Privacy policy
HONEYVALE FARM A.B.N. 55 357 702 865 TRADING AS HONEYVALE FARM
PRIVACY POLICY
PRIVACY POLICY
1. PRIVACY ACT
Our business is bound by the Privacy Act 1988 (the Act) and the Australian Privacy
Principles (APP). Our business is an APP entity as defined in s 6(1) of the Act.
We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, addresses, telephone numbers, social media details, email addresses, occupations, medical records and relationship details.
Personal information is collected from our clients in the following ways:
- by providing it to us directly;
- by authorising third parties to provide it to us;
- by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf.
2. HOW IS PERSONAL INFORMATION RECEIVED AND HELD?
Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents. We never ask for bank details or other sensitive information by email.
3. FOR WHAT PURPOSE IS PERSONAL INFORMATION COLLECTED, HELD, USED
AND DISCLOSED?
All data processed by the business is done on a lawful basis. The purposes for which we
collect, hold, use and disclose personal information are:
-
to offer our services to our clients. In doing so we may disclose personal
information to other people or entities involved in the provision of the product or
service, such as government departments and individuals. Unless compelled by
law, we will never disclose personal information without the client’s knowledge
and consent; -
to facilitate our internal and external administrative processes including financial
and business operations and reporting requirements; -
to obtain, maintain and comply with the terms of our professional indemnity and
other insurance policies; and to comply with applicable laws
We may disclose information to another person, entity, authority or government body if:
- we are required to do so by an Australian law;
-
we are ordered to do so by a court/tribunal order; and/or
there is an immediate or imminent risk of serious harm to a client, an identified - third party and/or the general public; and/or
- Where a permitted general or health situation exemption applies under the Act.
4. HOW CAN PERSONAL INFORMATION BE ACCESSED OR CORRECTED?
Clients may access their personal information and seek correction of it at any time by
applying to us in person or in writing.
Clients will be formally identified before releasing or amending any personal information.
5. WHAT IS THE COMPLAINTS PROCESS RELATING TO PERSONAL
INFORMATION?
If there is a breach of this Policy, either of the Act or the Australian Privacy Principles (APP),
a complaint may be made by the client to us or to Office of the Australian Privacy
Commissioner.
6. WHAT IS AN ELIGIBLE DATA BREACH?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
- there is unauthorised access to, or unauthorised disclosure of, the information;
- a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
(b) the information is lost in circumstances where:
- unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
- assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;...
7. IF THERE IS A SUSPICION OF A BREACH
If we suspect that there has been an eligible data breach, a reasonable and expeditious
assessment will be conducted within 30 days.
assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach in relation to a client’s information then a statement will be prepared setting out:
- a description of the breach;
- the kind or kinds of information concerned; and
- recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients
who may be at risk from the breach. If this is not practicable, we will publish the statement on our website and take other reasonable steps to publicise its contents.
Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
who may be at risk from the breach. If this is not practicable, we will publish the statement on our website and take other reasonable steps to publicise its contents.
Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
8. EXCEPTION TO REPORTING
Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals
- Choosing a selection results in a full page refresh.