Privacy Policy

Purpose

SHE HR Consulting (or “the Organisation”) is committed to protecting the privacy of the information which the organisation collects, holds and administers.

Scope

This Policy applies to all SHE HR Consulting employees (including temporary, permanent and contract), volunteers, contractors, consultants and visitors. This policy applies to any location where duties are performed by individuals undertaking activities associated with the SHE HR Consulting.

Policy

SHE HR Consulting collects and administers a range of information. The Organisation is committed to protecting the privacy of the individuals whose information it collects, holds and administers.

SHE HR Consulting recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. The Privacy Act 1988 (Privacy Act) regulates the handling, holding, use, access and collection of personal information (including sensitive information) about individuals. SHE HR Consulting takes its obligations under the Privacy Act seriously when handling all personal information, including sensitive information about employees.

  1. Responsibilities

  • SHE HR Consulting’s Executive Director is responsible for developing, adopting and reviewing this policy, ensuring it aligns with overall strategic direction and the Organisation’s vision and goals;

  • overseeing the development, implementation and enforcement of this policy;

  • ensuring compliance with legal and regulatory standards; and

  • monitoring changes in privacy legislation, and for advising on the need to review or revise this policy when the need arises.

1.2 Manager Responsibilities

  • Implementing and enforcing this policy within their team;

  • ensuring team members understand and adhere to this policy;

  • provide guidance and clarification on this policy to team;

  • monitor and manage compliance with this policy in daily operations;

  • address any policy violations and where necessary, report up to the Executive Director; and

  • contribute to the policy review and provide feedback based on team and operational insights.

1.3 Employee Responsibilities

  • Ensure an understanding of all company policies relevant to their role and as a member of the organisation;

  • seek clarification on this policy when needed;

  • comply with the standards outlined in this policy;

  • report any policy violations or concerns to their Direct Manager or the Executive Director;

  • participate in policy training and updates as required; and

  • contribute to a safe and respectful work environment in line with all company policies, including this policy.

1.1 Executive Director Responsibilities

2. Privacy Principles

SHE HR Consulting is bound by laws which impose specific obligations when it comes to handling information. The Organisation has adopted the following principles contained as minimum standards in relation to handling personal information.

  • collect only information which the organisation requires for its primary function;

  • ensure that individuals are informed as to why we collect the information and how we administer the information gathered;

  • use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;

  • store personal information securely, protecting it from unauthorised access;

  • provide individuals with access to their own information, and the right to seek its correction; and

  • take reasonable steps to ensure the information SHE HR Consulting collects is accurate, complete, up to date, and relevant to the functions we perform.

3. Collection of Information

SHE HR Consulting will only collect information by lawful and fair means, directly from interactions with the individual whom the personal, sensitive or health information relates to. In some cases, where it is unreasonable or impracticable to obtain personal information directly from an individual, SHE HR Consulting will seek to obtain it from a publicly available source or a third party. 

3.1 Unsolicited Information

When unsolicited information is received, SHE HR Consulting will determine whether the personal information could have been collected in alignment with correct legislative practice, and then if it could have, it will be treated normally. If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information. 

3.2 Personal Information

In addition to only collecting information that is necessary for the needs of SHE HR Consulting’s primary purpose, the organisation will also: 

  • notify individuals about why we collect the information and how it is administered; 

  • collect personal information from the person themselves wherever possible; and

  • if collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.

3.3 Sensitive Information

SHE HR Consulting will collect sensitive information only with the person’s consent or if required by law.

SHE HR Consulting will also collect sensitive information about an individual if such collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:

  • is physically or legally incapable of giving consent to the collection; or

  • physically cannot communicate consent to the collection.

3.4 Health Information

SHE HR Consulting will collect health information about an individual if:

  • the information is necessary to provide a health service to the individual; and

  • the information is collected as required or authorised by or under law and in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.

4. Use and Disclosure

SHE HR Consulting will only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose. For other uses, SHE HR Consulting will obtain consent from the affected person.

