This Policy applies to The Council for Christian Education in Schools Ltd (ABN 59 004 240 779) (referred to as ‘Korus Connect’, ‘we’, ‘our’, ‘us’) and extends to and covers all operations and functions of that organisation.
This Policy outlines Korus Connect’ obligations to manage and protect personal information. Korus Connect is bound by the Australian Privacy Principles ('APPs') and the Privacy Act 1988 ('Privacy Act'). This Policy also outlines Korus Connect’ practices, procedures and systems that ensure compliance with the Privacy Act and the APPs.
We collect and hold the following kinds of personal information about individuals:
Korus Connect will not collect sensitive information unless the individual has consented or an exemption under the APPs applies. These exceptions include if the collection is required or authorised by law or necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
If the personal information we request is not provided, we may not be able to provide customers with the benefit of our services, or meet an individual’s needs appropriately.
Korus Connect does not give individuals the option of dealing with them anonymously, or under a pseudonym. This is because it is impractical for Korus Connect to deal with individuals who are not identified.
Korus Connect may receive unsolicited personal information about individuals. Korus Connect’ employees are required to notify the Privacy Officer of all unsolicited personal information received by them. We destroy or de-identify all unsolicited personal information, unless the personal information is relevant to Korus Connect’ purposes for collecting personal information.
The personal information we may collect and hold includes (but is not limited to) personal information about the following individuals
We may use and disclose the information we collect about an individual for the following purposes:
Korus Connect may use and disclose personal information for the primary purposes for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
We use and disclose personal information for the purposes outlined in section 7 above. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
We engage other people to perform services for us, which may involve them handling personal information we hold. In these situations, we prohibit them from using personal information about the individual except for the specific purpose for which we supply it. We prohibit them from using your information for the purposes of direct marketing their products or services.
In relation to sensitive information held by us, wherever possible, Korus Connect will attempt to deidentify the information. We also undertake to take reasonable steps to delete all personal information about an individual when it is no longer needed.
We may disclose personal information to:
We will not disclose personal information to recipients outside of Australia unless:
Korus Connect recognises how important the security of personal information is to clients. We will at all times seek to ensure that the personal information we collect and hold is protected from misuse, loss, unauthorised access, modification or disclosure. Korus Connect employees must respect the confidentiality of the personal information we collect.
Personal information is generally held in a computer data base. Information may also be held in paper files which are stored in secure areas. Computer-based information is protected through the use of access passwords.
In relation to our computer-based information, we apply the following guidelines:
Where we no longer require the personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it.
Korus Connect will only use or disclose personal information for the purposes of direct marketing, if the individual has consented to its use or disclosure for direct marketing. Individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
In relation to sensitive information, Korus Connect may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
Individuals may also request that Korus Connect provides them with the source of their information. If such a request is made, Korus Connect must notify the individual of the source of the information free of charge within a reasonable period of time.
We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. Korus Connect endeavours to avoid data-matching, being the comparison of data collected and held for two or more separate purposes in order to identify common features in relation to individuals, as a basis for further investigation or action in relation to those individuals
Korus Connect is committed to ensuring that the personal information it collects, uses and discloses is relevant, accurate, complete and up-to-date. We encourage individuals to contact us to update any personal information we hold about them. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless it is agreed otherwise. We do not charge individuals for correcting the information.
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information that we hold about them by contacting the Korus Connect Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
An individual’s request for access to his or her personal information will be dealt with by allowing the individual to look at his or her personal information at the offices of Korus Connect. We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment.
Korus Connect has an effective complaints handling process in place to manage privacy risks and issues.
The complaints handling process involves:
Individuals can make a complaint to Korus Connect about the treatment or handling of their personal information by lodging a complaint with the Privacy Officer.
Third parties will be required to implement policies in relation to the management of an individual’s personal information in accordance with the Privacy Act. These policies include:
Korus Connect will conduct periodic privacy audits in order to ensure that it is continuing to comply with its obligations under the APPs.
Any questions about our privacy procedures, or if you wish to make a complaint about how we have dealt with your personal information you may lodge a complaint with us by contacting the Korus Connect Privacy Officer using the details that follow:
The Chief Privacy Officer
People & Culture Division
Locked Bag 3
SURREY HILLS VIC 3127
(+61) (03) 9811 0999