It is the policy of the Company to ensure that all relevant statutory requirements are complied with and that the Company’s internal procedures are monitored periodically to ensure compliance.
It is the policy of the Company to endeavour to comply with any relevant Industry Codes of Practice and/or relevant Codes of Practice issued by the Privacy Commissioner on the processing of personal data.
The Company will implement and comply with the ten National Privacy Principles contained in the Privacy Act 1988 (“the Act”) which requires good conduct in relation to processing personal information. These principles are:
(i) Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
(ii) Personal data shall be processed fairly and lawfully.
(iii) Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed.
(iv) Personal data shall be accurate and, where necessary, kept up to date.
(v) Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
(vi) Personal data shall be processed in accordance with the rights of data subjects under the Act.
(vii) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss of or destruction of or damage to personal data.
(viii) Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Application of the policy
The Company will monitor on an ongoing basis compliance with the provisions of the Act by third party processors of their data.
The Company may from time to time, and in accordance with the Data Protection Code Part 3: Monitoring at Work, undertake monitoring of employees using Company communication technologies such as telephone, internet and e-mail whilst carrying out their duties. The purposes of the monitoring would be for preventing and detecting crime, and for security and disciplinary purposes where we reasonably believe an employee may be in breach of the Company’s policies on telephone, internet, and e-mail use, together with use of Company confidential information. Details of these policies can be found in section three of the Employee Handbook at;
Computer Network and Internet Access Policy, E-mail & Fax Policy and Social Media Policy.
The Company may also record employees’ personal data by way of moving image on closed circuit television (CCTV). We may use such personal data where necessary for preventing and detecting crime and for security and disciplinary purposes.
Access to information
The Company processes manual and computerised information about employees for the purpose of their employment with the Company, e.g. personnel and payroll administration, employee monitoring and work management. However in addition it is important to note that under the Act each employee is entitled to a copy of the personal data relating to him/herself processed by the Company subject to the exemptions set out in the Act and in accordance with the following:
All such requests must be made in writing. The written request must be made to a Company Director.
Please note that responses to such requests will not be provided over the telephone. You should notify your manager of changes in your circumstances so that accurate, up to date records can be maintained.
Guidance on the implementation of this policy is available from your Manager. Effective interviewing and counselling skills for managers will ensure that employees can be dealt with promptly, tactfully and firmly.
(i) The person having overall responsibility for Workplace Privacy within the Company will be the Company Directors.
(ii) Each Manager will have immediate responsibility for workplace privacy matters in his/her own area of work.
(iii) The Company has a responsibility to ensure that personal data dealt with in the course of the Company’s business is handled in accordance with statutory requirements and reasonable steps will be taken by all concerned to ensure that this duty is observed.