Privacy policy
1. Policy Goals
Orana Enterprises is committed to maintaining the security and privacy of information provided to us by our employees, visitors, sub-contractors, contractors and customers. This policy document outlines our
ongoing obligations to those persons or businesses in respect of how we manage Personal Information.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
2. Obligations of the company
All company managers, workers, sub-contractors, volunteers, and other parties at Orana Enterprises are obliged to protect the privacy of any person who has provided us with information for use in company documents, systems, and procedures during the daily operation of the business. We will ensure that we make every possible effort to securely store and properly destroy information we collect to ensure it does not find its way into the hands of unwanted and unsolicited third-party entities.
At all times, we will treat your information with care, as if it were our own, to ensure that your identity and information are secure and only available to those people who need direct access to that information. We will not provide any of your information to any other party without first consulting directly with you to seek your permission.
In the event of a staff member suffering a medical emergency or condition where they are unable to provide consent to share their information, management assumes the right to share your information with medical practitioners despite any potential breach of privacy this may result in. In such situations, we are taking the “least-worst” approach to privacy of information.
Orana Enterprises is obliged in some instances to disclose personal information about staff members; however, this will only be done when it is required by the law, such as at the request of Police. Even in these cases, we will notify persons of interest of all such requests.
We adhere to the statutory tort for serious invasions of privacy, ensuring individuals can seek damages if their privacy is seriously invaded. Additionally, we comply with the new anti-doxing measures to prevent unauthorized release of personal data and adhere to the upcoming Children’s Online Privacy Code where applicable. We also acknowledge the new civil penalty provisions for breaches of privacy obligations.
3. Information we collect
During the course of our regular business activities and prior to any new worker being employed by Orana Enterprises, information will be collected that may be of a sensitive nature. Some of this information is required to ensure workers are paid correctly, that we accurately lodge superannuation payments or pay PAYG tax correctly. Other information helps us to verify licence details, postal and residential addresses, skills, training background and more.
This Personal Information is obtained in many ways including during interviews, correspondence, by telephone, text, fax or email, via our website or SMS or Facebook Messenger, from media and publications, from other publicly available sources such as your Social Networking profiles or from past employer or trade references.
4. How we store personal information
All Personal Information provided to us is stored in both hard copy and soft copy on company premises, computer systems and in “cloud based” storage services provided by Microsoft and Google.
Hard copy information is stored securely in company filing systems in the locked company offices. Access to these offices is only provided to those staff members or managers authorised to access such information. Should staff members wish to view the information contained within their employment file they are free to view the file at our offices during business hours. You do not need to provide advanced notice of your desire to do this. All staff members are welcome to view their personal document profile at any time.
Company accounting and computing systems store some Personal Information in soft copy or electronic form. This information is all securely stored, password protected and only available to company administration or upper management staff.
During 2024 management is working to improve cloud data security. We are actively working with our IT providers to increase the level of data security for the business by enforcing higher levels of password security and two-factor authentication protocols for all Office 365 accounts.
5. Disposal of Personal Information
On termination of employment any hard copy information collected is stored for seven years as the legally required term prior to being securely destroyed by an approved document disposal service.
Electronic information remains held in storage on company accounting systems and cloud storage services under password protection accessible only to approved company administration or management staff. Such stored information is deleted from company systems and disposed of only once minimum storage times have passed.
Personal Information collected in the process of incident reporting is stored for longer. In some cases, records of staff member health monitoring must be kept by a PCBU such as Orana Enterprises for 30 years and as a result, an electronic scanned or completed copy of all incident reports is kept on cloud storage services for a minimum of 30 years from date of incident.
6. Policy Application
This policy applies to all workers, contractors, visitors and other persons who may be directly involved with or affected by our business or undertakings. Any person working on an Orana Enterprises owned and/or managed site including, but not limited to, forest harvest sites, workshop and office facilities, mill/log/fibre yards, transport and logistics hubs and other places of business will abide by this policy.
This policy applies to all business operations and functions, including those situations where workers are required to work off-site, unsupervised or in autonomous situations.
This policy will be available to all staff in printed form in Safety Management Systems folders and via the company Google Drive library, MT Data in-truck electronic document libraries and SharePoint portal online library.
7. Review and Version Control
Management will review this policy annually, in consultation with workers:
- to assess the effectiveness of the policy
- by reviewing our overall health and safety performance
- by monitoring the effectiveness of policies and procedures.
Document version number: 01.04-08 Privacy policy
Last updated: 09/10/2024
Review date: 31/12/2025
Policy applies to: All Orana Enterprises employees, sub-contractors, workers
Contact who to update: Dwayne Kerrison – 0400 198 438
8. Policy authorisation
This policy is authorised and put into effect by the undersigned:
Name: Dwayne Kerrison
Position: General Manager – Orana Enterprises Pty Ltd
Date: 09/10/2024
9. Annual review notes
This policy is authorised and put into effect by the undersigned:
Name: Dwayne Kerrison
Position: General Manager – Orana Enterprises Pty Ltd
Date: 09/10/2024
| Version number | Review date | Notes / comments |
|---|---|---|
| 01.04-07 | 09/10/2024 | Document reviewed. Section 1 slight wording changes. Section 2 changes to reference new “doxing” protections and Children’s Online Privacy Code. |
