The aim of this policy is to ensure that the company respects the privacy of individuals in accordance with the privacy Act.
2.1 PPN must not collect personal information unless the information is necessary for one or more of its functions or activities.
2.2 PPN must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
2.3 At or before the time (or, if that is not practicable, as soon as practicable after) PPN collects personal information about an individual from the individual, PPN must take reasonable steps to ensure that the individual is aware of:
(a) our identity and how to contact us; and
(b) the fact that he or she is able to gain access to the information; and
(c) the purposes for which the information is collected; and
(d) the organisations (or the types of organisations) to which PPN usually discloses information of that kind; and
(e) any law that requires the particular information to be collected; and
(f) the main consequences (if any) for the individual if all or part of the information is not provided.
2.4 If it is reasonable and practicable to do so, PPN must collect personal information about an individual only from that individual.
2.5 If PPN collects personal information about an individual from someone else, it must take reasonable steps to ensure that the individual is or has been made aware of the matters listed in subclause 2.3 except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.
3. Use and Disclosure
3.1 PPN must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless the exceptions conform to the act.
3.2 If PPN uses or discloses personal information on behalf of an enforcement body, it must make a written note of the use or disclosure.
4. Data Quality
PPN must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.
5. Data Security
5.1 PPN must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
5.2 PPN must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under National Privacy Principle 2.
6.1 PPN must set out in a document clearly expressed policies on its management of personal information. PPN must make the document available to anyone who asks for it.
6.2 On request by a person, PPN must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
7. Access and Correction
7.1 If PPN holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except in instances provided by law.
7.2 However, where providing access would reveal evaluative information generated within PPN in connection with a commercially sensitive decision-making process, PPN may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
7.3 If PPN is not required to provide the individual with access to the information because of paragraphs 7.1, PPN must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
7.4 If PPN charges for providing access to personal information, those charges:
(a) must not be excessive; and
(b) must not apply to lodging a request for access.
7.5 If PPN holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, PPN must take reasonable steps to correct the information so that it is accurate, complete and up-to-date.
7.6 If the individual and PPN disagree about whether the information is accurate, complete and up-to-date, and the individual asks PPN to associate with the information a statement claiming that the information is not accurate, complete or up-to-date, PPN must take reasonable steps to do so.
7.7 PPN must provide reasons for denial of access or a refusal to correct personal information.
8.1 PPN must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:
(a) an agency; or
(b) an agent of an agency acting in its capacity as agent; or
(c) a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.
8.2 PPN must not use or disclose an identifier assigned to an individual by an agency or by an agent or contracted service provider mentioned in subclause 8.1, unless:
(a) the use or disclosure is necessary for PPN to fulfil its obligations to the agency; or
(b) paragraph 3.1 apply to the use or disclosure; or
(c) the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.
Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with PPN.
10. Sensitive Information
PPN must not collect sensitive information about an individual unless it is absolutely necessary and conforms to the requirements of the act.
Process Plant Network Pty Ltd
5 December 2001