Great Gardens for Great People

We're Hiring!

PRIVACY & CONFIDENTIALITY 

Background 

AHI Gardens is committed to protecting the privacy of all stakeholders in the AHI Gardens community.  AHI Gardens will act responsibly to collect, manage, use and disclose personal information in accordance  with the with the Commonwealth Privacy Act, as if it were a Commonwealth organisation when handling  personal information. 

Purpose 

This document sets out a framework for the protection of personal privacy and confidentiality consistent with AHI Gardens obligations to comply with relevant legislation, the Australian Privacy Principle and  obligations of confidence. 

Scope 

This policy applies to all AHI Gardens employees, visitors, consultants, contractors, employees of  contractors and consultants, persons employed through labour hire agencies and volunteers.

Policy 

Collection of Personal Information 

AHI Gardens will only collect personal information that is necessary for one (1) or more of its functions  or activities. 

AHI Gardens will only collect personal information in a lawful, fair and not unreasonably intrusive way. 

When personal information is collected from an individual, AHI Gardens will take reasonable steps to  ensure that the individual is: 

  • Aware of AHI Gardens identity and how to contact us 
  • Able to have access to the information; 
  • Aware of the purpose for which the information is collected; 
  • Aware of the persons or bodies, or classes of persons or bodies, to which AHI Gardens  usually discloses personal information; 
  • Aware of any law that requires the collection of the information; and 
  • Aware of any consequences for the individual if they do not provide all or part of the  information.  

If it is reasonable and practical to do so, AHI Gardens will only collect personal information about an  individual from that individual. If AHI Gardens collects personal information about an individual from  another person, it will take reasonable steps to ensure the individual is or has been made aware of the  matters listed above unless making the individual aware of these matters would pose a serious threat to  the life or health of a person. 

AHI Gardens may use and disclose personal information only in the following instances, after a written note of the use or disclosure is made; 

  • The use or disclosure is related or directly related to the purpose for collecting it and the  individual would reasonably expect AHI Gardens to use or disclose it for that purpose; With the individual’s consent; 
  • To lessen or prevent a serious and imminent threat to a person’s life, health or safety, or of harm to or exploitation of a child, or serious threat to public health or safety; 
  • When required in the investigation or reporting of unlawful activity, or assisting a law enforcement agency; 
  • Where the use or disclosure is required or authorised by law; or 
  • In connection with the performance of the functions of the Australian Security Intelligence Office (ASIO) or Australian Secret Intelligence Service (ASIS) where authorised in writing.

Trans-border data flows 

AHI Gardens will not transfer personal information about an individual to a person (other than the individual) outside the State of Queensland unless: 

  • The transfer is required or authorised under a law of State of Queensland or the Commonwealth;  or 
  • AHI Gardens reasonably believes that the person receiving the information is subject to a law, or a contract or other legally binding arrangement, that requires the person to comply with principles for handling the information that are substantially similar to the Information Privacy Principles and Australian Privacy Principles; or 
  • The individual consents to the transfer; or 
  • The transfer is necessary for the performance of a contract between the organisation and the individual or for the implementation of pre-contractual measures taken in response to the individual's request; or 
  • The transfer is necessary for the performance or completion of a contract between the organisation and a third party, the performance or completion of which benefits the individual; or 
  • All of the following apply: 

o The transfer is for the benefit of the individual; 

o It is impracticable to obtain the consent of the individual to the transfer; 

o It is likely that the individual would consent to the transfer; or 

  • The organisation has taken reasonable steps to ensure that the information will not be held,  used or disclosed by the person to whom it is transferred, in a manner that is inconsistent with  the Information Privacy Principles or Australian Privacy Principles. 

AHI Gardens will ensure that any contracts with third parties where personal information may be transferred, contain privacy clauses requiring compliance with the Information Act and the Information Privacy Principles and/or the Privacy Act and the Australian Privacy Principles. 

Data Quality 

AHI Gardens will take all reasonable steps to ensure that the personal information it collects,  uses or discloses is accurate, complete and up to date. 

Data Breaches 

The Notifiable Data Breach Scheme, as detailed in the Privacy Act requires regulated entities to  notify affected individuals and the Australian Information Commissioner about the occurrence  of eligible data breaches. 

As soon as possible after the breach has occurred, all suspected eligible data breaches must be  referred to AHI Gardens management for actioning and reporting as they deem appropriate.

Information Security 

AHI Gardens will protect all personal information it holds from misuse, loss, unauthorised  access, modification or disclosure by: 

  • Implementing industry standards for the security and protection of personal  information; and 
  • Storing information in either electronic and/or hard copy forms with access restricted to  authorised personnel only. 

AHI Gardens will take reasonable steps to destroy or permanently de-identify personal  information if it is no longer needed for any purpose 

Privacy and Confidentiality Obligations 

Staff, contractors and any other third party who collect use or disclose personal information on  behalf of AHI Gardens have a responsibility to act consistent with the Information Privacy  Principles and Australian Privacy Principles and to take appropriate measures to avoid a breach  of confidence. 

At any time during and after employment with AHI Gardens, staff members must not use,  divulge, copy or communicate any confidential information to any person without AHI Gardens  consent, regardless of whether the other person is an employee of AHI Gardens or not, except  as required in the ordinary 

performance of the staff member’s duties. 

