Introduction:

Kreate Australia Pty Ltd is committed to protecting the privacy of personal information which it collects, holds and administers by preventing wrongful access, collection, disclosure or release of personal information by verbal, written or electronic means.

Purpose:

The policy is designed to ensure that Kreate Australia Pty Ltd staff comply with and observe the statutory requirements of the Privacy Act 1988.

Policy:

All staff of Kreate Australia Pty Ltd shall be aware and observant of the ten National Privacy Principles, outlined in the Privacy Act 1988, which are summarised below:

  1. Collection: personal information must be collected in a way that is lawful, fair and transparent; it must be necessary for the Kreate Australia Pty Ltd’s functions and activities.

  2. Use and disclosure: information is collected and used for the primary purpose of collection unless specific circumstances apply.

  3. Data quality: data quality must be maintained, ensuring that the personal information collected or used is accurate, complete and current.

  4. Data security: data and information must be maintained in a secure environment that prevents unauthorised access, misuse or loss.

  5. Openness: there should be a document that clearly expresses policies on the management of personal information and the document should be available to anyone who requests it.

  6. Access and correction: where information is held about an individual, that individual will be provided with access to such information on request.

  7. Identifiers: Kreate Australia Pty Ltd will not adopt as its own identifier the identifier of other agencies or service providers, eg Centrelink identification number.

  8. Anonymity: where it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with Kreate Australia Pty Ltd.

  9. Trans-border data flows: personal information about an individual or organisation may only be transferred to someone (other than to the organisation or individual) who is in a foreign country under explicit provisions of the Act.

  10. Sensitive information: must not be collected under any circumstances except for those specified within the Act, eg. collection is required by law.

 

Procedures:

 

Collection

Kreate Australia Pty Ltd will:

  1. Only collect information that is necessary for the performance and primary function of Kreate Australia Pty Ltd. Where practicable, collection of personal information will only occur from interaction with that individual.

 

Use and Disclosure

Kreate Australia Pty Ltd will:

  1. Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.

  2. For other uses, we will obtain consent from the affected party.

 

Data Quality

Kreate Australia Pty Ltd will take reasonable steps to ensure the information we collect is accurate, complete, up-to-date and relevant to the functions we perform.

 

Data Security

Kreate Australia Pty Ltd will safeguard the information we collect against misuse, loss, unauthorised access and modification.

Reasonable steps will be taken to destroy or permanently de-identify personal information no longer needed.

 

Openness

Kreate Australia Pty Ltd will ensure staff member are aware of this policy and make this information freely available.

 

Access and Correction

Kreate Australia Pty Ltd will ensure individuals have a right to seek access to information about them and to correct it, if it is inaccurate, incomplete or misleading or not up-to-date.

 

Anonymity

Kreate Australia Pty Ltd will give stakeholders the option of not identifying themselves when completing evaluation forms and surveys.

 

Making Information Available to Third Parties:

Kreate Australia Pty Ltd:

  1. Can only release personal information about a person with that person’s expressed permission. For personal information to be released, the person concerned must sign a release form.

  2. Can only release information to a third person where it is requested by the person concerned.

  3. If the information is required in order to inform members of opportunities or events that are in line with our organisation’s mission or vision, we may provide a third party with name and address labels only. We are never to provide the information in electronic format.

Complaints:

All complaints against Kreate Australia Pty Ltd  staff in respect of privacy must be reviewed and investigated within 10 working days of the complaint being received.

All responses to privacy requests and complaints shall be reviewed by the Management.

 

Responsibilities:

 

It shall be the responsibility of the Management to ensure that all requirements of this policy are complied with.

Kreate Australia Pty Ltd’s Committee, staff and volunteers are responsible for the implementation of this policy.

 

These policy and procedures shall be reviewed every year by the Management.