Accsys Consulting is bound by the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. The APPs govern how we can handle and manage “personal information”, including “sensitive information”, about our clients, or other persons who have business with the firm and employees.
The Act defines “personal information” as information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not, and whether recorded in material form or not. Some personal information is also “sensitive information” and is afforded a greater level of protection under the Act.
Collection of information
We collect information about you that is reasonably necessary for us to carry out our functions and activities, being financial management and information technology consulting services for public and private sector organisations.
Types of personal information we may collect and hold include:
- client and supplier details, including name, address and contact details;
- employment and personnel files for our staff and contractors and those of our clients, including tax file numbers, pay details, bank account details and human resources information;
- client customer files, such as financial information or loan applications; and
- sensitive information, including information in client files regarding racial or ethnic origin, political opinions/affiliations and membership of a professional or trade association or trade union.
We may collect this information from you directly, or from other third parties (such as private businesses, not-for-profit organisations or government agencies that we have contracts with) where you consent, where it is unreasonable or impractical to collect the information from you directly, or where we are required or authorised to do so by law.
Given the nature of the work we do, we may come into contact with personal information held in our clients’ systems. We will not handle, use or disclose this information unless it is reasonably necessary for us to perform our duties.
Privacy, information security and client confidentiality are important to us and we take care to handle all information, including client files, with care and in confidence. Where possible, we do not store client data on our personal computers, but if it is necessary to do so then appropriate IT security measures are employed. Any client data that we come into contact with is kept secure and disposed of through our secure document destruction service if no longer required.
Using and disclosing information
In general, we collect your personal information in order to deliver our services and managing our business, including:
- performing employment and personnel functions in relation to staff and contractors;
- conducting our business, including performing work under and managing our contracts with public and private sector organisations;
- providing our services;
- communicating with you;
- purchasing goods or services from you;
- complying with our legal obligations; and
- evaluating, managing and enhancing our services.
For the purposes set out above, we may disclose your personal information to third parties from time to time under instruction from our clients (e.g. to auditors). We may also disclose information about our employees to the Australian Taxation Office and to superannuation funds as required or authorised by law.
We use and disclose personal information for the purpose(s) for which it is collected. We will only use personal information for secondary purposes where we are permitted to do so in accordance with the Act. For example: where you have consented, for a reasonable expected secondary purpose related to the primary purpose, or where it is required or authorised by law.
Potential overseas disclosure
Accsys Consulting may, on occasion, disclose personal information to overseas recipients. This includes:
- for security purposes, using anti-virus software to scan incoming and outgoing emails; and
- using cloud-based servers and/or storage for temporary data transfers.
These recipients may have servers and processing centres located in the United States of America as well as other locations around the world. You may contact us at 2 Napier Close, Deakin ACT 2600 to find out further specific details in relation to any overseas recipients your information has been provided to.
Accessing and correcting your information held by us
Subject to exceptions set out in the Act, you may gain access to or request amendment of personal information which Accsys Consulting holds about you by contacting us at 2 Napier Close Deakin ACT 2600.
We will require you to verify your identity and to specify what information you require or wish to amend. A fee may be charged for providing access. We will advise you of the likely cost in advance.
We will respond to your request within a reasonable period.
Managing Information and Complaints
Accsys Consulting is committed to protecting the personal information we hold. In accordance with the APPs, we take reasonable steps to protect personal information from loss, misuse, interference and unauthorised access, modification or disclosure. This includes using physical and information security measures, restricted access to physical and electronic records and staff training and procedures.
Where we no longer require your personal information for any permitted purpose under the APPs, we will take reasonable steps to destroy it.
If you believe we may have breached your privacy, you may contact us to make a complaint at 2 Napier Close Deakin ACT 2600. In order to ensure we fully understand the nature of your complaint and the outcome you are seeking, we prefer that you make your complaint in writing.
It may be difficult to properly investigate or respond to a complaint if you provide insufficient information on the circumstances giving rise to your complaint. You may submit an anonymous complaint, however if you do it may not be possible for us to properly investigate and respond to you.
If you are not satisfied with the way we have handled a privacy complaint in the first instance, you may contact the Office of the Australian Information commissioner (www.oaic.gov.au) to refer your complaint for further investigation.