Unauthorised access to personal information must be reported to AHI Gardens management and, where relevant, to the responsible owner of the information system concerned. Failure to  comply with this Policy may necessitate disciplinary action. 

University matters relating to individuals or non-public information must not be discussed,  except where directly related to the staff member’s role, as this may constitute a breach of  confidence and therefore misconduct. 

Information and Communication Technologies Facilities 

Users of AHI Gardens Information and Communication Technologies (ICT) Facilities are reminded  that anything that is written or recorded is potentially subject to subpoena or Freedom of  Information requests or other authorised access. Inappropriate use of AHI Gardens Information and Communication Technologies (ICT) facilities may be subject to disciplinary action.

Access and Correction 

On the request of an individual, AHI Gardens will take reasonable steps to inform the individual of the kind of personal information it holds, why it holds the information and how it collects, holds, uses and discloses the information. 

On the request of an individual, AHI Gardens will provide access to their personal information, except to the extent that: 

  • Providing access would pose a serious threat to the life or health of the individual or another individual; or 
  • Providing access would prejudice measures for the protection of the health or safety of the  public; or 
  • Providing access would unreasonably interfere with the privacy of another individual; or The request for access is frivolous or vexatious; or 
  • The information relates to existing or anticipated legal proceedings between AHI Gardens and the individual and the information would not be accessible by the process of discovery or  subpoena in those proceedings; or 
  • Providing access would reveal the intentions of AHI Gardens in relation to negotiations with the individual in such a way that would prejudice the negotiations; or 
  • Providing access would be unlawful; or 
  • Denying access is required or authorised by law; or 
  • Providing access would be likely to prejudice an investigation of possible unlawful activity; or Providing access would be likely to prejudice one or more of the following by or on behalf of a  law enforcement agency: 

o Preventing, detecting, investigating, prosecuting or punishing an offence or a breach of  a prescribed law; 

o Enforcing a law relating to the confiscation of proceeds of crime; 

o Protecting public revenue; 

o Preventing, detecting, investigating or remedying seriously improper conduct or prescribed conduct; 

o Preparing for or conducting proceedings in a court or tribunal or implementing the  orders of a court or tribunal; or 

  • Providing access would prejudice: 

o The security or defence of the Commonwealth or a State or Territory of the Commonwealth; or 

o The maintenance of law and order in the State of Queensland. 

However, where providing access would reveal evaluative information generated within AHI Gardens in connection with a commercially sensitive decision-making process, AHI Gardens may give the individual an explanation for the commercially sensitive decision rather than access to the decision. 

If AHI Gardens holds personal information about an individual and the individual establishes that the information is not accurate, complete or up to date, AHI Gardens will take reasonable steps to correct  the information so that it is accurate, complete and up to date.

If an individual and AHI Gardens disagree about whether personal information about the individual held by AHI Gardens is accurate, complete or up to date; and 

  • The individual requests AHI Gardens to associate with the information a statement to  the effect that, in the individual's opinion, the information is inaccurate, incomplete or  out of date; 
  • AHI Gardens will take reasonable steps to comply with that request. 

AHI Gardens will provide reasons for refusing to provide access to or correct personal information. 

If an individual requests AHI Gardens for access to, or to correct personal information held by AHI  Gardens, AHI Gardens will, within a reasonable time: 

  • Provide access or reasons for refusing access; or 
  • Make the correction or provide reasons for refusing to make it; or 
  • Provide reasons for the delay in responding to the request; 

If AHI Gardens charges a fee for providing access to personal information, the fee will not to be excessive.  Access and amendment requests should be directed to AHI Gardens Managing Director. 

Notification of correction to third parties 

If AHI Gardens corrects personal information that AHI Gardens previously disclosed to another entity, and the individual requests AHI Gardens to notify the other entity of the correction, AHI Gardens will take such steps as are reasonable in the circumstances to give that notification unless it is impracticable  or unlawful to do so. 

Sensitive Information 

AHI Gardens will not collect sensitive information about an individual unless: 

  • The individual consents to the collection; or 
  • AHI Gardens is authorised or required by law to collect the information; or The individual is: 

o Physically or legally incapable of giving consent to the collection; or 

o Physically unable to communicate his or her consent to the collection; and 

o Collecting the information is necessary to prevent or lessen a serious and  imminent threat to the life or health of the individual or another individual; or 

  • Collecting the information is necessary to establish, exercise or defend a legal or  equitable claim. 

Complaints 

Questions in relation to concerns about privacy, AHI Gardens management of personal information, or to make a complaint, should be directed to AHI Gardens Managing Director or Office of the Information  Commissioner Queensland.

Roles and responsibilities 

Management and staff of AHI Gardens must be aware of and note that AHI Gardens regards any activity,  which constitutes unacceptable access, use or disclosure as potentially serious matters that AHI Gardens  may determine as misconduct or serious misconduct. Non-compliance with this policy may result in  disciplinary action and/or reference to law enforcement agencies in accordance with the relevant  legislation and regulations. 

More information 

Please contact your Manager if you require additional information in relation to this Policy. 

Should you have immediate concerns regarding a privacy or confidentiality matter contact your  Manager. If your Manager is unavailable, you may also contact the Managing Director.

Trevor Dixon 

Managing Director 

Effective as of 27th March 2020