Our Privacy Policy and Procedures
Introduction
The Board of the ISS INSTITUTE is committed to protecting the privacy of personal information that the organisation collects, holds and administers. Personal information is information that directly or indirectly identifies a person.
Policy
The ISS INSTITUTE collects and administers a range of personal information for the purposes of providing its services and recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by the ISS INSTITUTE core values and philosophies.
The ISS INSTITUTE is bound by Victorian Privacy Laws, the Information Privacy Act 2000, as well as other laws, which impose specific obligations when it comes to handling information. The organisation has adopted the respective Privacy Principles contained in the Victorian Privacy Laws as minimum standards in relation to handling personal information.
In broad terms this means that the ISS INSTITUTE will:
-
Collect only information which the organisation requires for its primary function
-
Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered
-
Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent
-
Store personal information securely, protecting it from unauthorised access
-
Provide stakeholders with access to their own information, and the right to seek its correction.
The ISS INSTITUTE will adhere to the procedures outlined below.
Procedures
Collection
The ISS INSTITUTE will:
-
Only collect information that is necessary for the performance and primary function of its services
-
Notify stakeholders about why the information is collected and how it is administered
-
Notify stakeholders that this information is accessible to them
-
Take reasonable steps to ensure the information collected is accurate, complete, up-to-date, and relevant to the functions performed.
Security and Retention
The ISS INSTITUTE will:
-
Safeguard the information collected and will store it against misuse, loss, unauthorised access and modification
-
Only destroy records in accordance with company policy.
Openness
The ISS INSTITUTE will:
-
Ensure stakeholders are aware of the ISS INSTITUTE ’s Privacy Policy and its purposes
-
Make this information freely available in relevant publications and on the organisation’s website.
Access and Correction
The ISS INSTITUTE will:
-
Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up-to-date.
Anonymity
The ISS INSTITUTE will:
-
Give stakeholders the option of not identifying themselves when completing evaluation forms or opinion surveys.
Making information available to other service providers
The ISS INSTITUTE can only release personal information about a person with that person’s expressed permission. For personal information to be released, the person concerned must sign a Privacy Information Release Consent Form
Responsibility
The ISS INSTITUTE’s Board, Chief Executive Officer and all employees are responsible for the implementation of this policy.