At CSG we recognise that we have an obligation to comply with Australian Law.
The purpose of this policy is to:
a) Clearly communicate how and for what purposes CSG collects, uses, discloses and stores personal information, and how individuals may access and correct personal information held about them;
b) Enhance the transparency of CSG operations;
c) Ensure employees and volunteers are aware of their obligations; and
d) Give individuals a better and more complete understanding of the personal information that CSG holds, and the way in which such information is managed.
While the Privacy Act 1988 (Cth) does not apply to employee records, CSG has extended this Policy to include employee records.
This Policy also applies to all CSG subsidiaries including but not limited to Community Solutions Group Ltd, SkillsPlus Ltd, Acclaim Apprentices and Trainees Ltd, BRACE Education Training & Employment Ltd and TORGAS.
Australian law means:
a) An Act of the Commonwealth or of a State or Territory; or
b) Regulations, or any other instrument, made under such an Act.
Authorised personnel refer to anyone who occupies a CSG position with an inherent requirement to access personal information.
Business partners refers to a business that provides support to CSG via the provision of funds, time or services, including suppliers, whether paid or not.
Clients/people who access services, refers to an organisation or individual which receives support, goods or services from CSG either regularly or on a short term basis.
Customers refers to anyone who purchases goods or services from CSG.
De-Identification refers to the process used to prevent a person’s identity from being connected with information.
Donors refers to a person or business who makes a one-off or occasional financial and/or in kind contribution to CSG.
CSG (“we”, “our”, “us”) refers to CSG, together with all of its subsidiaries including but not limited to:
a) Community Solutions Group Ltd;
b) SkillsPlus Ltd;
c) Acclaim Apprentices and Trainees Ltd;
d) BRACE Education Training & Employment Ltd;
e) TORGAS Ltd;
CSG people (“you”, “your”, “their”, “them”) refers to employees, volunteers, clients/people who access services, customers, business partners and online users (including delegates) of CSG.
CSG services refers to the services described in section 4.0 of this Policy.
CSG website refers to the CSG website such as, but not limited to, www.communitysolutions.org.au and all related sites and micro-sites including those operated by subsidiaries of CSG.
Online users refers to anyone that accesses the CSG websites such as, but not limited to, www.communitysolutions.org.au and all related entities sites.
Personal information as defined by section 6 of the Privacy Act 1988 (Cth), is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not. Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
Sensitive information as defined by section 6 of the Privacy Act 1988 (Cth), is:
a) Information or an opinion about an individual’s:
i. Racial or ethnic origin; or
ii. Political opinions; or
iii. Membership of a political association; or
iv. Religious beliefs or affiliations; or
v. Philosophical beliefs; or
vi. Membership of a trade union; or
vii. Sexual orientation or practices; or
viii. Criminal record.
That is also personal information; or
b) Health information about an individual; or
c) Genetic information about an individual that is not otherwise health information; or
d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
e) Biometric templates.
Overview of Programs and Services
a) Employment services
b) Education and Training
c) NDIS and Community
CSG's Legal Obligations
SkillsPlus and BRACE (Victoria only)
Information Privacy Principles and Health Privacy Principles
Programs that received funding from the Department of Health and Human Services (DHHS) Victoria are bound by the Information Privacy Principles (IPPs) and Health Privacy Principles (HPPs).
Should an incident occur under these programs it is a requirement by the DHHS that a Privacy Incident Report form is completed online via https://dhhs.vic.gov.au/publications/privacy-policy. The DHHS will contact the organisation regarding management of reported incidents.
Collection of Personal and Sensitive Information
The nature and extent of personal and sensitive information collected by CSG varies depending on the type of interaction requested by individuals involved.
CSG collects personal and sensitive information from clients, business partners, online users, CSG people (volunteers, employees, delegates and candidates for volunteer work and prospective employees) in order to deliver offered services. Sought after information can include:
a) contact details;
b) personal details;
c) date of birth;
d) bank details;
e) health information;
f) information on personal issues and experience;
g) purchase/donation history;
h) Australian Business Number (ABN)/Tax file numbers;
i) transaction details associated with CSG donations products and services;
j) payment details such as credit card number and expiry date;
k) server/IP address, browser type, date and time of visit; and/or
l) any other information considered reasonable for the conducting of CSG Business.
CSG does not match the personal information collected with the non-personal information.
