Last Updated: June 8th, 2018
At Shadforth, we are committed to protecting the privacy and accuracy of your personal information. We respect your personal information and your right to privacy. Shadforth complies with Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs are designed to protect the confidentiality of information and the privacy of individuals by regulating the way personal information is collected, used, disclosed and managed.
‘Personal information’ means information or an opinion relating to an identified, or reasonably identifiable, individual.
‘Sensitive information’ is a type of personal information and includes information about an individual’s health (including predictive genetic information), racial or ethnic origin, political opinions, membership of a political association, professional or trade association or trade union, religious beliefs or affiliations, philosophical beliefs, sexual preference, criminal record, biometric information that is to be used for certain purposes and biometric templates.
What type of personal information is collected and stored
Shadforth collects personal information, from our employees, customers, vendors and job applicants. The types of personal information we may collect include but are not limited to:
- contact information (such as your name, date of birth, address, email address, telephone number, fax number, emergency contact information),
- details and copies of your identity documentation, licences (including Driver and industry licencing),
- banking details,
- educational and training certificates and information contained in a CV.
The APPs impose greater obligations on us regarding any collection, use or disclosure we make of your sensitive information.
If for some reason we do need to collect your sensitive information, we will only collect it if:
- you have expressly consented to us doing so
- we are required to do so by law
- the collection is necessary to establish, exercise or defend a legal claim.
The purposes for which we collect, hold, use and disclose personal information
All personal information collected by Shadforth is solely used to undertake our responsibilities as a provider of civil and structural engineering construction services. It may be used for the purposes of:
- meeting our employer obligations:
- payroll and making superannuation contributions, maintaining records, etc
- in an emergency
- compliance to ensure that our employees and contractors have the skills, experience, qualifications and clearances required to perform services for Shadforth and our customers;
- or where required by law
- to consider employment applications;
- collecting feedback and information from third parties relating to our employees, contractors and suppliers’ performance of services for or on behalf of Shadforth;
- responding to your requests, enquires and/or complaints;
- to facilitate contact with clients, business contacts and individuals associated with providing services or business dealings with Shadforth;
- notification of changes or developments to our policies, procedures, services, activities and programs.
Shadforth must only use or disclose your personal information to the extent necessary to comply with laws, perform Shadforth’ functions or exercise its rights.
Shadforth will take reasonable steps to ensure personal information that it stores is accurate and relevant to the purposes for which it is to be used.
There are situations where we are required by legislation to disclose your personal information to law enforcement agencies, emergency service agencies and other authorities.
How we collect and securely store personal information
Personal information may be collected by Shadforth by way of provision of personal information by individuals via online induction systems, contact forms and employment applications, user-generated content; market research, emails, phone and during face-to-face meetings and interviews. Where necessary and with your consent, we supplement the information we receive from you with information from third party sources. If you have referred us to third parties to obtain personal and other information about you we will assume, and you must ensure, that the third party is aware that you have referred us to them and of the purposes involved in the collection, use and disclosure of your personal information.
We collect electronic personal information about your use of our website each time you visit it. The kinds of electronic personal information we collect may include:
- the date and time of visits
- which pages are viewed
- how users navigate through the site and interact with pages (including fields completed in forms, applications completed, search items entered)
- location information about users
- information about the device used to visit our website;
- internet provider details
- referring URLs (universal locators)
- IP addresses.
The cookies we use monitor your use of our website to learn about your preferences so that we may improve our products and services and provide you with a more user-friendly experience when you visit our website.
Most Web browsers are set to accept cookies. If you prefer not to receive cookies, you can configure your Internet browser to reject them or to notify you if they are being used. However, deleting or refusing to accept cookies may limit the functionality of our website and effect your overall experience in using our website.
Shadforth takes all reasonable steps to protect your personal information from loss, misuse or unauthorised disclosure, modification or destruction. Shadforth’ code of conduct and information security policies prohibit employees from looking at, recording or disclosing personal information about you except in course of performance of their duties.
