AG BUSINESS BUSINESS SERVICES RFCS PROGRAM WELLNESS EVENTS ABOUT US
CONTACT US
DONATE

INFORMATION PRIVACY AND DATA PROTECTION POLICY 

Introduction 

NEX Business Farming Wellness (NEX) is required to gather; store and use certain information about the organisation's operations as well as individuals, including clients; suppliers; business contacts and employees. 

NEX acknowledges that to perform its service agreement with clients, both personal and sensitive information will need to be collected, managed, treated confidentially and securely stored or destroyed. 

Purpose 

NEX recognises its obligation to ensure the security and privacy of private and sensitive information and data, and is committed to safeguarding it in accordance with applicable legislation.   

This policy describes how personal and sensitive data must be collected, handled and stored to comply with the law, being to use fairly, store safely and not disclose unlawfully. 

This policy is to help protect NEX from data security risks, including: 

  • Breaches of confidentiality; 
  • Failing to offer choice to stakeholders regarding their personal information; 
  • Reputational damage if hackers successfully gained access to sensitive data. 

Any significant breaches of this policy should be reported immediately to the Executive Officer via an incident report (Employment Hero). 

SCOPE  

This policy applies to:  

(a) All Members of the Board  

(b) All employees; and  

(c) Contractors, volunteers and visitors to RFCSV-G's premises, to the extent it is relevant to them. 

(d) all sources of information being electronic; printed; correspondence; notations and diary entries.  It also applies to Electronic devices that are the personal property of employees. 

Legislation  

Privacy & Data Protection Act (2014) - Victoriai 

Privacy Act (1988) – Federal 

Freedom of Information Act (1982) - Federal 

Child Wellbeing and Safety Act (2005) - Victoria  

Australian Privacy Principles 

Policy 

NEX collects and administers a range of personal and sensitive information for the purposes of its services. The organisation is committed to protecting the privacy of client’s personal and sensitive information it collects, holds and administers. These obligations are governed within the Client Services Agreement. 

NEX will ensure the necessary restrictions on the information it holds are observed by its employees. 

NEX will ensure that electronically stored information and data is protected from unauthorised access, modification; accidental deletion or loss; corruption; theft and malicious hacking attempts.  Information data stored on servers and cloud computing services is protected by suitable and approved security software and a firewall and appropriate levels of security/access is provided to users of the system. 

All client and employee files, corporate data and general correspondence are and remain the property of NEX.  

The organisation has adopted the following principles as minimum standards in relation to handling personal and sensitive information. 

NEX will: 

  • Collect only information which the organisation requires for its primary purpose; 
  • Ensure that stakeholders are informed as to why the information is collected and how we administer the information gathered; 
  • Use and disclose personal or sensitive information only for its primary functions or a directly related purpose, or for another purpose with the person’s consent; 
  • Securely store information or destroy when appropriate, protecting it from unauthorised access; 
  • Provide stakeholders with access to their own information, and the right to seek its correction; 

Our nominated privacy officer is the Executive Officer (EO). The EO will provide training to all employees to help them understand their responsibilities when handling data, private and sensitive information. All staff are required to complete privacy training as part of their induction, and biennially. Certificate of completion will be filed in Employment Hero HR Platform. 

Any personal information disclosed by a client, employee or contractor will be kept confidential and securely stored as required under the contractual agreement with the Commonwealth Government and in accordance with any current legislation. 

Disclosure 

NEX acknowledges that personal information may be disclosed to third parties where necessary for the information and management of the the programs delivered by NEX and related purposes.  This disclosure is to be consistent with relevant laws, in particular the Privacy Act (1998). However, all requests for NEX information to be distributed external must have the express approval from the Executive Officer, who is responsible for ensuring the request is legitimate and may seek assistance from the Board and legal advisers if unsure. 

NEX reserves the right to disclose demographic and summarised information, when required, under the contractual agreement with the Commonwealth or State Government, provided that this information does not in any way disclose the identity of the client. 

Employee and Contractor Obligations 

All NEX employees have some responsibility for ensuring information data is collected, stored, destroyed and handled appropriately. 

As a condition of appointment, all personal and sensitive (including corporate) information shall not, except with the express written approval, directly or indirectly use, divulge or communicate to any person any information or other confidential information obtained or accessed while during appointment. 

It is the responsibility of all NEX employees who manage information data to ensure that it is handled and processed in line with this policy and applicable procedures.  

To ensure security of personal and sensitive data and information, the following guidelines apply: 

Personal data should not be disclosed to unauthorised people, either within the company or externally;  

  • All information and data should be kept as accurate and up to date as possible;  
  • Information and data stored on paper or removable media, must be kept in a secure place where unauthorised people cannot access or view it; particularly important due to WFH conditions. Preference is to store all information electronically in NEX cloud systems rather than paper. 
  • Any electronic data should be synced with NEX cloud computing service frequently to ensure ongoing access to data (including whist offline).  
  • Employees should NOT save copies of client personal data to their own computers or private files. 
  • All personal, sensitive or private data held for a specified purpose, must be identified as ‘sensitive record’ in SharePoint and will be automatically deleted after 6 months. 
  • Passwords should be used on all electronic devices. 
  • NEX will not take responsibility for the protection of and access to personal data saved on laptops (outside of SharePoint). 

Client Information & Files 

Before a client agrees to engage with NEX services, they are to be informed of the Information Privacy & Data Protection Policy; confidentiality; access to their files and the personal and sensitive information that will be requested by NEX, and how these will be managed, disclosed, stored and destroyed when appropriate.   

Clients must sign the 'Client Service Agreement & Declaration' acknowledging the collection and use of their personal and sensitive information and the manner of which it is handled.   

Data collection, type of data and record keeping and reporting method obligations are also outlined in RFCS Case Management Framework adopted by NEX. 

Employee Files 

The EO and HR have responsibility for ensuring the integrity and confidentiality of all employee records, both active and archived. 

Employees have the right to request in writing, addressed to the EO, to view the contents of their employee file, and/or information contained be corrected and/or additional information be placed.  Employees have a right to take a copy of any document in their employee file, except for any confidential reference check(s) documented. 

All employees, including Board members, have a responsibility to keeping their employment records up to date. 

Complaints 

NEX will be efficient and fair when investigating and responding to information privacy complaints and will respond to complaints in accordance with NEX Dispute Resolution Policy. 

A deliberate breach of confidentiality and privacy by RFCS board members, employees or contractors will be a cause for instant dismissal. 

Unresolved complaints should be directed to the Commissioner of Privacy and Data Protection.