Heidelberg Graphic Equipment Ltd
Heidelberg respects the rights of the individuals with whom it interacts in conducting its business. One important right is the right to privacy and the protection of personal information. Heidelberg strives to uphold this right.
Heidelberg is bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) ("the Privacy Act").
Heidelberg has designed its information handling policies and practices to comply with the requirements under the Australian Privacy Principles (APPs) set out in the Privacy Act.
These APPs govern the way we collect, use, disclose and secure personal information as well as the access individuals may have to view, correct or update information held about them. Information may be held on Heidelberg's behalf by other service providers that Heidelberg may appoint.
Personal information is defined in the Privacy Act as: "Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not."
The following notes provide a brief explanation of the APPs as they apply to Heidelberg.
APP 1: Open and transparent management of personal information
Heidelberg will have a policy document outlining its management of personal information and make this available to anyone who asks.
This document serves as Heidelberg's policy on the management of personal information. It sets out in broad terms how Heidelberg will collect, use, disclose and secure personal information as well as the access individuals may have to view, correct or update such information. Further detail about specific areas of the personal information handling practices is available on request from the contact people noted at the end of this document.
APP 2: Anonymity and pseudonymity
Heidelberg will give individuals the option to interact anonymously or by using a pseudonym whenever it is lawful and practicable to do. Individuals should have the option of not identifying themselves when dealing with an organisation holding information about them. However due to the personal nature of employment benefits this may not be practical.
APP 3: Collection of solicited personal information
APP 4: Dealing with unsolicited personal information
APP 5: Notification of the collection of personal information
The collection of personal information will be by fair and lawful means.
At or before the time of collecting personal information, or if that is not practicable then as soon as practicable thereafter, Heidelberg will take steps, as are reasonable in the circumstances, to ensure an individual is aware of the following matters:-
i. Heidelberg's contact details;
ii. The purpose of collecting the personal information;
iii. Whether any personal information has been collected from a third party;
iv. Whether the collection of personal information is authorised by Australian law;
v. The consequences if the individual does not provide the personal information;
vi. Details of how an individual may lodge a complaint about a breach of the APPs;
vii. Details of other entities to which Heidelberg may disclose the personal information;
viii. Whether it is likely the personal information will be disclosed to overseas recipients and if so, to whom; and
ix. Details regarding how an individual may access the personal information and seek correction of such information.
Heidelberg collects and holds information relating to name, age, address, contact details, gender, employment, beneficiaries, tax file number and other information relevant to employment, credit and finance applications and the provision of employment benefits and opportunities. To the extent that insurance benefits are provided certain health information may need to be collected as well. Information may be collected either directly from the individual or, in some cases, from other persons - for example medical practitioners or insurers in the context of a disability or WorkCover claim, but generally this will only occur with the individual's consent.
Heidelberg will not collect sensitive information about an individual unless such collection is authorised by Australian law, the individual consents to the collection, or there is a permitted health or other general situation that exists in relation to the collection of the information.
Sensitive information is defined in the Privacy Act to be
(a) Information or an opinion about an individual's:
i. Racial or ethnic origin; or
ii. Political opinions; or
iii. Membership of a political association; or
iv. Religious beliefs or affiliations; or
v. Philosophical beliefs; or
vi. Membership of a professional or trade association; or
vii. Membership of a trade union; or
viii. Sexual orientation or practices; or
ix. Criminal record
That is also personal information; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) Biometric templates.
Examples of sensitive information include health information required to secure insurance benefits, or for the processing of an insurance claim. Heidelberg will generally only collect such information with the person's consent as required by the APPs.
APP 6: Use or disclosure of personal information
APP 7: Direct marketing
If personal information has been collected for a particular purpose, Heidelberg will not use or disclose the information for a secondary purpose unless the individual consents to same, or if the secondary purpose is related to the primary purpose (of collection) and the individual would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances, or in circumstances related to the public interest such as law enforcement and public or individual health and safety.
The information Heidelberg collects will be used principally for the purpose of managing the affairs of Heidelberg in assessing employment, credit and finance applications and providing employees with employment benefits and opportunities. Heidelberg will only use and disclose information about individuals in accordance with the terms of the privacy legislation.
If an individual decides not to provide the information requested, Heidelberg may not be able to assess applications for employment, credit and finance. In respect of employees, a decision not to provide information may affect employment opportunities or prevent Heidelberg undertaking its obligations as an employer.
Heidelberg may disclose some information it holds about individuals to third parties. For example:
- auditors, legal and professional advisers;
- insurance brokers, insurers and superannuation providers;
- Government regulatory bodies such as the Australian Taxation Office;
- business support service providers such as software suppliers, archive providers and mailing houses; and • other companies within the Heidelberg global network and their delegates and contractors.
