Privacy Policy
Chartair is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We abide by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information. A copy of the Australian Privacy Principles may be obtained from The Office of the Australian Information Commissioner.
From time to time Chartair is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not limited to its customers, contractors, suppliers, employees and those seeking employment); in the performance of its business activities.
The information collected by Chartair will, from time to time, be accessible to certain individuals employed or engaged by Chartair who may be required to use the information in the course of their duties.
This document and associated Guidelines set out Chartair's policy and procedures in relation to the protection of personal information, as defined, under the Privacy Act 1988 (Cth) the ("Act"), which includes the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and the Australian Privacy Principles ("APP"). The APPs regulate the handling of personal information.
1. Scope
This policy applies to all employees, independent contractors, consultants and other workers engaged by Chartair and who have access to personal and/or information in the course of performing their duties.
2. Personal information
Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
For the purposes of this policy, sensitive information is included as ‘personal information’. Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, age, social origin, political opinions, membership of a political association, religious or philosophical beliefs, sexual orientation, gender identity, trade union activity or inactivity, or other professional body, criminal record or health information.
3. Kinds of information that Chartair collects and holds
Chartair collects personal information that is reasonably necessary for one or more of its functions or activities or if Chartair has received consent to collect the information. If Chartair collects sensitive information (as defined in our Policy Guidelines), Chartair will also have obtained consent in addition to the collection being reasonably necessary.
We collect your Personal Information for the primary purposes of providing our services to you, providing information to our clients and marketing, employment.
4. How Chartair collects and holds personal information
Chartair (and the employees acting on Chartair’s behalf) collect personal information only by lawful and fair means.
Chartair may collect personal information in a number of ways, including without limitation: through application forms (e.g. job applications, VIP and loyalty program applications); by email or other written mechanisms; over a telephone call; in person; through transactions; through Chartair website; through lawful surveillance means such as a surveillance camera; by technology that is used to support communications between individuals and Chartair; through publicly available information sources (which may include telephone directories, the internet and social media sites); and direct marketing database providers.
All personal information will be collected by Chartair will be managed in accordance with the APPs. Personal information is held in our secure customer and employee databases.
5. Use and Disclosure of Personal Information
The main purposes for which Chartair may use and/or disclose personal information may include but are not limited to: recruitment functions; customer service management; training and events; surveys and general research; and business relationship management.
Chartair may also collect, hold, use and/or disclose personal information if an individual consents – such as in direct marketing or if required or authorised under law.
6. Disclosure of Personal Information
Chartair may disclose personal information for any of the purposes for which it is was collected, as previously indicated or where it is under a legal duty to do so.
Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.
6.1 Cross-border disclosure of personal information.
Chartair may be likely to disclose personal information to overseas recipients in rare instances. Instances would most likely be related to IT or technical issues relating to our database. Before an employee on behalf of Chartair discloses personal information about an individual to an overseas recipient, the employee will take all steps that are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.
The country in which overseas recipients most likely to be located include USA.
7. Access to personal information
If Chartair holds personal information about an individual, the individual may request access to that information by putting the request in writing and sending it to the Senior Compliance Officer who acts as our Privacy Officer. Chartair will respond to any request within a reasonable period, and a charge may apply for giving access to the personal information where Chartair incurs any unreasonable costs in providing the personal information.
There are certain circumstances in which Chartair may refuse to grant an individual access to personal information. In such situations Chartair will provide the individual with written notice that sets out the reasons for the refusal; and the mechanisms available to you to make a complaint.
8. Correction of personal information
If Chartair holds personal information that is inaccurate, out-of-date, incomplete, irrelevant, or misleading, we will take all steps that are reasonable to correct the information.
If Chartair holds personal information and an individual makes a request in writing addressed to the Privacy Officer to correct the information, Chartair will take steps as are reasonable to correct the information and Chartair will respond to any request within a reasonable period.
If Chartair corrects personal information that it has previously supplied to a third party and an individual requests Chartair to notify the third party of the correction, Chartair will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so.
9. Integrity and security of personal information
Chartair will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date, and complete.
10. Data Breaches and Notifiable Data Breaches
A “Data Breach” occurs where personal information held by Chartair is accessed by, or is disclosed to, an unauthorised person, or is lost. An example of a Data Breach may include: lost or stolen laptops, tablets or mobile phone devices, where a database has been ‘hacked’ to illegally
obtain personal information; any incident or suspected incident where there is a risk that personal information may be misused or obtained without authority, employees providing confidential information to the Employer’s competitors.
If Chartair is aware of any actual or suspected Data Breach, it will conduct a reasonable and expeditious assessment to determine if there are reasonable grounds to believe that the Data Breach is a Notifiable Data Breach or not.
Subject to any restriction under the Act, in the event that Chartair is aware of a Notifiable Data Breach, Chartair will, as soon as practicable, prepare a statement outlining details of the breach and notify the individual(s) whose personal information was part of the Data Breach and the Office
of the Australian Information Commissioner.
Please refer to Policy Guidelines for further details and company procedures regarding data breaches.
11. Complaints
If you have any concerns, complaints, suggestions or questions as to how we may improve in this area, please contact our Senior Compliance Officer at the address below.
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy.
If you have any concerns, complaints, suggestions or questions as to how we may improve in this area, please contact our Senior Compliance Officer at our Darwin office.
12. Policy Updates
This policy may change from time to time and will be reviewed in line with relevant legislation.
Date: 18 May 2022
Aboriginal
and Torres Strait Islander viewers are advised that this website may contain images, voices and videos of deceased persons.
Website designed and developed by
Captovate