The aim of this policy is to ensure that the company respects the privacy of individuals
in accordance with the privacy Act.
2.1 PPN must not collect personal information unless the information is necessary
for one or more of its functions or activities.
2.2 PPN must collect personal information only by lawful and fair means and not
in an unreasonably intrusive way.
2.3 At or before the time (or, if that is not practicable, as soon as practicable
after) PPN collects personal information about an individual from the individual,
PPN must take reasonable steps to ensure that the individual is aware of:
(a) our identity and how to contact us; and
(b) the fact that he or she is able to gain access to
the information; and
(c) the purposes for which the information is collected;
(d) the organisations (or the types of organisations)
to which PPN usually discloses information of that kind; and
(e) any law that requires the particular information to
be collected; and
(f) the main consequences (if any) for the individual
if all or part of the information is not provided.
2.4 If it is reasonable and practicable to do so, PPN must collect personal information
about an individual only from that individual.
2.5 If PPN collects personal information about an individual from someone else,
it must take reasonable steps to ensure that the individual is or has been made
aware of the matters listed in subclause 2.3 except to the extent that making the
individual aware of the matters would pose a serious threat to the life or health
of any individual.
3. Use and Disclosure
3.1 PPN must not use or disclose personal information about an individual for a
purpose (the secondary purpose) other than the primary purpose
of collection unless the exceptions conform to the act.
3.2 If PPN uses or discloses personal information on behalf of an enforcement body,
it must make a written note of the use or disclosure.
4. Data Quality
PPN must take reasonable steps to make sure that the personal information it collects,
uses or discloses is accurate, complete and up-to-date.
5. Data Security
5.1 PPN must take reasonable steps to protect the personal information it holds
from misuse and loss and from unauthorised access, modification or disclosure.
5.2 PPN must take reasonable steps to destroy or permanently de-identify personal
information if it is no longer needed for any purpose for which the information
may be used or disclosed under National Privacy Principle 2.
6.1 PPN must set out in a document clearly expressed policies on its management
of personal information. PPN must make the document available to anyone who asks
6.2 On request by a person, PPN must take reasonable steps to let the person know,
generally, what sort of personal information it holds, for what purposes, and how
it collects, holds, uses and discloses that information.
7. Access and Correction
7.1 If PPN holds personal information about an individual, it must provide the individual
with access to the information on request by the individual, except in instances
provided by law.
7.2 However, where providing access would reveal evaluative information generated
within PPN in connection with a commercially sensitive decision-making process,
PPN may give the individual an explanation for the commercially sensitive decision
rather than direct access to the information.
7.3 If PPN is not required to provide the individual with access to the information
because of paragraphs 7.1, PPN must, if reasonable, consider whether the use of
mutually agreed intermediaries would allow sufficient access to meet the needs of
7.4 If PPN charges for providing access to personal information, those charges:
(a) must not be excessive; and
(b) must not apply to lodging a request for access.
7.5 If PPN holds personal information about an individual and the individual is
able to establish that the information is not accurate, complete and up-to-date,
PPN must take reasonable steps to correct the information so that it is accurate,
complete and up-to-date.
7.6 If the individual and PPN disagree about whether the information is accurate,
complete and up-to-date, and the individual asks PPN to associate with the information
a statement claiming that the information is not accurate, complete or up-to-date,
PPN must take reasonable steps to do so.
7.7 PPN must provide reasons for denial of access or a refusal to correct personal
8.1 PPN must not adopt as its own identifier of an individual an identifier of the
individual that has been assigned by:
(a) an agency; or
(b) an agent of an agency acting in its capacity as agent;
(c) a contracted service provider for a Commonwealth contract
acting in its capacity as contracted service provider for that contract.
8.2 PPN must not use or disclose an identifier assigned to an individual by an agency
or by an agent or contracted service provider mentioned in subclause 8.1, unless:
(a) the use or disclosure is necessary for PPN to fulfil its obligations to the
(b) paragraph 3.1 apply to the use or disclosure; or
(c) the use or disclosure is by a prescribed organisation of a prescribed identifier
in prescribed circumstances.
Wherever it is lawful and practicable, individuals must have the option of not identifying
themselves when entering transactions with PPN.
10. Sensitive Information
PPN must not collect sensitive information about an individual unless it is absolutely
necessary and conforms to the requirements of the act.
Process Plant Network Pty Ltd
5 December 2001