Cornucopia respects the privacy of all employees, clients, business partners, pledgers, and others and is committed to safeguarding the personal information that is provided to us.
Cornucopia takes all reasonable steps to ensure that your personal information and sensitive information is protected and treated confidentially. This includes protecting your privacy in accordance with the Privacy Act 1988 (as amended) and the Australian Privacy Principles.
Cornucopia only uses personal information for the purpose(s) for which it was given to us and for directly related purposes (unless otherwise required by or authorised by law) or as consented to by the individual concerned.
Cornucopia ensures all data collected is protected and secure against unauthorised access, alteration or deletion.
Any personal or sensitive information that Cornucopia has acquired is accessed only by those who have the authority to do so.
The purpose of these procedures is to provide guidelines for the management of personal information collected by Cornucopia.
“Personal information” – means information or an opinion (including information forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is reasonably apparent, or can be reasonably ascertained, from the information or opinion.
“Sensitive information” – means any information about a person’s individual preferences, race, religion, political opinions, affiliations, philosophy, memberships, health, genetic or criminal record.
Collection of personal information
We adhere to the Privacy Act 1988 (Cth), all other applicable privacy legislation and guidelines issued by the Office of the Australian Information Commissioner and similar regulatory bodies when we collect, use, disclose, store, provide access to, or otherwise deal with your personal information.
It is our usual practice to collect personal information directly from the individual or their authorised representative.
Sometimes we collect personal information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way.
In some circumstances we may receive personal information about third parties from individuals who contact us and supply us with the personal information of others in the documents they provide to us.
We only collect personal information for purposes which are directly related to our functions or activities under the Privacy Act, and only when it is necessary for or directly related to such purposes. We also collect personal information related to employment services, human resources management, and other corporate service functions.
Use and disclosure
We only use personal information for the purposes for which it was given to us, or for purposes which are directly related to one of our functions or activities, and we do not give it to government agencies, organisations or anyone else unless one of the following applies:
- The individual has consented
- The individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
- It is otherwise required or authorised by law
- It will prevent or lessen a serious and imminent threat to somebody’s life or health
- It is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
We do not disclose personal information to any overseas recipients.
We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system, securing paper files in locked cabinets and physical access restrictions.
When no longer required, personal information is deleted, de-identified or destroyed in a secure manner.
Access and correction
If an individual requests access to the personal information we hold about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act, FOI Act or other relevant law to withhold the information, or not make the changes.
If we do not agree to provide access to personal information or to amend or annotate the information, we hold about them, the individual may seek a review of our decision or may appeal our decision under the FOI Act.
If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record.
If an individual believes that the Australian Privacy Principles have been breached in relation to personal or sensitive information provided to Cornucopia, they have the right to make a complaint and have it investigated and dealt with under this procedure.
If you have a complaint about Cornucopia’s privacy practices or handling of your personal or sensitive information, please contact the Privacy Officer (contact details below).
Once a complaint has been made, we will try to resolve the matter in the following ways:
Request for further information: we may request further information from you, and you should be prepared to provide us with as much information as possible including details of any relevant dates and documentation. This will allow us to investigate your complaint and determine an appropriate solution. All details provided will be kept confidential.
Discuss options: we will discuss options for resolution with you and you should raise any suggestions as to how the matter might be resolved with the Privacy Officer.
Investigation: we will investigate your complaint and will do so within a reasonable timeframe. We may need to contact others in order to proceed with our investigation.
If your complaint is found to be substantiated you will be informed of this finding and we will then take the appropriate steps to resolve the complaint, address your concerns and prevent the problem from recurring.
If the complaint is not substantiated or cannot be resolved to your satisfaction and this policy has been followed the issue may be referred to an appropriate intermediary.
If you are still not satisfied with the outcome you are free to take your complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au
We will keep a record of your complaint and the outcome.
We are unable to deal with anonymous complaints because we are unable to investigate or follow up. However, in the event that an anonymous complaint is received we will note the issue raised and, if appropriate try to investigate and resolve.
Privacy Officer contact details
Phone: 07 3055 8900
Mail: Privacy Officer
GPO Box 166, Brisbane Qld 4001