Privacy Training for Cloud Flow

Audience

This Policy document is for the use by all Cloud Flow employees and Cloud Flow Sub Contractors and their employees.

Introduction

Below are the in-depth points for each part of our privacy training. Cloud Flow handles a lot of sensitive and personal information.

Everything collected from our customers must be obtained with consent, and the customer must give us all information willingly.

We are not to share anything personal with anyone unless we have permission.

All credit cards details become invisible once entered in the system and must not be sent via chat or email. Once details have been stored, any other record of them must be deleted.

Please read below to see the in-depth explanation for how we should handle all this personal information. Which will include and is limited to:

Full Name
Email address
Postal/residential address
Home phone
Mobile Phone
Additional contact information
Credit card information/bank details

As a result of technology and growing privacy concerns, the 13 Australian Privacy Principles were introduced in 2014. These replaced the National Privacy Principles. The principles cover agencies and organisations (known as APP entities). They outline how information should be gathered, used and protected. They have been compiled from the Privacy Amendment (Enhancing Privacy Protection) Act 2012. Here we will discuss what they mean.

7.1. Open and Transparent Management of Personal Information

We must handle personal information with care, discretion and honesty. This includes having a policy in place which outlines how personal information will be managed. Our policy is found in our cloud storage and is readily available for you to view. Staff can review the Cloud Flow Privacy Policy V2.0 (document to be found in the Policy Training Manual).

7.2. Anonymity and Pseudonymity

We must accept that people can be anonymous or use a pseudonym when dealing with them. We must respect that, but obviously, we can’t input any anonymous data in our system for a lead or account.

7.3. Collection of Solicited Personal Information

Sensitive information cannot be obtained by us unless the person gives consent.

7.4 Dealing with Unsolicited Personal Information

In regards to the information that we receive but did not ask for, we must demonstrate that we could have collected that information with consent if we had solicited it. If we cannot demonstrate this, and if the information is not on any record within the Commonwealth, then we are obligated to destroy the information (if it is legal and reasonable).

7.5. Notification of the Collection of Personal Information

Within a reasonable time, we must notify a person about:

Our identity and contact details for Cloud Flow
If we obtained the information from someone else, and how they collected the information
If the collection of the information was mandatory according to Australian laws or court obligations
The reason why we have collected the information
What happens if only some information is collected
If another entity or similar entity collected the information
How the individual can access the information
How they may make a complaint
If we can share the information with an overseas body, and in which countries these overseas bodies reside in.

We have to make sure a person is aware of all these matters.

7.6. Use or Disclosure of Personal Information

We can only use information relevant to its purpose. This is unless the individual has consented. The information can be used or disclosed if the individual expects it to be used for another person as long as:

The information relates to the main purpose;
If it’s required pursuant to Australian law or court decisions; and other reasons.

7.7. Direct Marketing

Organisations cannot use the information for direct marketing, except for where:

The use of this information is understood by the individual;
The individual consented;
The organisation obtained the information in order to satisfy a contractual obligation.

The individual may also make a request not to receive direct marketing communications free of charge.

7.8. Cross-border Disclosure of Personal Information

We must make sure that any overseas recipient of the information complies with the Privacy Principles, except for where they are bound by laws that protect information. However, this must be similar to the protection provided by the Principles. Similarly, if the individual gives consent to the disclosure or if the disclosure is necessary under Australian law they are also exempt.

7.9. Adoption, Use or Disclosure of Government Related Identifiers

Organisations cannot use a government related identifier from an individual as its own identifier unless approved by an Australian law or court order. Using a government related identifier is also another exemption.

7.10. Quality of Personal Information

Any information obtained must be correct, complete, and up to date. We can only disclose and use information once we ensure it’s accurate, relevant and complete.

7.11. Security of Personal Information

We must protect information from misuse, loss, interference, disclosure, modification or unauthorised access. Information must also be destroyed or de-identified if it is no longer in use.

7.12. Access to Personal Information

Individuals must be able to access information when they request it. Exceptions include if they believe access to the information would pose a serious threat, it would impact the privacy of others, it would be unlawful, and more. This principle also serves to explain conditions of providing access, denying access and receiving requests.

7.13. Correction of Personal Information

The entity must ensure that they collect inaccurate, up to date, complete, relevant information that is not misleading. We must also notify other affected entities of the changes. If they refuse to correct information then they must notify the individual and set out reasons for the refusal.

7.14. Conclusion

These 13 principles are essential for Cloud Flow Pty Ltd that deals with the personal information of individuals. Privacy is a very serious matter, and the penalties for not complying are severe.