ISO Experts take your privacy extremely seriously and are committed to ensuring that your personal information is protected in compliance with all applicable Australian laws. This policy describes what, why and how we collect and use your personal information, how we protect it and how you can contact us.

ISO Experts recognises that all clients have the right to be treated courteously, with dignity and respect; and that their personal information will be protected by complying with national privacy principles regarding the collection, use and disclosure of their private information and that their personal information will be kept confidential.

This policy explains the types of personal information that we may collect and hold, how that information is used and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about this information. Some of our services also have their own privacy policy which provide details of the use of your information by that service. These service-specific policies may apply in addition to or instead of this policy.

To provide a framework for all ISO Experts services and activities that: - Ensures the privacy, dignity and confidentiality of our clients and employees is respected and maintained at all times. - Outlines the sort of personal information held in relation to people supported, for what purposes, how that information is collected, held, used and disclosed. - Ensures those supported are aware of their rights and responsibilities in this matter - Meets the requirements of all relevant legislation.

A representative from ISO Experts is responsible for the collection of all new client information. The Recruitment and Training Manager is responsible for training of support staff in relation to requirements of this policy. A member of the ISO Experts management team is responsible for ensuring that client information is disclosed to appropriate individuals.

This policy relates to all individuals, including clients and staff that have personal information collected and held by ISO Experts.

Internally, this policy relates to all levels of management and staff of ISO Experts. Each relevant area of ISO Experts is required to consider and address compliance with these standards within divisional procedures, work instructions and forms.

ISO Experts will only collect personal information that is necessary for one or more of its legitimate functions or activities. Such information will be collected by lawful and fair means and not in an unreasonably intrusive way.

a) Dignity
ISO Experts commits to the use of pro-active processes and procedures to ensure that the dignity of all individuals is upheld and respected at all times. These processes and procedures are designed to keep information private, and to assist ISO Experts representatives with promoting human dignity and self-worth for all clients and staff.

b) Collection
At or before the time ISO Experts collects personal information from the subject of the information (or, if that is not practicable, as soon as practicable thereafter), ISO Experts will take reasonable steps to ensure that the subject of the information is aware of:

• ISO Experts identity and how to contact the organisation;
• the fact that he or she is able to gain access to the information;
• the purpose for which the information is collected;
• to whom (or the types of individuals or organisations to which) ISO Experts usually discloses information of this kind;
• any law that requires the particular information to be collected; and
• the main consequences (if any) for the individual if all or part of the information is not provided.

Where it is reasonable and practicable to do so, ISO Experts will collect personal information directly from the subject of the information. If ISO Experts collects the information from a third party (i.e. not directly from the subject), ISO Experts will take reasonable steps to ensure that the subject of the information is or has been made aware of the matters listed in the paragraph above.

c) Use
ISO Experts will not use personal information for a secondary purpose other than the primary purpose of collection unless:

• The secondary purpose is related to the primary purpose of collection and,
• if the personal information is sensitive information, directly related to the primary purpose of collection, and
• The subject of the information would reasonably expect ISO Experts to use the information for the secondary purpose, and the use is made in performance of a person's duties as an employee of ISO Experts; or
• The individual has consented to the use; or
• ISO Experts reasonably believes that the use is necessary to lessen or to prevent a serious and imminent threat to an individual's life, health or safety; or

1) A serious threat to the public health or public safety; or
2) ISO Experts has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
3) The use is required or specifically authorised by law; or
4) ISO Experts reasonably believes that the use is reasonably necessary for one or more of the following by or on behalf of an enforcement body
5) The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of law imposing a penalty or sanction or breaches of a prescribed law.

d) Disclosure
ISO Experts will only disclose personal information for a purpose other than the primary purpose of collection (a secondary purpose) if:

• The secondary purpose is related to the primary purpose of collection, the subject of the information would reasonably expect ISO Experts to disclose the information for the secondary purpose, and the disclosure is made in the performance of a person's duties as an employee of ISO Experts; or
• The individual has consented to/ requested the disclosure (e.g. to another service provider); or
• ISO Experts reasonably believes that the disclosure is necessary to prevent or lessen a serious and imminent threat to an individual's life or health; or
• The disclosure is required or specifically authorised by law.

e) Data Quality
ISO Experts takes reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up-to-date. ISO Experts uses its best endeavours to ensure that personal information is relevant, accurate, complete and up-to-date for the purpose for which it is to be used, both at the time of collection and before each use.

f) Data Security and Retention
ISO Experts takes reasonable steps to protect personal information it holds from misuse and loss and from unauthorised access, modification and disclosure. Furthermore, it takes reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.

g) Openness
ISO Experts has a clearly expressed policy on its management of personal information (Privacy Policy). This Privacy Statement will continue to be readily available.

On request, ISO Experts takes reasonable steps to let individuals know, generally, what sort of personal information it holds, for what purposes, and how it collects, uses, and discloses that information.

h) Access and Correction
Where ISO Experts holds personal information about an individual, it will provide the individual with access to the information on request, in a form or manner suitable to the individual's reasonable needs, except to extent that:

• providing access would pose a serious and imminent threat to the life or health of any individual; or
• providing access would have an unreasonable impact upon the privacy of other individuals; or
• the request for access is frivolous or vexatious; or
• the information relates to existing or anticipated legal dispute resolution proceedings between ISO Experts and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
• providing access would reveal ISO Experts intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
• providing access would be unlawful.

Individuals may request access to their information should they feel it is inaccurate, incomplete, misleading or not up-to-date, by contacting the ISO Experts Director’s via telephone or via written correspondence. Information will be provided via electronic format / postal service with one business days’ notice, or for those requesting to view information at the ISO Experts head office, with the provision of two business days’ notice.

i) Anonymity
Whenever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with ISO Experts. In instances where ISO Experts has an obligation to disclose information or statistics to government bodies, de-identified information (e.g. assigning a number in lieu of client name) will be provided to protect the privacy and dignity of all individuals.

j) Sensitive Information
ISO Experts will not collect personal information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or details of health, disability or sexual activity or orientation unless:

• the subject of information has consented; or
• the collection is required or specifically authorised by law; or
• the collection is necessary to prevent or lessen a serious and imminent threat to the life of any individual, where the subject of the information is physically or legally incapable of giving consent; or
• the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

k) Transfer/closure of service
In the event that ISO Experts is being sold, transferred or closed down and not continuing services, ISO Experts will give notice of the transfer or closure to all service users.