EPM Partners is committed to protecting the personal information that we collect, use and disclose.
This policy supports our need to collect information and the right of the individual to privacy.
It ensures that we can collect personal information necessary for our services and functions, while recognising the right of individuals to have their information handled in ways that they would reasonably expect and in ways that protect their personal information.
This policy sets out how EPM Partners is to collect, hold, manage, use, disclose or transfer personal information in accordance with the National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act. This policy sets out how we collect and treat your personal information
All EPM Partners staff must act in accordance with this policy.
EPM Partners must collect and handle personal information in accordance with the National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act.
The Accountable Officer for this policy is the Managing Director. The Accountable Officer is responsible for the:
Governance and Reporting
Compliance with this policy is overseen by the Managing Director.
This policy will be reviewed and updated from time to time to take account of new laws, technology and processes. The review process will be completed by the Managing Director.
For more information about this policy, contact the Managing Director on Stuart.Penny (at) epmpartners.com.au.
Throughout this policy:
Personal information is collected and used by EPM Partners for the following purposes:
EPM Partners has adopted the Information and Health Privacy Principles in the Privacy and Data Protection Act 2014 as minimum standards when dealing with personal information.
This means that, subject to some exceptions (see below), EPM Partners must not do an act, or engage in a practice, that contravenes an Information Privacy Principle in respect of personal information collected, held, managed, used, disclosed or transferred by it.
Information Privacy Principles
EPM Partners applies the key National Privacy Principles contained within Australian Privacy Act 1988 (Cth), and the February 2018 amendments to the 1988 Act
Collection of Personal Information
EPM Partners will only collect personal information if the information is necessary for one of its functions or activities.
Where the personal information of an individual is collected, reasonable steps should be taken to ensure that the individual is aware of:
Use and Disclosure
EPM Partners must only use or disclose personal information for the primary purpose for which it was collected, unless:
EPM Partners values information as an important resource. Accordingly, EPM Partners must take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete, up to date and relevant to EPM Partners functions or activities.
EPM Partners is guided by the principle that all information is well governed and managed. Accordingly, EPM Partners must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. This includes destroying or permanently de-identifying personal information if it is no longer needed.
To enable greater access to government decisions, EPM Partners information should be easy to find, access and use. This means that EPM Partners must have, and make available, clearly expressed policies on its management of personal information.
On request by a person, EPM Partners must take reasonable steps to let the person know, generally:
Access and Correction
Individuals have a right to access, and to correct, their personal information held by EPM Partners.
EPM Partners limits its adoption and sharing of unique identifiers.
EPM Partners will:
Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering into transactions with EPM Partners.
Transborder data flows
EPM Partners will only transfer personal information about an individual to someone who is outside Australia in limited circumstances. Specifically, EPM Partners should only transfer personal information outside Australia if:
EPM Partners will only collect sensitive information in limited circumstances. For example, EPM Partners can collect sensitive information if the individual has consented or if the collection is required by law.
EPM Partners is guided by the principle that information is open for sharing and reuse. Accordingly, the information privacy requirements contained within this policy should be balanced with EPM Partners intention to share information to the maximum extent possible.
Australian privacy law also stipulates certain situations where EPM Partners does not need to comply with the Information Privacy Principles. Should they arise, exceptions to the application of the Information and Health Privacy Principles should be approved by the Managing Director.
EPM Partners will be efficient and fair when investigating and responding to information privacy complaints. EPM Partners will investigate and respond to complaints.
For more information about this policy, contact EPM Partners Managing Director at Stuart.Penny (at) epmpartners.com.au.
Privacy and Data Protection Act 2014