Privacy policy

Effective 01 June 2024

1. Purpose

The purpose of this policy is to:

  • Ensure that employees, contractors, volunteers and clients of DL Communications understand their obligations under applicable legislation when dealing with Personal Information

  • Enable those who interact with DL Communications to understand what type of personal information we collect, and what we do with such information in performing our functions and to comply with our privacy obligations and

  • Set out DL Communications obligations in relation to responding to complaints about potential privacy breaches

DL Communications is committed to protecting the privacy of the Personal Information we collect and receive. We have a strong commitment to maintaining the security and integrity of Personal Information within our care.

DL Communications takes active steps to comply with applicable legislative obligations relevant to privacy.

2. Application

This policy applies to all employees, contractors, volunteers and clients of DL Communications and any member of the public who provides information.

3. TYPES OF INFORMATION HELD BY DL COMMUNICATIONS

DL Communications will hold a variety of types of Personal Information about its employees, contractors, clients and in some cases the general public. Information which DL Communications may routinely gather as part of its normal operations includes for example:

  • People’s names, addresses, birthdates, contact details and gender.

  • Employee salaries, super contributions, banking details, personnel records and performance information

  • Business prices, quote, invoices and contracts

  • Non-disclosure agreements, security clearance details, police clearances and signed declarations

3.1 Personal Information

Personal Information is information or an opinion whether true or not, about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; an whether the information or opinion is recorded in a material form or not. For example, a person’s home address, their telephone number, their banking details will be Personal Information

3.2 Sensitive Information

Sensitive Information is a type of Personal Information. Sensitive Information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, agreement to a non-disclosure agreement,Security Clearance Status and some types of biometric information.

For example, a person’s self-identification as Aboriginal, a person’s status as a member of the Australian Engineering Association, a person’s status as an atheist or a person’s conviction for theft or the status of a person’s security clearance will all be Sensitive Information.

3.3 Health Information

Health Information is a type of Sensitive Information. Health Information includes health and genetic information about a person. For example, an employee’s medical certificate for a day of sick leave, or a record of a person suffering a workplace injury will be Health Information.

4. The Purposes for which DL Communications collects, holds, uses and disclosures Personal Information

DL Communications collects, holds, uses and discloses Personal Information as a result of carrying out its normal operations consistent with the purposes and functions under its Constitution as reasonably necessary. These purposes and functions include for example:

  • Operational functions related to the services provided to employees such as Security Clearance processes, training course admission, administration, disciplinary functions and technical support

  • Matters relating to contract proposals, business development and tender submissions

  • Educational functions to do with training, assessment, and professional development.

  • Business as usual corporate functions such as finance, contracting, media and communications, marketing campaigns, publications, research, innovation, events management, IT, advisory functions, website maintenance and improvement and advocacy

5. The kind of information we collect and hold

The kind of Personal Information we collect and hold about individuals depends on the circumstances of collection and the nature of dealings with DL Communications.

For example, if a person:

  • Is an employee of DL Communications, we collect information including name, address, contact number, gender, date of birth, email address, banking details, superannuation information, tax details, Security Clearance status, Police Clearance results and other information related to employment with DL Communications.

  • Applies for a job at DL Communications, we collect the information included in an application for employment, including a cover letter, resume, contact details, referee reports, and Police Clearance checks.

  • Is a client of DL Communications, we collect contact information, ABN, banking details, credit information and other details as necessary to conduct effective business.

In all cases where we collect Personal Information, we seek to keep it updated and accurate.


5.1 Sensitive Information

DL Communications policy is only to collect Sensitive Information where it is reasonably necessary for our functions or activities and either:

  • The individual has consented; or

  • We are required or authorised by or under law to do so

For example, we may collect:

  • Information about an individual’s membership of other professional bodies;

  • Information about dietary requirements or mobility needs when we conduct events, seminars or conferences; or

  • Security clearance information that may be required to provide supporting evidence to Australian Government Security and Vetting Authority

How we use and hold personal information

6.1 Methods of collection

DL Communications only collects Personal Information by lawful and fair means. If it is reasonable and practicable, we will collect Personal Information we require directly from the individual.

DL Communications collects Personal Information in a number of standard ways, including:

  • By email or other electronic means such as websites, cookies or other electronic systems;

  • Over the telephone, including recordings;

  • Through written correspondence including letters, faxes, hard copy emails,applications, registration and other forms, and surveys;

  • In-person;

  • Through surveillance cameras in our premises;

  • From third parties including:

    • Education and training providers that provide training on our behalf

    • AGSVA

    • Department of Defence

    • Public sources, such as telephone directories, membership lists of businesses, professional and trade associations, public websites, SIC searches, bankruptcy searches and searches of court registries;

    • Australian Police Clearance authorised body;

    • Indirectly, through social media sites like Facebook, Twitter (X), Instagram, Google and others (to whom you have provided consent); and

    • Our partner businesses such as Elysium EPL

6.2 Collection Notices

Where DL Communications collects personal information directly from an individual, DL Communications policy is to take reasonable steps to notify them, including:

  • Our identity and how to contact us;

  • The purposes for which we are collecting the information;

  • Whether the collection is required or authorised by law or a court or tribunal order;

  • The third parties (or types of third parties) to whom we would normally disclose information of that kind;

  • Whether any information will be held or accessed overseas and, if practicable to specify, the countries; and

  • The fact that this Privacy Policy contains information about how to access and correct Personal Information and make privacy complaints (and how we will deal with those complaints).

