This document sets out Scope Global’s policy regarding the collection, use, storage, disclosure of and access to personal and sensitive information, including health information. Scope Global is bound by the Australian Privacy Principles as set out in the Privacy Act 1988 (Cth) (“Privacy Act”) as amended from time to time.
This Policy aims to foster and maintain public trust and confidence in the integrity and professionalism of Scope Global by ensuring that Scope Global complies with the Australian Privacy Principles which protect personal information in our possession.
When an individual provides personal information to Scope Global they are agreeing to be governed by the terms of this Policy.
This policy applies to personal, sensitive and health information pertaining to any hardcopy or electronic record collected or created by Scope Global.
This policy does not apply to:
- any statistical information or data that does not identify individuals, that might be released to third parties except those of our clients requiring that information for the purposes of evaluating a Scope Global offer for professional services, research and analysis, or in compliance with a request from a bona fide law enforcement agency;
- information about a corporation; or
- employee records.
Australian Privacy Principles
Scope Global is bound by the Australian Privacy Principles as set out in the Privacy Act. A summary of the most relevant of these principles, as adapted for Scope Global, is set out below:
Principle 2 – Anonymity and Pseudonymity
Because of the nature of Scope Global’s core business, it will usually be impractical for individuals transacting with Scope Global to have the option of not identifying themselves or using a pseudonym. However where it is lawful and practical to do so, Scope Global will consider a written request by the individual.
The circumstances in which you can deal with Scope Global anonymously or using a pseudonym include:
- making a general enquiry about the programs or projects that Scope Global is involved in;
- when asked to participate in a survey for research purposes where identifying information is not essential;
- when making an enquiry about a position advertised at Scope Global; and
- when offering general feedback outside of structured program feedback channels
An individual may request at the start of any telephone call with Scope Global, in relation to a general enquiry, to remain anonymous (or to use a pseudonym).
Principle 3 – Collection
Scope Global will collect information only if the information is necessary for one or more of its functions or activities and with consent. Scope Global must collect information only by lawful and fair means and not in an unreasonably intrusive way.
Scope Global may collect and/or hold the following personal information (not including sensitive information):
- contact information such as name, address, email address, telephone numbers, fax numbers and date of birth;
- contact information for next of kin;
- results data;
- prior employment details or character references;
- financial details, including bank account details and credit card details;
- citizenship status;
- driver’s licence details;
- passport details;
- curriculum vitae (CV) application criteria, academic records/transcripts
- Police clearance records;
- Application data;
- Visa documents; and
Scope Global may collect and/or hold the following sensitive information:
- Medical information directly related to ability and/or competence to undertake a role, or fitness for duty assessments; and
- criminal record through a national police check; and
Scope Global will not collect sensitive information about an individual unless:
- the individual has consented and the collection is reasonably necessary for Scope Global’s functions or activities;
- the collection is required under law;
- the collection is necessary to prevent or lessen a serious threat to the life or health of any individual, or to public health or safety; or
- the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
Scope Global may collect and/or hold the following health information:
- information about the health or disability of an individual;
- information about a health service provided, or to be provided to an individual; and
- an individual’s expressed wishes about the future provision of health services to that individual
Scope Global collects, holds, uses and discloses personal, sensitive or health information to enable us to:
- market or promote our programs, projects, services and events directly to individuals;
- assess an applicant’s eligibility for employment, volunteer programs, scholarships, awards etc;
- resolve a complaint;
- provide further information about a program or project;
- administer our programs and projects;
- work with government agencies and other stakeholders to implement and run our programs and projects;
- record all relevant interactions with an individual; and
- for other purposes related to any of the above.
If it is reasonable and practicable to do so, Scope Global will collect personal, sensitive and health information about an individual only from that individual through online application forms and hard copy documentation. However, there will be instances where Scope Global will obtain such information from other sources, e.g. references for employment purposes, results data for prospective students / Award Holders / Volunteers etc. In such instances Scope Global will take reasonable steps to ensure that the individual is or has been made aware except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.
If Scope Global does not collect the required personal, sensitive or health information it may not be able to provide an individual with the services requested, including access to a particular program or project.