4.1 Secondary Purpose

In relation to a secondary purpose, use or disclosure of the personal information will occur only where:

  • there is a direct relation to the primary purpose and the individual would reasonably have expected us to use it for purposes;

  • the person has consented; or

  • certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.

4.2 Direct Marketing

In relation to personal information which has been collected from a person, SHE HR Consulting will use the personal information for direct marketing, where the reasonable person would expect it to be used for this purpose, and SHE HR Consulting has provided an opt out and the opt out has not been taken up.

If personal information has been collected other than from the person themselves, SHE HR Consulting will only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).

If the disclosure of sensitive information is necessary for research or the compilation or analysis of statistics relevant to public health or public safety and it is impracticable for SHE HR Consulting to seek the individual’s consent before the use or disclosure and the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A, the organisation may make such a disclosure.

4.3 Unlawful Activity

If SHE HR Consulting has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, the organisation may make such disclosures.

SHE HR Consulting may further disclose personal information if its disclosure is mandated by an enforcement body or is required for the following:

  • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;

  • the enforcement of laws relating to the confiscation of the proceeds of crime;

  • the protection of the public revenue;

  • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or

  • the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

4.4 Storage of Information

SHE HR Consulting takes reasonable steps to protect information from misuse and loss, and from unauthorised access, modification and disclosure. These steps include but are not limited to: 

  • undertaking training and providing direction to all SHE HR Consulting employees who handle this information; 

  • entering information into a customised, secure database, which is accessed on a ‘need-only basis’ and is handled in a sensitive and secure way;  

  • destroying or de-identifying personal, sensitive or health information when SHE HR Consulting no longer requires the information for business purposes; or

  • archiving financial information in a secure location in accordance with the requirements of the Australian Taxation Office. 

5. Access and Correction

SHE HR Consulting takes reasonable steps to ensure that the personal information it collects, holds and uses is accurate, up-to-date and complete. SHE HR Consulting understands individuals have a right to seek access to information held about them and to correct it if inaccurate, incomplete, misleading or not up to date. 

Therefore if an individual and SHE HR Consulting disagree about whether the information is accurate, complete and up to date, and the individual asks SHE HR Consulting to associate with the information a statement claiming that the information is not accurate, complete or up to date, SHE HR Consulting will take reasonable steps to do so.

5.1 Withhold Access of Information

SHE HR Consulting can withhold the access of an individual to their information if: 

  • providing access would pose a serious and imminent threat to the life or health of any individual; or

  • providing access would have an unreasonable impact upon the privacy of other individuals; or

  • the request for access is frivolous or vexatious; or

  • the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings; or

  • providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or

  • providing access would be unlawful; or

  • providing access would be likely to prejudice an investigation of possible unlawful activity; or

  • an enforcement body performing a lawful security function asks SHE HR Consulting not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.

Where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision making process, SHE HR Consulting may give the individual an explanation for the commercially sensitive decision rather than direct access to the information. SHE HR Consulting will provide to the individual its reasons for denial of access or a refusal to correct personal information.

6. Summary

All stakeholders associated with the SHE HR Consulting must take their obligations under the Privacy Act seriously. This means handling any and all personal information in accordance with the Privacy Act and this policy. Breaches of this policy are taken seriously and disciplinary action, including but not limited to termination, may be taken for such breaches. 

If you are an employee and have any questions about this policy or would like further information, please contact the Executive Director. 

If you are external to the organisation and have any questions or concerns about the way in which we have handled your personal information, or if you believe that we have not complied with our obligations under the Privacy Act, please contact privacy@shehrconsulting.com.

7. Review

Our Privacy Policy is subject to review every two years. This review assesses the policy's effectiveness, relevance, and compliance with current employment laws and employee feedback. Any necessary changes will be promptly communicated to all staff. 

Definitions

Health Information 

Includes all personal information relating to an individual’s physical or mental health, disability or services provided to them to support them in managing their health

Personal Information 

Includes information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not

Sensitive Information

Includes information or opinion about an individual's racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information

Unsolicited Information 

Includes information that has been received by the organisation where the organisation has taken no active steps to collect the information

Associated documents