We do this at or before the time of collection, or as soon as practicable afterwards. DL Communications will generally include these matters in a collection notice. For example, where Personal Information is collected on a paper or website form, we will generally include a collection notice, or a clear link to it, on the form.

Collection notices may provide more specific information than this Privacy Policy in relation to a particular collection of Personal Information. The terms of this Privacy Policy in relation to particular collection notices and in the terms and conditions of particular offers, products and services. We encourage you to read those provisions carefully.

Where DL Communications collects information about an individual from a third party, our policy is to take reasonable steps to make sure that the individual is made aware of the collection details listed above and, if unaware that we have collected the information, of the fact and circumstances of the collection.

6.3 Unsolicited Personal Information

Unsolicited Personal Information is Personal Information that DL Communications receives that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement). Unless the unsolicited Personal information is reasonably necessary for one or more of our functions or activities, DL Communications’ approach is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

7. Use and Disclosure of Personal Information

7.1 Use of Personal Information

Personal Information is kept until we are no longer legally obliged to keep it, or when the need for the Personal Information has passed (at which point it will be destroyed, deleted, or de-identified). Our purpose for collecting Personal Information will to a degree depend on the interaction with us.

For example, for our employees, our primary purposes for collection is to administer and provide appropriate functions in managing and processing employee requirements. We may be required by law or contract to provide personal information to contract partners or training establishments for the purposes of performing work or conducting training. In these circumstances, DL Communications generally provides this information on behalf ofemployees to streamline the function.

Other than in limited circumstances that are prescribed by law, we will not use an individual’s Personal Information without consent. Permitted exceptions, include where we are legally required to disclose, or to protect the personal safety of any individual or the public.

7.2 Use of Website Information

We routinely collect Personal Information and other information from visitors to our website through the use of cookies, identifiers for mobile devices and other electronic means. This information is used to improve website functionality, provide better services to our clients.

7.3 Disclosure of Personal Information to Third Parties

Under DL Communications policy, Personal Information will not be disclosed without consent, other than in certain limited circumstances. Those circumstances include where the disclosure is required or authorised under a legal obligation or where the individual might reasonably expect disclosure. It may therefore be necessary to disclose Personal

Information to bodies such as the Department of Defence, ASIC, ATO, AGSVA, or other bodies to enable DL Communications to carry out its functions.

In the case of contracted service providers, DL Communications may disclose Personal Information to the service provider and the service provider may in turn provide us with Personal Information collected from an individual in the course of providing the contracted products or services.

We will not ordinarily disclose Personal Information to anyone outside of Australia. Where DL Communications is permitted to disclose Personal Information to an overseas organisation, it will take all reasonable steps to ensure that organisation complies with the Australian Privacy Principles under the Privacy Act 1988 (C’th). DL Communications will also advise any individual of the countries where the Personal Information is to be disclosed if practicable.

8. Direct Marketing

DL Communications does not conduct direct marketing to individuals. For people who have opted to have their Resumes held on file for future roles, DL Communications may reach out where their Resume suits the role or where an appropriate opportunity exists.

8.1 Communication of Consent

An individual may communicate consent or withdrawal of a previous consent to DL Communication’s use of their Personal Information for direct contact in writing, verbally or electronically. DL Communications will clearly identify when an individual is choosing to consent or withdraw consent to receive direct contact regarding roles.

9. Data Quality and Security

DL Communications stores Personal Information in a number of ways, including in electronic databases and contact lists, and sometimes paper files held in secure drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities.

DL Communication’s policy is to take reasonable steps to:

  • Make sure that the Personal Information that we collect, use and disclose is accurate, up to date and complete and in the case of use and disclosure relevant;

  • Protect the Personal Information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and

  • Destroy or de-identify information that is no longer required.

All electronic storage of Personal Information is on ICT systems that are located within Australia. DL Communications does not use ICT systems that store data outside of Australia and will take all reasonable steps to ensure Personal Information we handle is done within Australia.

An individual can also help us keep information up to date by letting us know about any changes to Personal Information, such as email address or phone number. The steps we take to secure the Personal Information we hold include ICT security (such as endpoint detection response, anti-virus software, event monitoring, encryption, firewalls, authentication and authorisation controls), adherence to Australian Cyber Security Council’s Essential 8, secure office access, personnel security and training and workplace policies.