Prospective and current volunteers, employees, delegates and candidates
In relation to current or potential CSG people, additional information may be collected, including:
a) emergency contact person(s);
b) country of birth, citizenship, residency and/or visa details;
c) details of current/previous employment or volunteer involvement;
d) skills and experience;
e) languages spoken and written;
f) qualifications, driver’s license details;
g) information and opinions from referees for prospective employees and candidates for volunteer work
h) health information;
i) a Criminal History Check may be required for some roles in CSG (particularly those involving children, young people and other vulnerable people). Individuals will be required to provide certain information for a Criminal History Check; and/or
j) a psychological profile report may be requested for some roles in CSG.
CSG may collect health information as part of providing services. For example, medical history may be collected from some clients participating in CSG programs to ensure that services are specific to their needs and safety is maintained for all CSG people involved.
When collecting health information, CSG will obtain your consent and explain how the information will be used and disclosed. Any health information provided will not be used beyond what was consented to, unless further permission is obtained, or the use of such information is in accordance with one of the exceptions under the Privacy Act or in compliance with another law.
Where health information is used for research or statistical purposes, it will be de-identified.
How We Collect Information
Any concerns about requested information may be raised to a CSG representative.
In some situations, CSG may need to obtain personal information about you from a third-party source, such as a Health Care Professional. Where possible, your permission will be sought before such information is requested and steps taken to ensure you’re aware of the purposes the information is being collected for, as well as any other organisations to which the information may be disclosed to, subject to any exceptions under the Privacy Act.
Use of Personal Information
From time-to-time, promotional offers and special events will be communicated through direct marketing and other channels. Individuals will be provided with a simple means to opt-out of these communications.
Purposes for which CSG uses personal information
a) To process an application or facilitate involvement regarding employment, volunteering, services, placements and/or programs within CSG;
b) To assess, plan and provide you with appropriate services including communicating with your emergency contacts, advocates, treating professionals and the like;
c) To meet any legal, accounting and/or routine reporting requirements or best practice standards- including what may be required by government or other funding programs;
d) To process donations, purchases and receipting;
e) To monitor and evaluate existing services, plan for future services and improve our services and programs;
f) To provide transparency about the management and administration of donated funds, particularly for appeals for public donations including recognising your support of CSG;
g) To facilitate ongoing grant submissions, marketing, and other activities to ensure the ongoing financial viability of CSG;
h) To establish and manage partnerships and business relationships, as both a purchaser and provider of goods and services;
i) To process pay, superannuation, direct debits and salary sacrifice for employees, and manage performance and employment matters generally;
j) To keep people informed about CSG news, developments, services and opportunities;
k) To facilitate further involvements with CSG (e.g. disability supports, business solution);
l) To support the review of complaints and investigation processes by Board appointed external committees.
Additional information for unsuccessful applicants
Information relating to unsuccessful candidates for employment or volunteer work will be stored securely for reference as required to provide feedback to the applicant or, with the applicant’s consent, for consideration of other opportunities within CSG. This information will be destroyed after 12 months.
Disclosure of Personal Information
a) Government departments/agencies providing funding for CSG services;
b) Contractors who provide and/or manage some of the services offered by CSG. Reasonable steps are taken to ensure such contractors comply with the APPs. Contractors are only authorised to receive and use personal information if they need it to provide the services or to perform the functions required by CSG;
c) Doctors and health care professionals who assist in delivering our services;
d) Other regulatory bodies, such as SafeWork Australia;
e) Referees and former employers of CSG employees and volunteers, and candidates for CSG employment and volunteer positions;
f) External auditors, insurers or other professional advisers and agents of CSG;
g) CSG may disclose, when necessary, information relevant to a credit reporting body, where an Act or relevant Code permits us to do so, for the purposes of that body or a third-party entity assessing an application for credit. The credit reporting bodies may include, but not be restricted to:
i. Dun and Bradstreet (Australia) Pty. Ltd;
ii. Veda Advantage Information Services and Solutions Ltd;
iii. Experian Australia Credit Services Pty Ltd.
Except as set out above, CSG will not disclose an individual’s personal information to a third-party unless one of the following applies:
a) The individual has consented to the release;
b) The release is required or authorized by law;
c) The individual would reasonably expect CSG to use or give that information for another purpose related to the purpose for which it was collected (or in the case of sensitive information – directly related to the purpose for which it was collected);
d) It will prevent or lessen a serious threat to an individual’s life, health or safety, or the public’s health or safety;
e) It is reasonably necessary for CSG to take appropriate action in relation to suspected unlawful activity, or misconduct of a serious nature relating to our functions or activities; and/or
f) It is reasonably necessary for law enforcement purposes.