APP 8: Cross-border disclosure of personal information
Before disclosing personal information about an individual to an overseas recipient, Heidelberg will take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to the information. However, it is not necessary for Heidelberg to take such steps if:-
- The overseas recipient is subject to laws that are substantially similar to the APPs; or
- The individual consents to the disclosure; or
- The disclosure is authorised by or under an Australian law; or
- The disclosure is to an enforcement body and is reasonably necessary for enforcement purposes.
APP 9: Adoption, use or disclosure of government related identifiers
Generally speaking Heidelberg must not adopt, use or disclose, a government related identifier of an individual as its own identifier.
Heidelberg will not use any personal identifiers issued by a government agency (for example a tax file number or Medicare number) as a personal identifier. For example, although legislation may require Heidelberg to provide an individual's tax file number it will only use that number for the purposes permitted by legislation and not as a general means of identification.
APP 10: Quality of personal information
Heidelberg will take reasonable steps to ensure the personal information it collects, uses or discloses is accurate, complete and up-to date.
APP 11: Security of personal information
Heidelberg will take reasonable steps to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure.
An individuals' personal information is held securely and steps are taken, in conjunction with other service providers to protect information held from misuse, interference, loss, unauthorised access, modification or disclosure. Some of those steps include:
- Physical access controls to the premises where information is kept.
- Computer and network security including password and other electronic protection.
- Training of staff on information handling processes.
- Secure off-site storage and audited disaster recovery practices.
Personal information may be retained for some period of time in accordance with relevant legislation and prudent business practice. This may vary according to the circumstances and type of information. When it is no longer necessary to retain the personal information it will be destroyed in a secure manner.
APP 12: Access to personal information
APP 13: Correction of personal information
All requests for access to personal information should be in writing. Heidelberg will aim to respond to the request within 30 days of receipt. If a request is made by telephone or by email, and Heidelberg accepts the request in that form, Heidelberg will take steps to confirm the identity of the individual and the right of that individual to access the personal information.
A charge may apply to providing access to personal information. Any charges that apply will be reasonable and relate to the cost of providing the personal information, having regard to the cost and complexity of fulfilling the request. An individual will be advised of any charges that apply at or before the time of making the request. There is no charge for merely lodging a request.
The APPs make allowance for circumstances in which a request for access to personal information can be refused. If such a circumstance arises an individual will be advised in writing on what basis access has been refused and how a complaint may be lodged in relation to same. Partial access will be given where possible.
If Heidelberg is satisfied that the personal information held about an individual is inaccurate, out-of-date, incomplete, irrelevant or misleading, steps will be taken to correct same.
An individual may also request Heidelberg to correct personal information. If Heidelberg believes that a correction should not be made, for example, because of disagreement about the accuracy of the information, alternatives will be discussed with the individual. Heidelberg will also provide the individual with a written notice setting out the reasons for the refusal and how a complaint may be lodged in relation to same.
Requests to correct personal information will generally be responded to within 30 days. The individual will not incur a fee for making the request or for any correction made to the personal information.
In the case of a disagreement about the accuracy of the information an individual can ask Heidelberg to include a statement in the personal information stating why the information is not accurate, complete or up to date. The individual will not be charged a fee for this statement.
Effective Date: 12 March 2014
APP 14: Use of tracking cookies in our marketing emails
If you opt in to a newsletter of Heidelberger Druckmaschinen AG or any of our other marketing emails,
the download of pictures or the click on a link in any of these emails is logged automatically
via an email tracking service of Click Dimensions. The usage information generated will be stored
on our server in Germany and used for statistical usage analysis. The results help us to improve
continuously the contents of our newsletter and to make the information displayed on our Website
more interesting for you.
If you do not agree with the storage and analysis of this data you can object to the storage and use
you can unsubscribe from the respective newsletter or by clicking on the following link from the
marketing emails: click here.
If an individual has any complaints about the handling of their personal information Heidelberg should be notified in writing. Heidelberg or its delegate will investigate the complaint with the general aim of responding within 30 days. Under superannuation legislation, which may also be relevant to the complaint, Heidelberg must respond within 90 days. If the complaint is valid Heidelberg will take steps to ensure that any interference with an individual's privacy is discontinued. If the complaint is not dealt with to the individual's satisfaction, the individual may wish to contact the Privacy Commissioner directly.
All complaints regarding personal information can be directed to the Heidelberg Privacy Officer.
Mr. Con Xanthos
2 Acacia Place, Notting Hill, VIC 3168
(03) 9263 3300
For further general Privacy information you can contact The Office of the Privacy Commissioner, or visit their web site on http://www.privacy.gov.au or read the National Privacy Principles at http://law.gov.au/privacy/royalnpp.htm.