This policy applies to all methods through which ELB collects, holds, secures, discloses and provides access to personal information we obtain from our customers, suppliers, employees, contractors and any other individual(s) we engage with.
For the purposes of this policy and according to the Privacy Act 1988, the following definitions apply:
Government contract means a Commonwealth contract or a State contract.
Health information means:
(a) information or an opinion about:
(i) the health or a disability (at any time) of an individual; or
(ii) an individual’s expressed wishes about the future provision of health services to him or her; or
(iii) a health service provided, or to be provided, to an individual; that is also personal information; or
(b) other personal information collected to provide, or in providing, a health service; or
(c) other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Individual means a natural person.
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
(a) a document; or
(b) a database (however kept); or
(c) a photograph or other pictorial representation of a person; but does not include:
(d) a generally available publication; or
(e) anything kept in a library, art gallery or museum for the purposes of reference, study or exhibition; or
(f) Commonwealth records as defined by subsection 3(1) of the Archives Act 1983 that are in the open access period for the purposes of that Act; or
(fa) records (as defined in the Archives Act 1983) in the care (as defined in that Act) of the National Archives of Australia in relation to which the Archives has entered into arrangements with a person other than a Commonwealth institution (as defined in that Act) providing for the extent to which the Archives or other persons are to have access to the records; or
(g) documents placed by or on behalf of a person (other than an agency) in the memorial collection within the meaning of the Australian War Memorial Act 1980; or
(h) letters or other articles in the course of transmission by post.
Sensitive information means:
(a) information or an opinion about an individual’s:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record; that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information.
Solicit, in relation to personal information, means request a person to provide that information, or a kind of information in which that information is included.
4. Application of Australian Privacy Principles (APP)
4.1 APP 1 open and transparent management of personal information
4.2 APP 2 anonymity and pseudonymity
Where lawful and practicable, ELB offers individuals the option of dealing with us anonymously or by using a pseudonym.
4.3 APP 3 collection of solicited personal information
ELB does not request personal information or sensitive information unless it is reasonably necessary for one or more of our functions or activities. The main information ELB may collect is your name, company, address, telephone number, fax number or email address. The data is required in most cases so that we can deliver goods and provide services to you directly. We make every effort to collect personal information only from the individual. The following circumstances are the only exceptions that may apply:
- Where the individual has consented for collection of the information from someone other than themselves
- If we were required or authorised by or under Australian law, or a court/tribunal order; or
- If it was unreasonable or impracticable to do so
4.4 APP 4 dealing with unsolicited personal information
If we receive personal information about an individual that we did not solicit, we will, within a reasonable period after receiving the information, determine whether or not we would have collected the information under APP3 if we had solicited the information. If we determine that we could not have collected the information under APP3 and if it is not contained in a Commonwealth record, we will destroy the information or ensure that it is de-identified.
4.5 APP 5 notification of the collection of personal information
If ELB collects personal information about an individual, where reasonable in the circumstances we will take steps, at the time or as soon as practicable after, to notify the individual that we have collected the information.
4.6 APP 6 use or disclosure of personal information
If we have collected personal information from an individual for a primary purpose we will not disclose the information for a secondary purpose unless the individual has consented to the use or disclosure of the information for that purpose. In the event that you would reasonably expect us to use or disclose personal information for a secondary purpose, if the information happens to be sensitive we may only use or disclose the information if it directly relates to the primary purpose. If the information is not sensitive, it must be related to the primary purpose.
ELB may use or disclose personal information about an individual if it is required or authorised by or under an Australian law or a court/tribunal order, if a permitted general situation or a permitted health situation exists in relation to the use or disclosure of the information by ELB. Before disclosing personal information if the above scenarios were to apply, ELB would take reasonable steps to ensure that the information is de-identified and make a written note of the use or disclosure. This principle does not apply to the use or disclosure of personal information for the purpose of direct marketing or government related identifiers.
4.7 APP 7 direct marketing
We will only use personal information about an individual for direct marketing to that individual if we have collected the information from the individual. ELB may use or disclose personal information about an individual for direct marketing purposes if the information was obtained from someone else with the consent of the individual or if it is impractical to obtain consent. With each piece of direct mail communications individuals are provided with a clear opportunity to unsubscribe.