Principle 6 – Use and Disclosure
Personal, sensitive or health information collected and held by Scope Global will only be accessed and used in a manner consistent with the original purpose stated at the time of collection.
If required, information may be used or disclosed for a secondary purpose:
- with the individual’s written consent;
- if the individual would reasonably expect the information to be used or disclosed for this secondary purpose;
- to reduce or avoid a threat to an individual’s life, health or safety;
- to reduce or avoid a serious threat to public health and safety;
- when the use or disclosure is required or is specifically authorised by law;
- if Scope Global has reason to suspect that unlawful activity or misconduct of a serious nature has or is being engaged in, in relation to Scope Global’s functions or activities and the use or disclosure is necessary to allow Scope Global to take appropriate action; or
- as required by law to certain government departments and statutory bodies.
Scope Global discloses information to necessary third parties, who assist to implement, provide, manage and administer our programs and projects. The third parties include (but are not limited to):
- program stakeholders (includes government agencies and private sector organisations) such as the Department of Defence, the Department of Education, the Department of Foreign Affairs and Trade;
- Australian educational institutions for the purposes of accessing scholarship applications;
- entities that have a role in running the projects and programs that we offer, such as host organisations or sub-contractors
We may disclose information to overseas parties for the purposes of undertaking our projects and programs.
On receipt of personal, sensitive and health information, third parties are responsible for the management, use and disclosure of the information provided. Scope Global’s Policy will no longer apply to this information.
Principle 7 – Direct Marketing
Scope Global may use personal information (excluding sensitive information) for the purposes of marketing and promoting our programs, projects, services and events to an individual. Examples include sending scholarship recipients invitations to alumni events.
If an individual no longer wishes to receive marketing/promotional material they may select the ‘opt-out’ option provided within the material sent to them or may send an opt-out request to the Privacy Officer using the contact details provided in this Policy.
Principle 8 – Transborder Data Flow
Scope Global will only disclose personal, sensitive or health information about an individual to someone who is outside Australia if:
- the individual consents to the transfer; or
- Scope Global reasonably believes that the recipient is subject to privacy laws similar in scope to the Australian Privacy Principles and there are mechanisms for the individual to take action to enforce these laws.
Principle 9 – Government Related Identifiers
Scope Global will not adopt unique government related identifiers of an individual as its own (unless expressly allowed under the Privacy Act) nor will it require an individual to provide a unique identifier in order to obtain a service.
Principle 11 – Security
Scope Global holds all information in hard copy documents and/or in electronic format.
Scope Global will:
- Take reasonable steps to ensure that personal, sensitive or health information is protected by all reasonable safeguards against loss, interference, unauthorised access, modification, disclosure or any other misuse.
- Ensure that personal, sensitive or health information is kept for no longer than is necessary for the purposes for which it may lawfully be used. Hard copy records no longer required will be disposed of securely and in accordance with any requirements for the retention and disposal of personal information.
Scope Global implements this by using the following safeguards:
- imposing confidentiality requirements on employees;
- imposing our Code of Conduct policy expectations and requirements on employees;
- implementing policies in relation to document storage security;
- implementing security measures to govern access to Scope Global’s systems;
- only providing access to personal information once proper identification has been given;
- controlling access to premises; and
- implementing website protection measures.
Principle 12 and 13 – Access and Correction
If Scope Global holds personal, sensitive or health information about an individual it will provide the individual with access to that information on request by the individual, except to the extent that Scope Global is governed by legal processes.
Where providing access would reveal evaluative information generated within Scope Global in connection with a commercially sensitive decision-making process, Scope Global may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
If Scope Global holds personal, sensitive or health information about an individual and the individual is able to establish to the satisfaction of Scope Global that the information is inaccurate, incomplete, irrelevant, misleading or not up-to-date, Scope Global will take reasonable steps to correct the information, having regard to the purpose for which it is held.
A request for access to, or correction of, an individual’s information should be directed to the Privacy Officer via the contact details provided in section 2 of this Policy.
