Privacy and Confidentiality Policy

Context: 

This policy ensures we protect and handle personal information in accordance with relevant privacy legislation. We acknowledge an individual’s right to privacy while recognising that personal information is required to be collected, maintained and administered in order to engage with you in providing service whilst also ensuring we provide a safe working environment and a high standard of quality customer service.

The information we collect is used to conduct business activities.

This policy applies to all personal information, including sensitive personal information, used and held by Paint and Sip Studios Australia for its customers, employees and any other persons engaged with Paint and Sip Studios in the course of its business.

Applicability

When

  • Applies to all personal information and sensitive personal information including the personal information of employee and customers. 
  • Applies to all company confidential information – that is any information not publicly available. 

Who

  • Applies to customers and all representatives including key management personnel, directors, full-time workers, part-time workers, casual workers, contractors and volunteers.

What is personal information? 

Personal information includes (regardless of its accuracy):

  • Name
  • Address
  • Phone number
  • Email address
  • Date of birth
  • Recorded opinions or notes about someone
  • Payment information not limited to credit card, PayPal or other forms of payment details
  • Any other information that could be used to identify someone or assist in providing service to you. 

What is sensitive personal information?

Sensitive personal information can include personal information that is normally private such as:

  • Health information
  • Ethnicity
  • Political opinions
  • Membership of a political association, professional or trade association or trade union
  • Religious beliefs or affiliations
  • Philosophical beliefs
  • Sexuality
  • Criminal record
  • Biometric information (such as fingerprints).

What is a data breach?

A data breach is a type of security incident where personal, sensitive or confidential information normally protected, is deliberately or mistakenly copied, sent, viewed, stolen or used by an unauthorised person or parties.

A data breach where people affected by the data breach are at risk of serious harm, as a result, is reportable to the Office of the Australian Information Commissioner.

Privacy and confidentiality guidelines

  • We are fully committed to complying with the privacy requirements of the Privacy Act, the Australian Privacy Principles and for Privacy Amendment (Notifiable Data Breaches) as required by Australian Business. 
  • Personal information will only be used by us and will not be shared outside the organisation without your permission unless required by law (e.g. where a court order is issued).

Security of information

  • We take reasonable steps to protect the personal information we hold against misuse, interference, loss, unauthorised access, modification and disclosure. 
  • Personal information is accessible to the customers and is able for use by relevant employees in providing service to customers.
  • Security for personal information includes password protection for IT systems, locked filing cabinets and physical access restrictions with only authorised personnel permitted access. 
  • Personal information no longer required is securely destroyed or de-identified.

Data Breaches

  • We will take reasonable steps to reduce the likelihood of a data breach occurring including storing personal information securely and accessible only by the relevant staff. 
  • If we know or suspect your personal information has been accessed by unauthorised parties, and we think this could cause you harm, we will take reasonable steps to reduce the chance of harm and advice you of the breach, and if necessary the Office of the Australian Information Commissioner. 

Breach of privacy and confidentiality

  • A breach of privacy and confidentiality is an incident-and the organisation will follow the incident management process. 
  • A breach of privacy and confidentiality may require an investigation.
  • An intentional breach of privacy and confidentiality will result in disciplinary action up to and including termination of employment.