10. Access and Correction of Personal Information

An individual has a right to request access to the Personal Information that DL Communcations holds about them and also request its correction. Some information may be directly accessed and amended through SharePoint files. For any Personal Information that cannot be accessed and corrected through SharePoint or where an individual does not have access to SharePoint, the Privacy Officer can be contacted at enquiries@dl-communications.com.au to access or correct the Personal Information that we hold. We will ask to verify an individual’s identity before processing any access or correction requests to ensure that the Personal Information we hold is properly protected.

DL Communications will provide access to Personal Information subject to some exceptions permitted by law, including protecting others’ privacy. We may provide access in the manner requested provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it.

In the case of DL Communications employees, the employee must make a written request for access to HR. Employees may take notes from or photocopy material in their personnel file but must not remove any documents permanently.

If an individual asks DL Communications to correct Personal Information that we hold about them, or if we believe the Personal Information that we hold is inaccurate, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete,relevant and not misleading.

If DL Communications corrects Personal Information about an individual, and we have previously disclosed that information tto another agency or organisation that is subject to the Privacy Act 1988 (C’th), the individual may ask us to notifythat other entity. If so, DL Communications policy is to take reasonable steps to do s, unless this would be impracticable or unlawful.

Except in the case of more complicated request, DL Communications will endeavour to respond to access and correction requests within 30 days.

If DL Communications refuses an access or correction request, or if we refuse to give access in the manner requested, we will provide an individual with a written notice setting out:

  • The reasons for our refusal (except to the extent that it would be unreasonable to do

so); and

  • Available complaint mechanisms

In addition, if we refuse to correct Personal Information in the manner requested, an individual may ask us to include in the information a statement that the individual considers the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

11. Complaints

For complaints about how DL Communications has collected or handled Personal Information, please contact the Privacy Officer (details below).

Our Privacy Officer will endeavour in the first instance to deal with the complaint and take an steps necessary to resolve the matter within 10 working days. If the complaint can’t be resolved at the first instance, we will ask the individual to email

enquiries@dl-communications.com.au and provide details of the date, time and circumstances of the matter that is being complained about, how you believe privacy has been interfered with and how you would like your complaint resolved (Complaint).

We will endeavour to acknowledge receipt of the Complaint within five business days of receiving it and to complete our investigation into the complaint in a timely manner. This my include, for example, fathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.

In most cases, we expect that complaints will be investigated, and a response provided within 30 days of receipt of the Complaint. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.

Our response will set out:

  • The Privacy Officer’s findings; and

  • What action, if any, DL Communications will take to rectify the situation.

If an individual is unhappy with our response, a complaint can be made to the Office of the Australian Information Commissioner.

12. Retention of Personal Information

All Personal Information that has been collected by DL Communications will be kept for the time that is relevant to the purpose for which the Personal Information is to be used and for as along as required by applicable law.

When the Personal Information that we collect is no longer required, we destroy, delete or de-identify it in a secure manner.

In the case of DL Communications job applicants, all job applications and interview notes are retained for a period of six months after which they are securely destroyed. If an applicant consents, DL Communications may retain applications and interview notes for a longer period for consideration of further positions.

13. Further Information

Please contact DL Communications for any queries about the Personal Information that we hold or the way he handle that Personal Information. Our contact details for privacy queries and complaints are set out below.

For queries about the application or interpretation of this Policy or the APPs more generally, or if you are unsure as to whether particular information can be disclosed, please contact DL Communications Privacy Officer.

Privacy Officer

DL Communications Pty Ltd
2/13 Mackinnon Street
Rockingham WA 6169
Australia
E:enquiries@dl-communications.com.au

14. Amendment of This Policy

From time to time, our policies are reviewed and may be revised. We reserve the right to update or amend this Policy at any time. We will notify of any changes by posting an updated version of the Policy on our website. The amended statement will be effective on and from its uploading. The Directors may make amendments at any time.

15. Responsibilities

The Director is responsible for approval of policy and amendments. Employees must comply with the policy.

16. Glossary

  • Major Amendment: An amendment which materially changes the operation of the policy which is not otherwise a Minor Amendment

  • Employee: Means an individual who is employed by DL Communications, whether directly or as a sub-contractor

  • Minor Amendment: An amendment to style, to correct grammatical mistakes, to change overall formatting, to make updates which do not materially change meaning, or any other amendment, which in the opinion of the Privacy Officer, does not materially alter the operation of the policy.

  • Personal Information: Personal Information is information or an opinion whether true or not, about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or

17. Related Documents, Legislation and Policies

Privacy Act 1988 (C’th)
Spam Act 2003 (C’th)
Do Not Call Register Act 2006 (C’th)
General Data Protection Regulation ((EU) 2016/679)

Compliance

This policy complies with all relevant legislation, in particular:

  • Privacy Act 1988 (C’th)

  • Spam Act 2003 (C’th)

  • Do Not Call Register Act 2006 (C’th)

Guidance

Guidance may be issued by the Director regarding compliance with this policy.

18. Policy Review and Currency

This policy is to be reviewed:

  • No later than 2 years from the last approval date; or

  • Following any significant legislative change that affects this policy; or

  • Within 6 months following any significant operational or policy change decided by the Directors.