Scope
This Privacy Policy applies to personal information collected by Safety Assurance Management Pty Ltd trading as SAM4Schools for the management of OH&S compliance requirements which can be accessed via a web browser.
Collection
We usually collect personal information about individuals directly from those individuals or their authorised representative which include:
- Organisation name, email address, contact number, individual name, business details including address and ABN, certifications, qualifications and licences where applicable.
We sometimes collect personal information from a third party or from a publicly available source, but only if:
- the individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or
- if it is necessary for a specific purpose such as the investigation of a privacy complaint.
When you visit our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Cookies
As is very common, we use cookies on our website. Cookies are small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. We use cookies to improve the experience of people using our website.
Third party sites
Our site has links to other websites not owned or controlled by us. We are not responsible for these sites or the consequences of you going on to those sites.
Use and disclosure
We only use personal information for the purposes for which we collected it - purposes which are directly related to one of our functions or activities.
We do not give personal information about an individual to Government agencies, private sector organisations or anyone else unless one of the following applies:
- the individual has consented
- the individual would reasonably expect, or has been told, that information of that kind
is usually passed to those individuals, bodies or agencies
- it is otherwise required or authorised by law
- it will prevent or lessen a serious and imminent threat to somebody's life or health, or
- it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
Reporting Breaches
Safety Assurance Management Pty Ltd is committed to managing personal information.
Under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches NDB scheme requires organisations covered by the Act to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.
Where a privacy data breach is known to have occurred (or is suspected) any member of Safety Assurance Management staff who becomes aware of this must, within 24 hours, alert a Company Director in the first instance.
The Information that should be provided (if known) at this point includes:
- When the breach occurred (time and date)
- Description of the breach (type of personal information involved)
- Cause of the breach (if known) otherwise how it was discovered
- Which system(s) if any are affected?
- Which company department is involved?
- Whether corrective action has occurred to remedy or ameliorate the breach (or suspected breach)
Once notified of the information above, the Company Director must consider whether a privacy data breach has (or is likely to have) occurred and make a preliminary judgement as to its severity. Our company lawyers may be contacted for advice.
Changes
Please be aware that we may change this Privacy Policy in the future to take account of new laws and changes to our operation, the revised versions will be uploaded onto our website.
Data Security
The data is housed on a secure server hosted by the Microsoft Azure resource, the personal data resides in the Eastern Australia data centre. Communication between the administrator account and the server is protected by encryption during transit, and data is similarly encrypted when stored.
We take reasonable steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse.
Personal Data
It is an important to us that your personal data is up to date. We will take reasonable steps to make sure that your personal data is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please update the records asap.
Access to personal data is password protected, managed and is the responsibility of the individual clients.
Retention of Data
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.
Access
You have a right to access your personal information that we hold and ensure that it is correct. To access your personal information please contact our privacy officer with your request:
Resolving Privacy Issues
If you have any issues you wish to discuss with us or if you are concerned about how we have collected or managed your personal information please contact the privacy officer.
For information about privacy or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au or enquiries@oaic.gov.au and on 1300 363 992.
How to contact us
For further information contact us:
Greg Dawson
Privacy Officer
Safety Assurance Management Pty Ltd
PO Box 2109, Camberwell West
Camberwell VIC 3124
Telephone: 1300 100 458
Email: info@sam4schools.com.au
This Privacy Policy was last updated in December 2023.