Sigma has adopted this Privacy Policy with respect to its collection,
use, storage and disclosure of information about individuals.
Sigma’s Privacy Officer is the company’s General Counsel.
If you have any issues regarding privacy with Sigma you should
contact your usual Sigma representative or the Privacy Officer.
| 1. |
Collection |
| |
1.1 |
Sigma will only
collect personal information that is necessary for its functions
or activities. |
| |
1.2 |
Sigma will only collect personal information by
lawful and fair means and in a way which is not unreasonably
intrusive. |
| |
1.3 |
When personal information is collected from an
individual (or, if that is not practicable, as soon as practicable
after) Sigma will take reasonable steps to ensure that the individual
is aware of: |
| |
|
(a) |
Sigma’s identity and how to contact it; |
| |
|
(b) |
the fact that they are able to gain access to
the information; |
| |
|
(c) |
the purposes for which the information is collected; |
| |
|
(d) |
the types of entities to which Sigma usually discloses
information of that kind; |
| |
|
(e) |
any law that requires the particular information
to be collected; and |
| |
|
(f) |
the main consequences (if any) for the individual
if all or part of the information is not provided. |
| |
1.4 |
Where reasonable and practicable to do so, Sigma
will collect personal information about an individual from that
individual. |
| |
1.5 |
If Sigma collects personal information from someone
other than the individual, it will take reasonable steps to
ensure that the individual is made aware of the matters listed
in subclause 1.3 except to the extent that making the individual
aware of the matters would pose a serious threat to the life
or health of any individual. |
| |
|
|
|
| Top |
|
|
|
| |
|
|
|
| 2. |
Use and disclosure |
| |
2.1 |
Sigma will only use or disclose personal information
for a purpose (the secondary purpose) other than the primary
purpose of collection if: |
| |
|
a) |
the secondary purpose is related to the primary
purpose of collection and, the individual would reasonably expect
the information to be used or disclosed for the secondary purpose;
or |
| |
|
b) |
the individual has consented to the use or disclosure;
or |
| |
|
c) |
the information is not sensitive information and
the use of the information is for the secondary purpose of direct
marketing where: |
| |
|
|
(i) |
it is impracticable for Sigma to
seek the individual’s consent before that particular use;
|
| |
|
|
(ii) |
the individual having been offered
the opportunity of declining to receive direct marketing communication
at no charge has not declined; |
| |
|
|
(iii) |
the individual has not made a request
to the organisation not to receive direct marketing communications;
|
| |
|
|
(iv) |
in each direct marketing communication
with the individual, Sigma draws to the individual’s attention,
or prominently displays a notice, that they may decline to receive
any further direct marketing communications; and |
| |
|
|
(v) |
each written direct marketing communication
by Sigma with the individual sets out Sigma’s contact
details; or |
| |
|
d) |
the information is health information
and the use or disclosure is necessary for research, or the
compilation or analysis of statistics, relevant to public health
or public safety where: |
| |
|
|
(i) |
it is impracticable for Sigma to
seek the individual’s consent before the use or disclosure;
|
| |
|
|
(ii) |
the use or disclosure is conducted in accordance
with guidelines approved by the Commissioner under section 95A
of the Commonwealth Privacy Act; and |
| |
|
|
(iii) |
in the case of disclosure Sigma reasonably believes
that the recipient of the health information will not disclose
the health information, or personal information derived from
the health information; or |
| |
|
e) |
Sigma reasonably believes that the use or disclosure
is necessary to lessen or prevent: |
| |
|
|
(i) |
a serious and imminent threat to an individual’s
life, health or safety; or |
| |
|
|
(ii) |
a serious threat to public health or public safety;
or |
| |
|
f) |
Sigma has reason to suspect that unlawful activity
has been, is being or may be engaged in, and uses or discloses
the personal information as a necessary part of its investigation
of the matter or in reporting its concerns to relevant persons
or authorities; or |
| |
|
g) |
the use or disclosure is required or authorised
by or under law; or |
| |
|
h) |
Sigma reasonably believes that the use or disclosure
is reasonably necessary for one or more of the following by
or on behalf of an enforcement body: |