Requests from individuals to unsubscribe are actioned within a reasonable time frame and where practicable individuals are notified that their request has been actioned. ELB may use or disclose sensitive information about an individual for direct marketing purposes only if the individual has consented to the information being used for that purpose.
4.8 APP 8 cross-border disclosure of personal information
In the course of business operations that may be required to fulfil our commitment to you, your personal information may be disclosed to ELB employees dealing directly with your request located in New Zealand and the United States. ELB employees in those countries are made aware of the APPs as part of their induction and resources are available via the intranet.
ELB does not sell, rent or trade your personal information with any third parties. At times it may be necessary for ELB to disclose personal information to our suppliers. Our suppliers have offices in Canada, the Unites States, Singapore, New Zealand, Japan, China and Korea. Your personal information may be disclosed to suppliers located in the aforementioned countries for the primary purpose of fulfilling your request. Before disclosing personal information about an individual to a person who is not in Australia or an external Territory ELB will take reasonable steps to ensure that the overseas recipient does not breach the APPs.
4.9 APP 9 adoption, use or disclosure of government related identifiers
As a privately held company, it is not usual practice for ELB to adopt, use or disclose government related identifiers of an individual as our own identifiers.
4.10 APP 10 quality of personal information
We take reasonable steps to ensure that the personal information we collect and disclose is accurate and up-to-date. For example, when we receive notification from an organisation about staff changes we have a process in place to ensure that the next communication with that organisation is with the new contact.
4.11 APP 11 security of personal information
ELB takes security of personal information seriously. All staff are bound by a confidentiality clause in their ELB Employee Agreements and are made aware of the specific requirements outlined by the Australian Privacy Principles during induction and the consequences of non-compliance. Where necessary, job specific training is undertaken.
ELB takes all reasonable steps to ensure the privacy of personal information held. Our Information Technology (IT) systems are protected by password and are limited to strict access. Anti-virus software is regularly updated to protect against computer viruses. The ordering section of our website is a secure site using SSL encryption and any personal information you enter there will not be available to unauthorised personnel. Our physical premises also have restricted access, requiring an electronic password to enter.
4.12 APP 12 access to personal information
At any time you can make a request to ELB to provide access to personal information we may hold about you. The following exceptions apply:
a) if we reasonably believe that giving access would pose a threat to life, health or safety of an individual, or to public health or public safety;
b) if giving access would have an unreasonable impact on the privacy of other individuals;
c) if the request for access is frivolous or vexatious;
d) the information relates to existing or anticipated legal proceedings between ELB and the individual, and would not be accessible by the process of discovery in those proceedings; or
e) giving access would reveal the intentions of ELB in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
f) giving access would be unlawful; or
g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or
h) both of the following apply:
(i) the entity has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to ELB functions or activities has been, is being or may be engaged in;
(ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
(iii) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
(iv) giving access would reveal evaluative information generated within ELB in connection with a commercially sensitive decision-making process.
4.13 APP 13 Correction of personal information
If ELB has reason to believe personal information we hold about an individual is inaccurate, out of date, irrelevant or misleading, or if the individual requests that we correct personal information about them, we will take reasonable steps to ensure that the information is accurate, up-to-date and not misleading. In situations where personal information may have been disclosed to another entity such as one of our suppliers in order to deliver products or services to the individual, ELB will take reasonable steps to notify the entity of any corrections required.
In the event that we refuse to correct personal information upon request from an individual, we will notify the individual of this decision within a reasonable time frame and provide mechanisms for the individual to lodge a complaint. If we have refused a request to correct personal information and the individual requests that we attach a statement to the record stating that the information is incorrect, out-of-date, irrelevant or misleading, and we will generally attach this statement in a way that will make the information apparent to users.
5. Contacting the Privacy Officer
You can request access to personal information ELB may hold about you by downloading a PDF version of the form and forward your request to:
The Privacy Officer
PO Box 4444
St Leonards NSW 2065
Phone (02) 9433 4444
Or Contact Us.
In the event that your request is refused you will be notified in writing of the refusal and the reasons behind the decision not to give you access within a reasonable time frame.