CSG will, where necessary and appropriate, take reasonable steps to have appropriate confidentiality deeds in place in instances where information is disclosed to third-party agents of CSG.
CSG will not sell your personal information to any third-party.
Security of Personal and Sensitive Information
If CSG becomes aware of a breach or potential breach of security relating to your personal or sensitive information, all reasonable and legal steps to secure the information and/or stop a further breach will be taken. You will be advised if the breach is likely to result in any serious harm. You will also be advised of any recommendations on how you should respond to such a breach.
Personal and Sensitive information will be destroyed securely once the appropriate time limits have been reached.
Access to and Correction of Personal Information
For security reasons, such requests must be made in writing and proof of identity provided. This helps ensure personal information is provided to the correct individual.
If CSG does not agree to share or correct personal information per your request, you will be provided with a written explanation of the reasoning behind the decision and what steps can be taken to challenge it.
Where a request is accepted, CSG will generally provide a summary of the information held about the individual. Unless told otherwise, it will be assumed that the request relates to current records (no older than six months). These current records will include personal information held in CSG databases and in paper files that are generally used on a day-to-day basis. CSG will provide access by allowing you to inspect, take notes or printouts of personal information held about you. If personal information (for example, name and address details) is duplicated across different databases, CSG will generally provide one printout of this information unless otherwise requested.
All reasonable steps will be taken to provide access to the information requested within 14 days of the request. For more complicated requests or requests requiring access to large volumes of information, all reasonable steps will be taken to provide access or the information requested within 30 days.
CSG may charge you reasonable fees in regard to any costs incurred relating to the access to information request, including the cost of photocopying and delivery costs of information stored offsite.
If an individual is able to establish that personal information CSG holds about them is not accurate, complete or up-to-date, reasonable steps will be taken to correct our records in a timely manner.
CSG may refuse access to information
CSG may refuse to provide access to or copies of information held in circumstances where:
a) The request does not relate to the personal information of the person making the request, except where that person is the legal guardian, or substitute decision-maker of the person whose information is being requested;
b) Providing access would pose a serious threat to the life, health or safety of a person, or to the public health, or public safety;
c) Providing access would create an unreasonable impact on the privacy of others;
d) The request is frivolous and/or vexatious;
e) The request relates to existing or anticipated legal proceedings and would not be required to be disclosed in those proceedings;
f) Providing access would prejudice negotiations with the individual making the request;
g) Access would be unlawful;
h) Denial of access is authorized or required by law, including by Order of a Court or Tribunal;
i) CSG has reasonable suspicion that unlawful activity or serious misconduct relating to their functions or activities has been, is being or may be engaged in, and access would prejudice taking appropriate action in relation to the matter;
j) Access would prejudice law enforcement activities, for example, a police investigation;
k) Access discloses a ‘commercially sensitive’ decision making process or information; or
l) Any other reason that is provided for in the APP’s or in the Privacy Act.
If a request for access to information is denied, the reasons for denying such access will be set out for you. Where there is a dispute about right of access to information or forms of access, this will be dealt with in accordance with the complaint’s procedure set out below.
Privacy Complaints Procedure
If you have provided us with personal and/or sensitive information, or we have collected and hold your personal and/or sensitive information, you have a right to make a complaint and have it investigated and dealt with.
A privacy complaint can relate to any concerns you may have regarding CSG’s privacy practices or the handling of your personal and sensitive information by the organisation. This could include matters such as how information is collected or stored, how information is used or disclosed, or how access to personal and sensitive information is provided.
CSG is committed to achieving an effective resolution regarding privacy complaints within a reasonable timeframe, usually 30 days or as soon as practicable. However, where the matter is complex or materials need to be located or retrieved from archives, the resolution may take longer. Where appropriate, discussions may occur with the complainant if CSG believes the matter will take over 30 days to manage.
A privacy complaint can be made out to the CSG Privacy Officer, details found in section
• CS_D0002 Records Retention Policy
• CS_D9000 Customers and Services Policy
• CS_D8001 Data Breaches Policy
• CS_G2000 Information Exempt under FOI Guide
• CS_G2001 Information Exempt under Privacy Act & APP’s