| |
|
|
(i) |
the prevention, detection, investigation, prosecution
or punishment of criminal offences, breaches of a law imposing
a penalty or sanction or breaches of a prescribed law; |
| |
|
|
(ii) |
the enforcement of laws relating to the confiscation
of the proceeds of crime; |
| |
|
|
(iii) |
the protection of the public revenue; |
| |
|
|
(iv) |
the prevention, detection, investigation or remedying
of seriously improper conduct or prescribed conduct; |
| |
|
|
(v) |
the preparation for, or conduct of, proceedings
before any court or tribunal, or implementation of the orders
of a court or tribunal. |
| |
2.2 |
If Sigma uses or discloses personal information
under paragraph 2.1(h), it must make a written note of the use
or disclosure. |
| |
2.3 |
Despite subclause 2.1, Sigma may disclose health
information about an individual to a person who is responsible
for the individual if: |
| |
|
(a) |
the individual: |
| |
|
|
(i) |
is physically or legally incapable of giving consent
to the disclosure; or |
| |
|
|
(ii) |
physically cannot communicate consent
to the disclosure; |
| |
|
(b) |
Sigma is satisfied that either: |
| |
|
|
(i) |
the disclosure is necessary to provide appropriate
care or treatment of the individual; or |
| |
|
|
(ii) |
the disclosure is made for compassionate reasons;
and |
| |
|
(c) |
the disclosure is not contrary to
any wish: |
| |
|
|
(i) |
expressed by the individual before the individual
became unable to give or communicate consent; and |
| |
|
|
(ii) |
of which the carer is aware, or of which the carer
could reasonably be expected to be aware; and |
| |
|
(d) |
|
the disclosure is limited to the
extent reasonable and necessary for a purpose mentioned in paragraph
(b). |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 3. |
Data quality |
| Sigma will take reasonable steps to ensure that
the personal information it collects, uses or discloses is accurate,
complete and up-to-date. |
| |
|
|
|
|
| 4. |
Data security |
| |
4.1 |
Sigma will take reasonable steps
to protect the personal information it
holds from misuse and loss and from unauthorised access, modification
or disclosure. |
| |
4.2 |
Sigma will take reasonable steps
to destroy or permanently de-identify personal information if
it is no longer needed. |
| |
|
|
|
|
| 5. |
Openness |
| |
5.1 |
This Privacy Policy sets out Sigma’s
corporate policy on management of personal information and is
available to anyone who asks for it. |
| |
5.2 |
On request, Sigma will take reasonable
steps to let a person know, generally, what sort of personal
information it holds, for what purposes, and how it collects,
holds, uses and discloses that information about that person.
|
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 6. |
Access and correction |
| |
6.1 |
Sigma will provide an individual
with access to the information on request by the individual,
except to the extent that: |
| |
|
(a) |
in the case of personal information
other than health information providing access would pose a
serious and imminent threat to the life or health of any individual;
|
| |
|
(b) |
in the case of health information
providing access would pose a serious threat to the life or
health of any individual; |
| |
|
(c) |
providing access would have an unreasonable
impact upon the privacy of other individuals; |
| |
|
(d) |
the request for access is frivolous
or vexatious; |
| |
|
(e) |
the information relates to existing
or anticipated legal proceedings between Sigma and the individual,
and the information would not be accessible by the process of
discovery in those proceedings; |
| |
|
(f) |
providing access would reveal the
intentions of Sigma in relation to negotiations with the individual
in such a way as to prejudice those negotiations; |
| |
|
(g) |
providing access would be unlawful; |
| |
|
(h) |
denying access is required or authorised
by or under law; |
| |
|
(i) |
providing access would be likely
to prejudice an investigation of possible unlawful activity;
or |
| |
|
(j) |
providing access would be likely
to prejudice: |
| |
|
|
(i) |
the prevention, detection, investigation, prosecution
or punishment of criminal offences, breaches of a law imposing
a penalty sanction or breaches of a prescribed law; |
| |
|
|
(ii) |
the enforcement of laws relating
to the confiscation of the proceeds of crime; |
| |
|
|
(iii) |
the protection of the public revenue; |
| |
|
|
(iv) |
the prevention, detection, investigation or remedying
of seriously improper conduct or prescribed conduct; |
| |
|
|
(v) |
the preparation for, or conduct of, proceedings
