidate: if you are a candidate seeking employment with the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details;
(b) Client: if you are a client of the Company, the Company may collect and hold information including your name, address, email address, website address, contact telephone number, gender and age, marital status, tax file number, income, assets, liabilities, agreements, wills, powers of attorney, enduring guardianship, plans and financial projections;
(c) Supplier: if you are a supplier of the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, business records, billing information, information about goods and services supplied by you;
(d) Contractor: if you are a contractor to the Company, the Company may collect and hold information including your name, address, email address, contact telephone number, gender, age, employment history, references, resume, medical history, emergency contact, taxation details, qualifications and payment details; and
(e) Referee: if you are a referee of a candidate being considered for employment by the Company, the Company may collect and hold information including your name, contact details, current employment information and professional opinion of candidate.
6. Sensitive information
The Company will only collect sensitive information where you consent to the collection of the information and the information is reasonably necessary for one or more of the Company’s functions or activities. ‘Sensitive information’ includes, but is not limited to, information or an opinion about racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, membership of a professional or trade association, membership of a political organisation, sexual preferences, criminal record, health information or genetic information.
7. How the Company collects and holds personal information
7.1 The Company will only collect personal information by lawful and fair means. The Company will collect personal information directly from you if it is reasonable or practicable to do so.
7.2 The Company may collect personal information in a number of ways, including without limitation:
(a) through application forms;
(b) by email or other written mechanisms;
(c) over a telephone call;
(d) in person;
(e) through transactions;
(f) through the Company’s website;
(g) through surveillance camera;
(h) by technology that is used to support communications between you and the Company;
(i) through publically available information sources (which may include telephone directories, the internet and social media sites); and
(j) from direct marketing database providers.
7.3 When the Company collects personal information about you through publicly available information sources, it will manage such information in accordance with the APPs.
7.4 Unless the Company determines that it could have collected the unsolicited personal information in line with the APPs or the unsolicited personal information is contained within a Commonwealth record, the Company must destroy the unsolicited personal information to ensure it is de-identified. ‘Unsolicited personal information’ is personal information that the Company receives which it did not solicit.
7.5 The Company may hold personal information it has collected in soft copy and hard copy formats including the use of paper documents, and electronic data stored on internal computer hard drives and external hard drives. Electronic data may be stored using cloud-based technology at an off-site location using secure servers.
8. Purposes for which the Company collects, holds, uses and/or discloses personal information
8.1 The Company will collect personal information if it is reasonably necessary for one or more of its functions or activities.
8.2 The main purposes for which the Company may collect, hold, use and/or disclose personal information may include but are not limited to:
(a) provision of professional services;
(b) recruitment functions;
(c) client service management;
(d) business relationship management.
(e) training and events; and
(f) surveys and general research.
8.3 The Company may also collect, hold, use and/or disclose personal information if you consent or if required or authorised under law.
9. Disclosure of personal information
9.1 The Company may disclose your personal information for any of the purposes for which it is was collected, where it is under a legal duty to do so, or for a purpose expressly contemplated in this policy. You authorise the Company to disclose your information where necessary to others in furtherance of your matter.
9.2 Where your personal information is disclosed to third parties, they will only be authorised to use your personal information for the purpose that the Company supplied it to them. If those third parties are located overseas, then your personal information may be transferred overseas.
9.3 You agree that the Company will not be held liable for any unauthorised disclosure of your personal information. You forever release and indemnify the Company from any claim by you or any third party in respect of any direct or indirect loss or damage suffered as a result of disclosure of your personal information.
9.4 The Company’s business includes an accounting practice. The accounting practice’s system of quality control has been established and maintained in accordance with the relevant APESB standard. As a result, our files may be subject to review as part of the quality control program of the Institute of Chartered Accountants in Australia which monitors compliance with professional standards by its members. Should your file be selected for review, the Company will advise you as soon as practicable.
9.5 The Company may disclose information to an enforcement body where it reasonably believes that the use or disclosure of the information is necessary for one or more enforcement related activities.
9.6 Before the Company discloses personal information about you to a third party, the Company will take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information.
