We are a company that values the privacy of our customers, clients and colleagues.
We undertake to use our utmost efforts to ensure that the National Privacy Principles are adhered to at all times.
These principles concern the collection, use and disclosure, quality of data kept, security of data, openness of our practices in collection to the information giver, ability for the information giver to access and correct data, use of identifiers, restriction of data flows of access to unauthorised or unconcerned people or groups, care of sensitive information and disposal of information after its containment becomes irrelevant.
We will commit ourselves to the process of fair practice in information security.
We recognise that personal information is information that can identify any individual. This requires special protections to ‘sensitive information’ such as health, criminal record or membership or non-membership of any professional association or union amongst many other pieces of information that we are entrusted with.
Our basic tenet is that if we do not need access to personal information – we will neither consciously collect it nor store it unless there is a specific need to do so. If we consider it necessary to do so, we will ensure that the donor gives the necessary permission in an informed manner.
If we need to collect and store private information, we will, at all times:
- Ensure the proper storage of personal information; and
- Ensure that individuals have access to the information that we keep; and
- Ensure that consent is gained for any use or disclosure of personal information; and
- Ensure anonymous collection or transactions is available; and
- Ensure that only information that is necessary is collected; and
- Ensure that adequate procedures for the secure disposal, or destruction of, or de-identification of all personal information, which is no longer needed, is set in place and used.
When collecting personal information, we will issue a collection statement. This states our contact details, why the personal information is being collected, the method of the supply of information and how individuals can gain access to personal information held about them.
Every member of staff is to treat any information we keep as if it were their own information and therefore kept safe and stored properly. Failure to follow this policy will result in disciplinary action up to and including termination of employment.