before any court or tribunal, or implementation of its orders; |
| |
|
|
by or on behalf of an enforcement
body; or |
| |
|
(k) |
an enforcement body performing a
lawful security function asks Sigma not to provide access to
the information. |
| |
6.2 |
However, where providing access would
reveal evaluative information generated within Sigma in connection
with a commercially sensitive decision making process Sigma
may give the individual an explanation for the commercially
sensitive decision rather than direct access to the information. |
| |
6.3 |
If Sigma is not required to provide
the individual with access to the information because of one
or more of paragraphs 6.1(a) to (k) (inclusive), Sigma will,
if reasonable, consider whether the use of mutually agreed intermediaries
would allow sufficient access to meet the needs of both parties. |
| |
6.4 |
Sigma may charge a fee reasonable
for providing access to personal information, (but not for lodging
a request for access): |
| |
6.5 |
If Sigma holds personal information
about an individual and the
individual is able to establish that the information is not
accurate, complete and up to date, Sigma will take reasonable
steps to correct the information so that it is accurate, complete
and up to date. |
| |
6.6 |
If the individual and Sigma disagree
about whether the information is accurate, complete and up to
date, and the individual asks Sigma to include with the information
a statement claiming that the information is not accurate, complete
or up to date, Sigma will take reasonable steps to do so. |
| |
6.7 |
Sigma will provide reasons for denial
of access or a refusal to correct personal information. |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 7. |
Identifiers |
| |
7.1 |
Sigma will not adopt an identifier
of an individual that has been assigned by: |
| |
|
(a) |
an agency; |
| |
|
(b) |
an agent of an agency acting in its
capacity as agent; |
| |
|
(c) |
a contracted service provider for
a Commonwealth contract acting in its capacity as contracted
service provider for that contract, unless |
| |
|
(d) |
the use or disclosure is necessary
for Sigma to fulfil its obligations to the agency; or |
| |
|
(e) |
one or more of paragraphs 2.1(e)
to 2.1(h) (inclusive) apply to the use or disclosure; or |
| |
|
(f) |
the use or disclosure is by a prescribed
organisation of a prescribed identifier in prescribed circumstances. |
| |
7.2 |
However, subclause 7.1 does not apply
to the adoption by a prescribed organisation of a prescribed
identifier in prescribed circumstances. |
| |
7.3 |
In this clause: |
| |
|
identifier includes a number assigned
by Sigma to an individual to identify uniquely the individual
for the purposes of the organisation’s operations. However,
an individual’s name or ABN (as defined in the A New Tax
System (Australian Business Number) Act 1999) is not an identifier. |
| |
|
|
|
|
| 8. |
Anonymity |
| Wherever it is lawful and practicable, individuals
will have the option of not identifying themselves when entering
into transactions with Sigma. |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 9. |
Transborder data flows |
| Sigma will only transfer personal information
about an individual to someone (other than the organisation
or the individual) who is in a foreign country if: |
| |
(a) |
Sigma reasonably believes that the
recipient of the information is subject to a law, binding scheme
or contract which effectively upholds principles for fair handling
of the information that are substantially similar to the National
Privacy Principles; or |
| |
(b) |
the individual consents to the transfer;
or |
| |
(c) |
the transfer is necessary for the
performance of a contract between the individual and Sigma,
or for the implementation of pre-contractual measures taken
in response to the individual’s request; or |
| |
(d) |
the transfer is necessary for the
conclusion or performance of a contract concluded in the interest
of the individual between Sigma and a third party; or |
| |
(e) |
all of the following apply: |
| |
|
(i) |
the transfer is for the benefit of
the individual; |
| |
|
(ii) |
it is impracticable to obtain the
consent of the individual to that transfer; |
| |
|
(iii) |
if it were practicable to obtain
such consent, the individual would be likely to give it; or |
| |
(f) |
Sigma has taken reasonable steps
to ensure that the information which it has transferred will
not be held, used or disclosed by the recipient of the information
inconsistently with the National Privacy Principles. |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 10. |
Sensitive information |
| |