These include but are not limited to:
- limiting access to the information we collect about you to “a need-to-know” basis;
- requiring any third-party providers to have adequate security measures; and
- putting in place other physical, electronic, and procedural safeguards in line with industry best standards that include but are not limited to:
- multi factor authentication for user access permission
- firewalls and network security systems
- tier one third-party data storage providers (all data is stored on servers located in Australia)
- on site security measures to limit physical access to our premises
How you may access, review and update your personal information
Under the APPs, you may be able to obtain a copy of the personal information that we hold about you. The APPs provide some exceptions to your rights in this regard. You may request access to personal information we hold about you and you may request corrections be made to that information. We encourage all requests for access to your personal information to be directed to Shadforth by email or otherwise in writing to the address detailed in the section “Enquiries and Contacting us” below.
You have the option when you contact us to either not identify yourself or to use a pseudonym. However, this option is not available where it would make it impracticable for us to communicate with you or if we are required or authorised by law to only deal with individuals who have identified themselves.
We will generally provide you with access to any personal information we hold about you on request. In limited circumstances, however, access may be refused if required or permitted by law. If we do not provide you with access, we will explain the reasons for our refusal in writing.
We may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.
We will endeavour to respond to written requests for access and correction of personal information within 30 business days after a request is received by us, unless extenuating circumstances exist.
Disclosure and retention of personal information
As part of providing our services, Shadforth may disclose your personal information to third party suppliers and contractors of services, banks or other financial institutions, customers, our professional advisers and our external service providers that provide services to us. In these cases, Shadforth expects these organisations to protect the privacy of that personal information.
We may also disclose your personal information if it is required or authorised by law, or where we are otherwise permitted by the PIPP Act, Privacy Act, other relevant legislation or authorized by you.
Your consent to disclose information for particular purposes may be sought by Shadforth or given by yourself for a specific purpose. In some cases, if you do not consent to certain uses of your personal information, we may not be able to provide you with the associated service or proceed with the associated activity.
Shadforth’ digital information is stored on servers within Australia. Shadforth takes all reasonable steps to ensure that it deals with reputable entities for the purposes of securely storing personal information.
Shadforth only retains personal information for periods required by law and or for as long as needed for our business operations. Otherwise Shadforth will take reasonable steps to securely destroy or permanently de-identify the personal information.
Website browsing links to other websites
Our website may contain links to third party websites. We do not operate these websites and therefore are not responsible for the collection or handling of personal information by the operators or owners of these websites.
Notifiable data breaches
Shadforth complies with the amendments to the Privacy Act, effective from 22 February 2018, in relation to notifiable data breaches.
A notifiable data breach happens when there is unauthorised access to, unauthorised disclosure of, or loss of, personal information which is likely to result in serious harm to the individual to whom the information relates.
Shadforth notifiable data breach plan ensures that it complies with the new requirements, including notification to the Office of the Australian Information Commissioner and affected individuals of certain types of data breaches, and can promptly respond to any suspected data breaches.
Making a complaint
If you believe that Shadforth has breached one or more of its privacy obligations in the performance of its functions, your complaint shall be addressed to Shadforth Human Resources. Please include a summary of the privacy concern or alleged breach and copies of any relevant documentation about the complaint.
Shadforth will investigate the complaint and will endeavour to respond to you within 30 business days unless extenuating circumstances exist. Shadforth will take immediate steps to remedy proven privacy concerns or breaches.
Lodging a complaint with the Office of the Australian Information Commissioner – personal information
If you do not receive a response from Shadforth after 30 days or if you are not satisfied with the response, you can then lodge a complaint with the OAIC (telephone: 1300 363 992). Further information on lodging a privacy complaint with the OAIC can be found at www.oaic.gov.au.
Enquiries and contacting us
Attention: Shadforth Human Resources
Telephone: 07 5458 3300
99 Sandalwood Lane
Forest Glen Queensland 4556.