GRANITE BELT WATER LIMITED
1.2 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.
1.3 This policy applies to any person in relation to whom we currently hold, or may in the future collect, personal information. Broadly, we collect personal information from water allocation holders / users and their related parties, land owners and occupiers located near our infrastructure, individuals that contact us, prospective and current contractors, consultants and agents, and prospective employees.
1.4 This policy does not apply to acts and practices in relation to employee records of our current and former employees, as these are exempt from the Privacy Act.
1.5 This policy applies to personal information. In broad terms, ‘personal information’ is information or opinions relating to a particular individual who can be identified.
1.6 Information is not personal information where the information cannot be linked to an identifiable individual.
Anonymity and pseudonymity
1.7 We will take reasonable steps to destroy or de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.
1.8 If you want to use a pseudonym or remain anonymous when dealing with us, you should notify us and we will try to accommodate your request, subject to our ability to interact with you without having your personal information.
2. What kinds of personal information do we collect and hold?
2.1 The personal information we may collect differs, depending on the nature of our interaction with you.
2.2 If you are a water allocation holder / user or a related party of a water allocation holder / user, we may collect and hold personal information about you, which may include:
(a) contact information;
(b) financial and credit information;
(c) date and place of birth;
(d) credit card or payment details; and
(e) any other personal information required to provide goods and services to you.
2.3 If you are a land owner or occupier located near our infrastructure or other individual that contacts us, we may collect and hold personal information about you, which may include your name and contact information and details of enquiries or complaints that you make.
2.4 If you are a prospective or current contractor, consultant or agent or prospective employee, we may collect and hold personal information about you, which may include:
(a) sensitive information (see below);
(b) contact information;
(c) date of birth;
(d) employment history;
(e) tax file number information;
(f) insurance information and claims history;
(g) credit information;
(h) licence details;
(i) education details;
(j) driving history;
(k) banking details;
(l) any other personal information required to engage you as our contractor, consultant, agent or employee; and
(m) records of contact and details of enquiries, conversations or correspondence made or received with you.
2.5 ‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
2.6 Generally, we will only collect the following types of sensitive information about prospective or current contractors, consultants or agents or prospective employees:
(a) health information (including but not limited to drug and alcohol testing results);
(b) criminal history;
(c) membership of professional or trade associations; and
(d) membership of trade unions.
2.7 We will not collect sensitive information without the individual’s consent to whom the information relates unless permitted under the Privacy Act.
3. How do we collect personal information?
3.1 Our usual approach to collecting personal information is to collect it directly from the individual concerned.
3.2 We may also collect personal information from third parties such as:
(a) our employees, contractors, consultants and agents;
(b) your representatives;
(c) your current and previous employers;
(d) trade referees;
(e) government bodies (such as relevant departments, regulatory authorities etc.));
(f) paid search providers; and
(g) referrals from individuals or other entities.
4. How do we hold personal information?
4.1 Our usual approach to holding personal information includes:
(a) physically, in paper files stored securely at our premises; and
(b) electronically, in computer system and databases either operated by us or our external service providers.
4.2 We implement and maintain processes and security measures to protect personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure.
4.3 Some of these processes and systems include:
(a) using security cards or access codes to access areas that contain personal information;
(b) using security cards to access printers;
(c) using secure servers to store personal information;
(d) using unique usernames, passwords and other protections on systems that can access personal information;
(e) arranging for our employees to complete training about information security;
(f) holding certain sensitive documents securely; and
(g) monitoring and reviewing our policies.
5. Why do we collect, hold, use or disclose personal information?
5.1 We take reasonable steps to hold, use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which we collect information varies depending on the individual that we are collecting the information from but is generally as follows:
(a) in the case of a water allocation holder / user or a related party of a water allocation holder / user, to provide water allocations and associated goods and services to you;
(b) in the case of a land owner or occupier located near our infrastructure, to assist us to contact you as needed (for example for access to property or emergency responses) and to respond to your enquiries or complaints;
(c) in the case of other individuals that contact us, to assist us to respond to your enquiries or complaints;
(d) in the case of a current contractor, consultant or agent, to assist us in providing our goods and services; and
(e) in the case of a prospective contractor, consultant, agent or employee, to assess your suitability for employment or engagement.