Such a request will be dealt with by the Privacy Officer as soon as reasonably practicable. If the individual’s request is denied, Scope Global will provide a written notice detailing reasons for the refusal and the process for an individual to make a complaint about the refusal to grant the request.
Scope Global may deny access to an individual’s personal information if:
- access would pose a serious threat to the life or health of any individual or the public;
- access would have an unreasonable impact on the privacy of other individuals;
- the request for access is considered “frivolous” or “vexatious”;
- the information relates to a commercially sensitive decision making process;
- access would be unlawful or denying access is required or authorised by law or a court order;
- Scope Global has reason to suspect that unlawful activity or serious misconduct is being, or has been, engaged in with regard to our business functions or activities and the granting of access would prejudice Scope Global’s ability to take appropriate action;
- access would prejudice enforcement activities relating to criminal activities and other breaches of law, public revenue, a security function, or negotiations with the individual;
- the information relates to negotiations or legal proceedings that are in place, or anticipated, between an individual and Scope Global; or
- access would be likely to prejudice enforcement related activities conducted by an enforcement body.
Scope Global will take appropriate steps to verify an individual’s identity (or the person’s authority to act as a legal guardian or authorised agent of the individual concerned) before granting a request to access or correct personal, sensitive or health information.
An individual also has a right under the Freedom of Information Act 1982 (Cth) (“FOI Act”) to request access to documents held by a government body and to seek correction or annotation of those documents. Due to the nature of Scope Global’s activities and involvement with a number of government bodies, Scope Global may hold information to which an FOI request relates. Scope Global will comply with a request for information (or the correct or annotation of information) made by a government body in relation to an individual’s FOI request, in accordance with the requirements of the Privacy Act.
Managing Data Breaches
Scope Global maintains strict ICT controls and risk mitigation strategies to ensure the safety and security and management of our data. In the unlikely event of a data breach occurring, the relevant Manager must immediately notify Scope Global’s Privacy Officer.
A data breach can defined by instances of personal information being held by Scope Global that is lost, subjected to unauthorised access, modification, disclosure, or other misuse or interference. This could include:
- a database containing personal information being hacked or
- personal information mistakenly provided to the wrong person, or;
- a device or laptop containing personal information is lost or stolen
Any instances of data breaches will be managed in accordance with the Notifiable Data Breaches (NDB) requirements as outlined in the Data Breach Notification Guide and recorded on Scope Global’s Privacy Breach Incident / Complaint Form.
Any person, who on reasonable grounds believes that Scope Global has breached this Policy may complain in writing to the Privacy Officer specifying details of the alleged breach. A written complaint can be emailed or posted to the Privacy Officer using the contact details set out in this Policy.
It is requested that the written complaint be forwarded within six (6) months of the time the complainant first became aware of the breach. If a complaint is received after this time, Scope Global may not be able to investigate the complaint.
The Privacy Officer shall investigate complaints as expeditiously as practicable and shall provide a written copy of the findings of fact and recommendations made to the (“Executive Team”) and to the complainant within 30 days of receipt of the complaint.
The Executive Team will determine what action will be taken on any recommendation contained in the findings as presented by the Privacy Officer.
The Privacy Officer will keep a confidential record of complaints and resolutions.
If an individual is unsatisfied with the outcome of a complaint, the complaint may be referred to the Office of the Australian Information Commissioner to be resolved.
If an individual wishes to:
- make a complaint about Scope Global’s compliance with the Australian Privacy Principles;
- gain access to or seek correction of personal, sensitive or health information;
- contact Scope Global with a query about how an individual’s personal, sensitive or health information is collected or used; or
an individual can speak directly to a Scope Global staff member who will do their best to try to resolve the issue as simply as possible. Alternatively, an individual can write or send an email to Scope Global so that the Privacy Officer can consider the matter. The Privacy Officer will respond as soon as reasonably practicable.
Scope Global’s contact details are as follows:
Position: Privacy Officer – Senior Manager, People and Culture
Phone: +61 8 8364 8500
Postal address: 41 Dequetteville Terrace, Kent Town SA 5067
For more information on privacy, visit the Office of the Australian Information Commissioner’s website.
This Policy was last updated on 10 November 2017.