What is Personal Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes but is not limited to names, addresses, email addresses, phone numbers, right to work information, information relating to personal bank accounts, superannuation funds and tax file numbers.
This Personal Information is obtained in many ways including but not limited to:
- Employee, referee and emergency contact details.
- Applications for employment and supporting documents.
- Employment contracts, and other records relating to terms and conditions of employment.
- Details of financial and other personal interests supplied by employees and their immediate family members for the purpose of managing perceived or potential conflicts of interest.
- Proof of right to work (such as passport, visa details, VEVO reports etc.).
- Certified copies of academic qualifications.
- Records relating to salary, employment benefits and leave.
- Medical certificates or health related information supplied by an employee or their medical practitioner.
- Taxation details.
- Banking information necessary to pay salary and wages.
- Superannuation contributions.
- Information relating to employees’ training and development.
- Information about an employee’s performance.
We collect Personal Information for the primary purpose of properly managing our business affairs, providing services to our clients and to manage the employment relationship between Cirka and our employees. We may also use Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
When we collect Personal Information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it. In rare cases we may collect sensitive information without an individual’s consent such as, where it is necessary to investigate suspected unlawful activity or misconduct of a serious nature within our business.
Sensitive Information
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained.
- For a secondary purpose that is directly related to the primary purpose.
- With your consent, or where required or authorised by law.
Third Parties
Where reasonable and practicable to do so, we will collect Personal Information only from the individual. However, in some circumstances we may be provided with information by third parties, such as an employee’s manager or supervisor, recruitment agents or previous employers – when it is relevant to the recruitment process. In such cases we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
Disclosure of Personal Information
Personal Information may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure.
- Where required or authorised by law.
Disclosure of personal information overseas
Cirka will generally only disclose personal information to an overseas entity if you agree, or if we are authorised or required by law.
Security of Personal Information
Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure. These steps include password protection for accessing our electronic IT system, audit trails of electronic systems and physical access restrictions.
When Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify that Personal Information. However, most of the Personal Information is or will be stored in employment files, which will be kept by Cirka for a minimum of 7 years.
Security of Biometric Data
Cirka collects biometric data (finger scans) for employee verification purposes in the recording of time and attendance information. Such data consists solely of a template created from mathematical algorithms, not fingerprints. No fingerprints are ever taken or stored, and no image of the finger or image of any kind is stored as part of the enrolment or verification process. This information is stored on a highly secure space by our system provider in a cloud environment. On leaving the business Cirka will ensure the employee finger scan data collected and used during employment is deleted, as part of our off-boarding process.
Access to your Personal Information
You may access the Personal Information we hold about you to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact a member of the People and Culture team in writing. Cirka will not charge any fee for your access request; however, we may charge an administrative fee for providing a copy of your Personal Information. In order to protect your Personal Information, we may require identification from you before releasing the requested information.
Maintaining the Quality of your Personal Information
It is an important to us that Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
If you have any queries about our Privacy Policy, please contact us at: Cirka Head Office – Level 2 141 Osborne Street South Yarra VIC 3141 or via email at [email protected]