Call: 08 9468 1502

GET IN TOUCH
GET IN TOUCH
Call Now
GET IN TOUCH

1. Overview and Purpose

This Privacy and Confidentiality Policy (the “Policy”) outlines the legal obligations and practices of Xyston Pty Ltd (the “Organisation”) concerning the collection, use, storage, and disclosure of personal and sensitive information. This Policy is implemented in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and any other relevant legislative requirements. The purpose of this Policy is to protect the Organisation from legal liability by ensuring that all personal information is handled with the highest degree of confidentiality and security.

2. Scope of Application

This Policy applies to all personal information collected, stored, used, and disclosed by the Organisation, including but not limited to information related to clients, employees, contractors, volunteers, donors, business partners, and online users. All employees, contractors, volunteers, and agents of Xyston Pty Ltd are required to adhere strictly to this Policy.

3. Definitions

  • Personal Information: Information or an opinion, whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
  • Health Information: A subset of personal information that includes any information or opinion about an individual’s physical, mental, or psychological health, disabilities, or treatment provided.
  • Sensitive Information: Information or opinion about an individual’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, health information, genetic information, and biometric data.
  • Online Users: Individuals who interact with the Organisation’s digital platforms, including the website and any associated applications.

4. Legal Framework and Compliance

The Organisation is committed to full compliance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs), and any other relevant statutory regulations. The Organisation recognises its duty to manage personal information in a manner that upholds the rights of individuals while safeguarding the Organisation against legal claims or penalties.

5. Collection of Personal Information

5.1. Lawful and Fair Collection:
The Organisation will only collect personal and sensitive information that is necessary for its functions and activities, ensuring that all collection practices are lawful, fair, and transparent. Information will be collected directly from the individual wherever possible, or from authorised third parties with the individual’s consent.

5.2. Consent:
Informed consent will be obtained from individuals before the collection of personal or sensitive information, except where such consent is not required by law. The Organisation will clearly communicate the purpose of collection, the types of information being collected, and the consequences of not providing the requested information.

5.3. Anonymity and Pseudonymity:
Where practicable and lawful, individuals will be given the option of not identifying themselves or using a pseudonym when interacting with the Organisation. However, the Organisation reserves the right to decline to provide certain services if anonymity impedes service delivery or legal compliance.

6. Use and Disclosure of Personal Information

6.1. Primary Purpose:
Personal information will only be used or disclosed for the primary purpose for which it was collected, unless the individual has provided consent for secondary use, or an exception under the Privacy Act applies. Secondary uses may include but are not limited to, research, marketing, and compliance activities, provided that they align with the individual’s expectations.

6.2. Disclosure to Third Parties:
The Organisation may disclose personal information to third parties such as healthcare providers, legal representatives, government agencies, and contractors, where necessary for service delivery or legal compliance. Third parties must agree to confidentiality obligations consistent with this Policy before any information is disclosed.

6.3. Cross-Border Disclosure:
If personal information is to be transferred outside Australia, the Organisation will take all reasonable steps to ensure that the overseas recipient complies with the Australian Privacy Principles or equivalent privacy protections. Express consent will be obtained from the individual before any cross-border disclosures, unless otherwise required or authorised by law.

7. Data Security and Storage

7.1. Security Measures:
The Organisation will implement comprehensive security measures to protect personal information against misuse, interference, loss, unauthorised access, modification, or disclosure. These measures include, but are not limited to, encryption, access controls, secure storage facilities, and regular security audits.

7.2. Data Breach Response:
In the event of a data breach involving personal information, the Organisation will promptly assess the breach to determine if it qualifies as an ‘eligible data breach’ under the Notifiable Data Breaches (NDB) scheme. If applicable, affected individuals and the Office of the Australian Information Commissioner (OAIC) will be notified as required by law.

7.3. Retention and Destruction:
Personal information will be retained only for as long as necessary to fulfil the purposes for which it was collected or as required by law. Once the information is no longer needed, it will be securely destroyed or de-identified in accordance with the Organisation’s data retention policies and relevant legal requirements.

8. Access and Correction of Personal Information

8.1. Access Rights:
Individuals have the right to request access to their personal information held by the Organisation. All access requests must be made in writing and will be responded to within a reasonable timeframe, subject to any legal exceptions or requirements.

8.2. Correction of Information:
If an individual believes that the personal information held by the Organisation is inaccurate, out-of-date, incomplete, or misleading, they may request a correction. The Organisation will take reasonable steps to correct the information or provide a written explanation if the correction cannot be made.

9. Complaints Handling

9.1. Complaints Procedure:
Individuals who wish to complain about the Organisation’s handling of their personal information should submit their complaint in writing to the Privacy Officer. The Organisation will acknowledge the complaint within [14 days] and aim to resolve the matter within [30 days]. If the complainant is not satisfied with the response, they may escalate the complaint to the Office of the Australian Information Commissioner (OAIC).

9.2. Record-Keeping:
All complaints and their outcomes will be documented and reviewed regularly to ensure continuous improvement in the Organisation’s privacy practices.

10. Policy Review and Updates

10.1. Regular Review:
This Policy will be reviewed at least annually or more frequently as required to reflect changes in legislation, technology, or organisational practices. All amendments will be approved by the Organisation’s senior management and communicated to all stakeholders.

10.2. Version Control:
The most current version of this Policy will be maintained on the Organisation’s website and in all relevant internal documentation systems. Previous versions will be archived in accordance with the Organisation’s records management procedures.

11. Contact Information

For further information, or to submit an access request, correction request, or complaint, please contact:

Administration Management, Xyston Pty Ltd

Email: admin@xyston.com.au

Phone: 08 9468 1502

12. Acknowledgement

By interacting with Xyston Pty Ltd, individuals acknowledge and agree to the terms set forth in this Privacy and Confidentiality Policy. The Organisation reserves the right to enforce this Policy and to take any necessary legal action to protect its interests and the confidentiality of the personal information it holds.

This Comprehensive Privacy and Confidentiality Policy is designed to provide maximum protection for Xyston Pty Ltd, ensuring that all legal obligations are met while mitigating potential liabilities. The policy is thorough, addressing every aspect of personal information handling, from collection and use to security and disposal, all framed in comprehensive legal language that anticipates and preempts legal challenges.

Our dedicated team is committed to helping individuals with disabilities lead fulfilling lives.

Call: 08 9468 1502
Facebook-f Instagram Linkedin-in

About xyston

PRIVACY POLICY

 

OUR PEOPLE

© 2024 XYSTON. All rights reserved. Privacy Policy Terms of Use
Skip to content