5.2 Personal information may also be used or disclosed by us for secondary purposes that are within your reasonable expectations and that are related to the primary purpose of collection. For example, we may collect, hold and use your personal information:
(a) to keep records of transactions to assist in future enquiries and enhance our relationship with you;
(b) for payment purposes; and
(c) to provide you with updates that are relevant to you or your business.
5.3 We may disclose personal information to:
(a) our contractors, consultants, agents or employees;
(b) government bodies (such as relevant departments, regulatory authorities etc.);
(c) emergency service providers and law enforcement agencies;
(d) our external auditors, insurance providers and brokers and advisers;
(e) third parties considering the acquisition of the whole or part of our assets or business; and
(f ) our related entities.
5.4 Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.
5.5 You acknowledge that if we disclose personal information to government bodies (such as relevant departments, regulatory authorities etc.), the collection, use and disclosure of that personal information may be regulated by other relevant legislation such as the Right to Information Act 2009 (Qld).
6. Will we disclose personal information outside Australia?
6.1 We generally do not disclose personal information outside of Australia, unless specifically requested to do so by you.
6.2 In some cases, we may indirectly disclose personal information overseas through disclosures to our contractors and service providers that have data servers located overseas. For example, we disclose personal information to Smartsheet, which is based in and has data centres located in the United States of America.
6.3 Where we disclose your personal information to parties located overseas (or which have data centres located in other countries), we take reasonable steps to ensure that those parties will handle the personal information in accordance with the Australian Privacy Principles. We are not required to take such steps if we believe that the overseas recipient is already subject to a law that has the effect of protecting personal information in a substantially similar way to the relevant law in Australia, or with your consent.
7. How do we manage your credit information?
What kinds of credit information may we collect?
7.1 In the course of providing goods and services to water allocation holders / users and their related parties, we may collect and hold the following kinds of credit information:
(a) identification information;
(b) information about any credit that has been provided to you;
(c) your repayment history;
(d) information about your overdue payments;
(e) if terms and conditions of your credit arrangements are varied;
(f) if any court proceedings are initiated against you in relation to your credit activities;
(g) information about any bankruptcy or debt agreements involving you;
(h) any publicly available information about your credit worthiness; and
(i) any information about you where you may have fraudulently or otherwise committed a serious credit infringement.
7.2 We may also collect personal information that may affect your credit worthiness from other credit providers (e.g. banks) that collect that information from credit reporting bodies. The kinds of personal information we collect may include any of those kinds of personal information outlined in section 2.1 of this policy.
How and when do we collect credit information?
7.3 In most cases, we will only collect credit information about you if you disclose it to us and it is relevant in providing you with our goods and services.
7.4 Other sources we may collect credit information from include:
(a) government bodies (such as relevant departments, regulatory authorities etc.));
(b) banks and other credit providers;
(c) other individuals and entities via referrals; and
(d) your suppliers and creditors.
7.5 We do not collect and hold credit information from credit reporting bodies unless it is incidentally collected in providing our goods and services to you.
How do we store and hold the credit information?
7.6 We store and hold credit information in the same manner as outlined in section 4 of this policy.
Why do we collect the credit information?
7.7 Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with our goods and services.
7.8 We may also collect the credit information:
(a) to process payments; and
(b) to assess eligibility for credit.
Overseas disclosure of the credit information
7.9 We will not disclose your credit information to entities outside of Australian unless you expressly request us to.
How can I access my credit information, correct errors or make a complaint?
7.10 You can access and correct your credit information or complain about a breach of your privacy in the same manner as set out in section 8 of this policy.
8. How do you make complaints and access and correct your personal information or credit information?
8.1 It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
Access to information and correcting personal information
8.2 You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
8.3 We will grant you access to your personal information as soon as possible, subject to the request circumstances.
8.4 In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
8.5 We may deny access to personal information if:
(a) the request is unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person; or
(d) there are other legal grounds to deny the request.
8.6 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
8.7 If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
8.8 If you would like to complain about an interference with your privacy, then you must follow the following process:
(a) The complaint must first be made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
(b) If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.
Who to contact
8.9 A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
Privacy Officer: Margot Tesch
Postal Address: C/- C&A Accountants Pty Ltd 13 Hilton Street, Stanthorpe QLD 4380
Email address: email@example.com
9. Changes to the policy
9.2 This policy is effective 21st July 2020. If you have any comments on the policy, please contact the privacy officer with the contact details in section 8 of this policy.