INTRODUCTION
The purpose of the Privacy Policy is to outline UCS Group’s obligations for and commitment to the responsible management of personal information held about employees and individuals with whom it interacts. This policy applies to all collection, use, disclosure, storage and destruction of personal information by UCS Group. This Policy applies to all employees, contractors, visitors and suppliers.
UCS Group is committed to the responsible management of Personal Information. This commitment arises not only from a wish to comply with its legal obligations but also in recognition of and commitment to information privacy.
POLICY DEFINITIONS
The following are the Policy definitions:
▪ Contractor: a company or an individual engaged to provide services to UCS Group. Contractors include consultants.
▪ Collection: includes any means by which UCS Group obtains Personal Information including information that is volunteered, incidentally obtained or gathered from another organisation.
▪ Privacy Statement: a statement by UCS Group when collecting, using, disclosing and otherwise managing Personal Information collected in the course of its activities, which is provided at or near the time such information is collected.
▪ Personal Information: as defined in the Privacy and Data Protection Act 2014 (Vic) is information or an opinion (including information or an opinion forming part of a database), that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
▪ Privacy complaint: a complaint by an individual about an act or practice of UCS Group in relation to the individual’s Personal Information which the individual believes is contrary to or inconsistent with the Information Privacy Principles set out in the Privacy and Data Protection Act 2014 (Vic) or the Health Privacy Principles set out in the Health Records Act 2001 (Vic).
▪ Employee: any person employed by UCS Group.
PRIVACY OFFICER
UCS Group’s Privacy Officer will:
▪ Provide advice and training on issues related to information privacy
▪ Develop information privacy resources in the company
▪ Liaise with the Office of the Victorian Privacy Commissioner
▪ Receive enquiries about privacy at UCS Group
▪ Receive and co-ordinate the investigation of privacy complaints
COLLECTION OF INFORMATION
Personal information must only be collected where necessary and relevant to UCS Group functions and activities and where there is a specific and immediate need to do so in a lawful and fair manner. When collecting Personal Information directly from an individual, whether by verbal, written or electronic means, UCS Group will take all reasonable steps to ensure that the individual providing such information is made aware of how their information will be used and with whom it might be shared or communicated.
USE AND DISCLOSURE OF INFORMATION
UCS Group will use Personal Information it collects in the course of its activities only for the primary purpose of collection or where authorised by law. UCS Group employees can only access Personal Information to the extent necessary to perform their job. UCS Group employees must seek advice from the Privacy Officer prior to any use or disclosure which is not for the primary purpose of collection or a use which would be reasonably anticipated by the individual.
SECURITY AND DISPOSAL
UCS Group will ensure that Personal Information is kept secure and protected from misuse, loss, unauthorised access, modification or disclosure and destroyed or permanently de-identified when it is no longer needed by UCS Group subject to obligations under the Public Records Act 1973 (Vic) and other legislation.
ACCESS AND CORRECTION
An individual may request that UCS Group provide access to or the opportunity to correct their Personal Information held by UCS Group. Requests for access and correction will be managed in accordance with the provisions of the Freedom of Information Act 1982 (Vic).
COMPLAINTS PROCESS
Privacy complaints are to be dealt with in a timely and responsive manner.
CONSULTATION
All UCS Group staff must be made aware of this policy and have access through the UCS Group intranet and UCS Group business management system.
POLICY APPROVAL
The Policy is subject to review by the Board as required by the UCS Group business management system.
Any amendments to the Policy must be approved by the Chief Executive Officer. The CEO is responsible for administering the Privacy Policy.
BREACH OF POLICY
Any breach relating to this policy is to be reported to the Chief Executive Officer (CEO). Advice of breaches shall outline proposed actions to rectify the breach or alternatively will seek temporary approval for the breach. Approval may be provided by the CEO. UCS Group will not tolerate any deliberate or negligent breaches of the Policy.