Hibbs & Associates Pty Ltd (Hibbs, we, us or our) is committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs) in relation to personal information that we collect, hold, use and disclose.
Information concerning the Privacy Act and the APPs can be obtained from the Office of the Australian Information Commissioner.
When an individual engages us to supply services, applies for employment with us, communicates with us or uses any of our services (including our website), personal information may be collected, used and disclosed as set out in this Policy.
This Policy may be updated from time to time. The current version of the Policy is available free of charge on our website or can be obtained from us by forwarding a request by mail or email.
What kinds of personal information do we collect and hold
We may collect and hold personal information that is reasonably necessary to conduct our business. The personal information that we may collect and hold will depend on the nature of your dealings with us but may include:
- Personal details (e.g. name, age, date of birth).
- Contact details (e.g. postal and email addresses, telephone numbers).
- Employment details (e.g. profession, occupation, job title, employer’s name).
- Bank account details.
- Information about you which you provide to us directly or indirectly through the use of our website.
If you apply to us for a job, work placement or internship, the personal information that we may collect may include your resume, other information that you or your referees provide to us, commentary or opinions about you and records of our interaction with you (and other persons) in relation to the prospective job, work placement or internship.
Decisions about whether particular information that we collect is personal information may vary depending on the circumstances and context of the situation in relation to which the information is collected.
We will not collect sensitive information (as defined in the Privacy Act) about you unless you consent to us collecting the information and the information is reasonably necessary for one or more of our functions or activities or collection of the information is otherwise permitted by the APPs.
We will not use or disclose a government related identifier (such as a Medicare number) unless the use or disclosure is permitted by the APPs.
Use of our websites, cookies and third party websites
When you visit our website or download information from it our server automatically collects certain browser or device generated information such as your IP address, domain, visit date, time and duration, browser type, operating system, pages accessed and documents downloaded.
Our website may contain links to third party websites that may collect personal information for their purposes. We are not responsible for the privacy practices of such websites and this Policy does not apply to them. We recommend that before using any third party websites that you access from links on our website you review their privacy policies and practices to assess whether they are acceptable to you.
How do we collect personal information
We will only collect personal information about an individual directly from the individual unless it is unreasonable or impracticable to do so. If we collect personal information about an individual from another person without the individual’s knowledge or from publicly available sources, we will take reasonable steps to notify the individual that we have collected the information and the circumstances of its collection.
If an individual contacts us we may retain a record of the contact which may contain personal information.
If we receive unsolicited personal information about an individual we will, within a reasonable period after receiving the information, determine whether or not we could have collected the information under the APPs. If we determine that we could not have collected the information under the APPs we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable for us to do so.
Notification of the collection of personal information
At or before, or as soon as practicable after, we collect personal information about an individual, the APPs require us to take reasonable steps to notify the individual, or otherwise ensure that the individual is aware, of various matters including:
- our identity and contact details.
- if we collect the information from someone other than the individual, the fact that we collect or have collected the information and the circumstances of that collection.
- if the collection of the information is required or authorised by law or a court or tribunal order, the fact that the collection is so required or authorised.
- the purposes for which we collect the information.
- the consequences (if any) for the individual if the information is not collected.
- the types of entities, bodies or persons to which we usually disclose personal information.
- whether we are likely to disclose personal information to overseas recipients and, if practicable, the countries where they are located.
One way we do this is by making this Policy available on our website.
Anonymity and pseudonymity
When you deal with us you have the option of not identifying yourself or using a pseudonym unless we are required, or authorised, under Australian law or a court or tribunal order to only deal with individuals who have identified themselves or it is impracticable for us to deal with individuals who have not identified themselves or who have used a pseudonym.
Although our website can be accessed anonymously, if you wish to take advantage of some of the services that we offer through the website, you may need to provide personal information to us. If you choose not to provide information that we request we may not be able to provide services that you have requested.
For what purposes do we collect, hold, use and disclose personal information
We generally only collect, hold, use and disclose personal information for the primary purposes of:
- conducting our business operations.
- providing information or services that have requested from us.
- communicating with website users to resolve queries or complaints.
- sending marketing communications (including newsletters) where it is lawful for us to do so.
- Managing recruitment, work placements and internships, including considering and responding to applications.