10. Access to personal information
10.1 If the Company holds personal information about you, you may request access to that information by putting the request in writing and sending it to the Privacy Officer. The Company will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information.
10.2 The Company will not charge you for making a request under this clause. However, the Company reserves the right to charge for giving access to the personal information.
10.3 There are certain circumstances in which the Company may refuse to grant you access to the personal information. In such situations the Company will give you written notice that sets out:
(a) the reasons for the refusal, unless it is unreasonable to do so; and
(b) the mechanisms available to you to make a complaint about the refusal.
10.4 The Company does not have to provide you with access to your personal information if:
(a) the Company believes that giving access would pose a serious threat to life, health or safety of any individual, or to public health or public safety;
(b) giving access would have an unreasonable impact on the privacy of other individuals;
(c) the request for access is frivolous or vexatious;
(d) the information relates to existing or anticipated legal proceedings between the Company and you, and would not be accessible by the process of discovery in those proceedings;
(e) giving access would reveal the intentions of the entity in relation to negotiations with the individual in such a way as to prejudice those negotiations;
(f) giving access would be unlawful;
(g) denying access is required or authorised by or under an Australian law or a court/tribunal order;
(h) both of the following apply:
(i) the Company has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the Company’s functions or activities has been, is being or may be engaged in; and
(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
(i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(j) giving access would reveal evaluative information generated within the Company in connection with a commercially sensitive decision-making process.
11. Correction of personal information
11.1 If the Company holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it will take reasonable steps to correct the information.
11.2 If the Company holds personal information and you make a request in writing addressed to the Privacy Officer to correct the information, the Company will:
(a) respond to your request within a reasonable period; and
(b) take reasonable steps to correct the information.
11.3 There are certain circumstances in which the Company may refuse to correct the personal information. In such situations the Company will give you written notice that sets out:
(a) the reasons for the refusal; and
(b) the mechanisms available to you to make a complaint.
11.4 If the Company corrects personal information that it has previously supplied to a third party and you request the Company to notify the third party of the correction, the Company will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
11.5 The Company will not charge you for making a request under this clause or for any corrections to the personal information.
12. Quality and security of personal information
12.1 The Company will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it:
(a) collects is accurate, up-to-date and complete; and
(b) uses or discloses is, having regard to the purpose of the use or disclose, accurate, up-to-date and complete.
12.2 The Company will take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure.
12.3 If the Company holds personal information it no longer needs and the Company is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.
13. Direct marketing
13.1 The Company may:
(a) use or disclose personal information (other than sensitive information) about you for the purpose of direct marketing (for example, advising you of new goods and/or services being offered by the Company); and
(b) use or disclose sensitive information about you for the purpose of direct marketing if you have consented to the use or disclosure of the information for that purpose.
13.2 You can opt out of receiving direct marketing communications from the Company by contacting the Privacy Officer in writing or accessing the Company’s website and unsubscribing appropriately if that function is available.
13.3 The Company will not provide your contact details to third parties for marketing purposes, except with your express prior consent.
14. Promotional purposes
Except as you may otherwise inform the Company, and subject to any confidentiality undertakings of which the Company is made aware between you and any other party about a particular transaction, you agree that the Company may mention your name as a client in private correspondence and the Company’s promotional material, and include in a list of transactions which the Company uses for promotional and internal purposes a summary description of all completed transactions and any pending transactions on which the Company represents you. This may be in the form of print, TV, radio or multimedia (including web).
15. Privacy Officer contact details
The Company’s Privacy Officer can be contacted in the following ways:
(a) Telephone number: 1300 656 141
(b) Email address: firstname.lastname@example.org
(c) Postal address: PO Box 506, Milsons Point NSW 1565
16. Complaint resolution process
16.1 You have a right to complain about the Company’s handling of your personal information if you believe the Company has breached the APPs.
16.2 If you wish to make such a complaint to the Company, you should first contact the Privacy Officer in writing. Your complaint will be dealt with in accordance with the Company’s complaints procedure and the Company will provide a response within a reasonable period.
16.3 If you are unhappy with the Company’s response to your complaint, you may refer your complaint to the Office of the Australian Information Commiss