10.1 |
Sigma will not collect sensitive
information about an individual unless: |
| |
|
(a) |
the individual has consented; |
| |
|
(b) |
the collection is required by law;
|
| |
|
(c) |
the collection is necessary to prevent
or lessen a serious and imminent threat to the life or health
of any individual, where the individual whom the information
concerns: |
| |
|
|
(i) |
is physically or legally incapable of giving consent
to the collection; or |
| |
|
|
(ii) |
physically cannot communicate consent to the collection; or |
| |
|
(d) |
the collection is necessary for the
establishment, exercise or defence of a legal or equitable claim. |
| |
10.2 |
Despite subclause 10.1, Sigma may
collect health information about an individual if: |
| |
|
(a) |
the information is necessary to provide
a health service to the individual; and |
| |
|
(b) |
the information is collected: |
| |
|
|
(i) |
as required by law (other than this Act); or |
| |
|
|
(ii) |
in accordance with rules established by competent
health or medical bodies that deal with obligations of professional
confidentiality which bind the organisation. |
| |
10.3 |
Despite subclause 10.1, Sigma may
collect health information about an individual if: |
| |
|
(a) |
the collection is necessary for any
of the following purposes: |
| |
|
|
(i) |
research relevant to public health or public safety; |
| |
|
|
(ii) |
the compilation or analysis of statistics relevant
to public health or public safety; |
| |
|
|
(iii) |
the management, funding or monitoring
of a health service; |
| |
|
(b) |
that purpose cannot be served by
the collection of information that does not identify the individual
or from which the individual’s identity cannot reasonably
be ascertained; |
| |
|
(c) |
it is impracticable for Sigma to
seek the individual’s consent to the
collection; and |
| |
|
(d) |
the information is collected: |
| |
|
|
(i) |
as required by law (other than this
Act); |
| |
|
|
(ii) |
in accordance with rules established
by competent health or medical bodies that deal with obligations
of professional confidentiality which bind the organisation;
or |
| |
|
|
(iii) |
in accordance with guidelines approved
by the Commissioner under section 95A for the purposes of this
subparagraph. |
| |
10.4 |
If Sigma collects health information
about an individual in accordance with subclause 10.3, it will
take reasonable steps to permanently de-identify the information
before it discloses it. |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 11. |
Requests for Information |
| |
11.1 |
Sigma will provide an individual
with access to information which is held about them. The nature
and timing of access will be agreed between Sigma and the individual. |
| |
11.2 |
A request for access to personal
information must be in writing, specify the information sought
and may be made to an individual’s usual contact at Sigma
or the Privacy Officer. Adequate identification by or authority
from an individual must be supplied to Sigma before any personal
information will be provided. |
| |
11.3 |
Access to personal information will
be provided within 10 business days of receiving a request.
If this can not be complied with Sigma will advise with in that
period when access will be provided. |
| |
11.4 |
Sigma may charge a reasonable fee
for providing access to personal information. |
| |
11.5 |
Any concerns or difficulties regarding
a request for personal information should be referred to the
Privacy Officer. |
| |
|
|
|
|
| Top |
|
|
|
| |
|
|
|
| 12. |
Complaints |
| |
12.1 |
Any complaint by an individual regarding
Sigma’s management or handling of personal information
should be directed to Sigma’s Privacy Officer. Contact
details are set out at the commencement of this Policy. |
| |
12.2 |
To enable a complaint to be properly
understood and acted upon it is requested that it be made in
writing, specifying the personal information involved and the
contact or process at Sigma the subject of the complaint. |
| |
12.3 |
All complaints will be acknowledged
within 3 business days of receipt. Contact details of the person
in Sigma dealing with the complaint and the Privacy Officer
will also be advised to the individual making the complaint
at this time. |
| |
12.4 |
Complaints will be responded to within
15 business days. If this is not possible the individual will
be advised as to when Sigma expects to be able to respond. |
| |
12.5 |
If Sigma’s response does not
resolve the complaint Sigma and the individual will in good
faith promptly agree a process and time frame for dealing with
the complaint. |
| |
|
|
|
| Top |
|
|
|
