Privacy Statement
- Collection
- Use & Disclosure
- Data Quality
- Data Security
- Openness
- Access & Correction
- Identifiers
- Anonymity
- Trans-Border Data Flows
- Sensitive Information
From December 21 st 2001, Ardus has been subject to the National Privacy Principles contained in the Privacy Amendment (Private sector) Act 2000 (Cth).
Ardus has developed its own Privacy and Security Policy ("PSP") that explains in general terms how Ardus will protect the privacy of the individuals personal information under the National Privacy Principles. The PSP will apply to how Ardus will collect, use, keep secure and disclose of private information. The PSP will also apply to any information about the individual that is provided by someone else.
Ardus may amend the PSP as our business requirements or the law changes. Any changes will be updated on the website www.ardus.com.au. It is the individuals responsibility to ensure that the most current PSP is at hand. Please read the PSP carefully before entering into any transaction that may relate to your personal information.
The implementation, management and control of the PSP will be under the responsibility of the Quality Manager.
1. Collection
In carrying out its daily business, Ardus may gain personal information for one or more of its functions. Except if making the individual aware of the matters would pose a serious threat to the life or health of any individual, Ardus may take the following reasonable steps to advise the individual:
- The identity of the organisation and how to contact it;
- The fact that he/she is able to gain access to the information;
- The purposes for which the information is collected;
- The organisations (or the types of organisations) to which Ardus usually discloses information of that kind;
- Any law that requires the particular information to be collected; and
- The main consequences (if any) for the individual if all or part of the information is not provided.
2. Use & Disclosure
- Ardus will not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless both the following apply:
- The secondary purpose is related to the primary purpose of collection; and
- If the personal information is sensitive information, directly related to the primary purpose of collection;
- The individual would reasonably expect Ardus to use or disclose the information for the secondary purpose; or
- The individual has consented to the use or disclosure; or
- Ardus reasonably believes that the use or disclosure is necessary to lessen or prevent:
3. Data Quality
Ardus will use its best endeavours to ensure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.
4. Data Security
Ardus will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. Ardus management and staff have a good understanding of their responsibilities in protecting personal information from misuse, loss, corruption, or disclosure by application of the PSP.
4.1 Physical Security
Information received at Ardus is received and stored in a range of paper based and electronic forms. To ensure unauthorised access, Ardus has:
- Installed barriers such as locks on main doors and each Consultants room;
- Controlled issuing of security keys for access, filing cabinets and safes;
- Document control procedures as outlined in B1; and
- Main building is secured after business hours with electronic surveillance.
4.2 Computer & Network Security
Ardus has assessed their security risks by taking appropriate measures to protect the integrity of their information systems and networks by considering storing, processing and the transmission of information:
- Access control to authorised users through system and server passwords;
- Virus checking;
- IT support to deal with security risks; and
- Audit procedures and data integrity checks.
4.3 Communications Security
Ardus has considered the two types of communications risk being the interception of transmissions and unauthorised intrusion into networks. The reasonable steps taken by Ardus to protect personal information are:
1. Confirming authorised person, or some-one delegated is available to receive such information, checking facsimile numbers before sending personal information, and confirming receipt;
2. Checking/confirming identity before giving out personal information over the telephone; and
3. Restriction to Internet access to one workstation only.
4.4 Personal Security
Ardus recruitment procedures ensure that the personal information is accessed by those people who 'need-to-know' in carrying out their duties by:
- Training management and staff in security awareness, practices and procedures;
- Control on access to categories of information; and
- Specifying and reviewing access privileges.
4.5 Destruction
To protect the individuals privacy rights, destruction of personal information within Ardus occurs by secure means:
- All hard copy documentation is shredded, or, collected by an authorised disposal company; and
- Electronic files will be kept with restricted access and/or in accordance with applicant's instructions.
4.6 De-Identification
In following its Destruction Policy B3.4.5, Ardus has removed from its records any personal information by which an individual may be identified.
5. Openness
- Ardus makes its PSP readily available for interested parties.
- Each candidate is given access to a copy which:
- Is readily accessible on the website home page; and
- Is clearly displayed on the office wall;
- An individual may obtain information or complain about any detected breach of privacy;
- If Ardus refuses to provide the individual with access to the information, Ardus will give the individual reasons for the refusal and inform the individual of any exceptions; and
- For information which Ardus collected prior to December 21st 2001, Ardus may not be able to provide the individual with access to this information where to do so would place an unreasonable administrative burden on us or cause us unreasonable expense.
6. Access & Correction
- It is the individuals responsibility to ensure that Ardus has the most recent copy of their personal details in order that Ardus can make the correct recruitment decision;
- Ardus will provide an individual access to the personal information held, except where covered under conditions 6.1(a) through (k) as listed in the National Privacy Principles;
- The individual must prove by way of satisfactory evidence that they are who they purport to be;
- Any request for personal information will be in writing, addressed to the Quality Manager. Access will normally be granted within five working days of receipt of the written request; and
- Ardus will provide the individual with an accurate summary of the information, and any associated costs relating to such access, typically $75.
7. Identifiers
Ardus does not apply identifiers to any individual (save a position sought/skills classification and system assigned number to uniquely identify the individual for the purposes of recruitment).
8. Anonymity
Ardus will use its best endeavours to ensure the authenticity of the individual applying for the position however, should the individual show just cause for anonymity, Ardus, in consultation with the Client, will respect such a request.
9. Trans-Border Data Flows
Ardus recruitment assignments are typically targeted at the Australian market however, an assignment may originate from a foreign country. In these instances individual consent will be obtained in writing before the transmission of personal information.
10. Sensitive Information
Ardus is required by law to obtain the individual's consent for the collection of 'sensitive information'. Therefore, we will assume that the individual has consented to the collection of all information which is provided to us for use in accordance with the PSP, unless the individual advises otherwise.