- Complying with our legal and regulatory obligations.
We may also use or disclose personal information for secondary purposes that are related to any of these purposes where you have consented to the use or disclosure for such purposes or where the use or disclosure is otherwise permitted by the APPs.
When we collect, hold, use or disclose personal information
The situations where we may collect, hold, use or disclose personal information include where you:
- have dealings with us as a client, supplier, contractor or consultant or agent or as an employee of a client, supplier, contractor, consultant or agent.
- perform work on a project as an employee of one of our clients, suppliers, contractors, consultants or agents.
- submit an enquiry to us, including on our websites.
- apply for a job, work placement or internship.
From time to time we may be required to collect, use or disclose personal information to comply with applicable legal requirements. We may also disclose personal information to suppliers, contractors, consultants or agents for the primary purposes for which it was collected or for other purposes related to any of those purposes. Where this occurs, we take steps to ensure that those entities comply with the APPs in connection with the personal information that we disclose to them and only use the information for the purposes specified in our agreement with them.
If we send you marketing communications you may request us not to send further marketing communications to you. If we receive such a request we will update our records within a reasonable time.
We do not sell personal information that we collect or hold to any other entity or person.
Disclosure of personal information to overseas recipients
We will not disclose personal information that we collect or hold to overseas recipients without complying with the APPs.
Quality of personal information
We take appropriate steps to ensure that personal information that we collect, use or disclose is accurate, up to date, complete and relevant including:
- where necessary, by confirming the accuracy of personal information that we collect from other persons or publicly available sources.
- updating personal information in our records.
- reviewing the quality of personal information before we use or disclose it.
Security of personal information
We maintain appropriate administrative, technical and physical safeguards that are intended to protect the personal information that we hold against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use including restricted access to our offices, use of firewalls and secure servers. These safeguards include restricted access to our offices and the use of firewalls and secure servers. We also use anti-virus software, which is updated regularly, to protect our computer systems and data from computer viruses.
Because the internet is not a secure environment, personal information that individuals send to us via the internet is sent at their risk.
When we no longer require personal information, we take reasonable steps to destroy the information in a secure manner or de-identify the information unless we are required by Australian law, or a court or tribunal order, to retain the information.
In the unlikely event that our security measures are compromised and personal information that we hold is subject to a data breach, we will comply with our obligations under the Privacy Act for responding to data breaches including:
- upon becoming aware of a data breach we will take urgent action to contain the breach, determine who may have been affected by the data breach and mitigate any risk of harm that may result from the breach.
- if we have reasonable grounds for believing that the data breach is likely to result in serious harm to an individual, we will notify the individual as soon as practicable.
- we will notify the office of the Australian Information Commissioner as required under the Privacy Act.
- we will review our security measures and implement any additional measures we consider to be necessary to enhance the security of personal information.
Access to and correction of personal information
Subject to the APPs, you have the right to request access to personal information that we hold about you and to ask us to update or correct personal information if it is inaccurate, incomplete or out of date.
You can request access to, or correction of, your personal information by forwarding a written request to us by mail or email. Upon receipt of a request we will respond within a reasonable timeframe.
If we do not agree to give you access to your personal information or do not agree to correct personal information as requested by you, we will notify you in writing of the reasons for our decision (unless, having regard to the APPs, it would be unreasonable for us to do so) and the mechanisms that are available to you to complain about our decision.
If we correct personal information that has been disclosed to another organisation that is bound by the APPs and you request us to notify the organisation of the correction, we will take reasonable steps to comply with the request unless it is impracticable or unlawful for us to do so.
If we do not correct personal information as requested by you and you request that we associate with the information a statement that it is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to comply with the request.
Complaints about how we deal with Personal Information
If you wish to complain about how we have dealt with your personal information, you should submit the complaint to us in writing.
If we receive a written complaint from you, we will decide what action, if any, we propose taking to deal with the complaint and notify you of our decision within a reasonable timeframe.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.
If you have any enquiries or questions in relation to this Policy or wish to exercise any of your rights under this Policy, please contact us by mail or email.
Mail: PO Box 4266 Homebush NSW 2140
Telephone: (02) 9746 3244
GET IN TOUCH
Please leave your details and one of our friendly team will be in touch very soon.