Privacy Policy
1 Introduction
Protecting privacy is a
fundamental part of Fremantle Ports’ business. This Privacy Policy (Policy) governs the collection, use,
disclosure and handling of personal information collected through Fremantle
Ports’ (“we”, “our”, or “us”). The
Policy is designed to tell you what will happen to, and how we use the personal
information that we collect.
As a government trading
enterprise, Fremantle Ports (with the exception of the Maritime Security
Identification Card [MSIC] Office)
is not bound by or required to
operate in accordance with the Australian
Privacy Principles (APPs) established under the Privacy Act 1988 (Cth) (the
Act). Nonetheless, Fremantle Ports aims to comply with best practice to
ensure personal information and sensitive information collected, held,
disclosed and used by Fremantle Ports is handled in accordance with the privacy
principles. We will only collect, use or disclose personal information in
accordance with the Act and this Policy.
This
best practice Policy has been developed in accordance with, or bearing in mind,
the operation of and the requirements of the APPs and the Western Australian
Ombudsman’s Guidelines for the Management of Personal Information.
1.1 Definitions
1.1.1
Personal
information
Personal information means
information or an opinion about an identified individual, or an individual who
is reasonably identifiable:
a)
whether
the information or opinion is true or not
b)
whether
the information or opinion is recorded in a material form or not.
1.1.2
Sensitive
information
Sensitive
information means:
(a)
information
or an opinion about an individual’s:
i.
racial
or ethnic origin
ii.
political
opinions
iii.
membership
of a political association
iv.
religious
beliefs or affiliations
v.
philosophical
beliefs
vi.
membership
of a professional or trade association
vii.
membership
of a trade union
viii.
sexual
orientation or practices
ix.
criminal
record
(b)
health
information about an individual
(c)
genetic
information about an individual that is not otherwise health information
(d)
biometric
information that is to be used for the purpose of automated biometric
verification or biometric identification
(e)
biometric
templates.
2
Principles
2.1
Collection
Fremantle
Ports collects personal and sensitive information to fulfil its
responsibilities and activities, provide services and information to
stakeholders, engage with the community and comply with the law. As per APP3,
Fremantle Ports will collect personal or sensitive information from an
individual only if it is necessary for execution of a function or activity and
will do so in a lawful, fair and not unreasonably intrusive way. Further, in
accordance with APP3.6(b), Fremantle Ports will only collect personal
information about an individual from the individual itself, unless it is
unreasonable or impracticable to do so.
If
an individual chooses not to provide certain personal information to us, we may
not be able to action or respond to the request, or undertake the required
services or work.
2.1.1
Information
collected by Fremantle Ports
Fremantle
Ports hold a range of information on individuals that falls within the
definition of personal or sensitive information. These types of information
include, but are not limited to, the following:
(a)
personal details such as name, address, phone number,
email, date of birth, gender, citizenship, driver’s license details or other
forms of identification
(b)
account numbers, card details, payment and financial
information including superannuation and insurance
(c)
work health safety records including training
certificates, licenses, permits and certificates of competency
(d)
health information such as medical certificates,
disclosures of pre-existing medical conditions, drug and alcohol tests, medical
reports, reports of injuries and health declarations
(e)
working history, academic records, professional
associations, opinions from a referee as well as third party checks such as
police checks, recruitment tools such as psychometric tests and other
background checks
(f)
compliments,
complaints, testimonials and feedback including opinions in a survey, response
to an initiative or a project
(g)
photographic
likeness, images, audio or voice recording
(h)
information
collected from media sites, social media channels and newsletter subscriptions
and
(i)
any
other information provided or volunteered by you from time to time.
2.1.2
How we collect this information
We collect personal information directly from you, or someone authorised
on your behalf. We may also generate our own records of our interactions,
including records relating to Fremantle Ports’ safety functions, and engagement
with members of the public to obtain their views, concerns and complaints.
Personal information may be collected through the following means:
a)
in person
b)
by phone
c)
by email or post
d)
by radio
e)
CCTV and/or voice recording
f)
our Human Capital Management and Enterprise Resource
Planning Systems (Systems)
g)
recruitment agencies
h)
social media pages
i)
search engines
j)
participation in community events
k)
visits to our premises
l)
tender documents
m)
supplier contracts
n)
employment applications
o)
indirectly through police and medical providers and
p)
cookies (see Attachment A: Cookies
Policy
for further information on how we use cookies).
You
may also volunteer personal information which we do not request. We will inform
you at the time of collecting your personal information of the purpose for
collecting it or otherwise as soon as practicable after the collection. This
will either be in writing or orally.
2.1.3
Sensitive information
Fremantle
Ports will not collect, use or disclose sensitive information (for example,
information about the health of an individual, their racial or ethnic origins,
or their political or religious beliefs) except with the individual’s specific
consent.
2.2 Use and disclosure
As per APP6, Fremantle Ports will use or
disclose personal or sensitive information collected from an individual to:
a)
permit
you access to applications and platforms of Fremantle Ports, including our
Systems
b)
inform,
review, assess or consider proposals and delivery of our projects as part of a
tender or procurement process
c)
process
and account for expenditure, revenue and billing of customers, tenants and
vendors
d)
provide
a service or supply information which has been requested (for example marine
surveys and changes to shipping movement)
e)
respond
to and investigate your enquiry/feedback/complaint
f)
manage
a person’s employment or business relationship with us
g)
identify
individuals for the purposes of processing applications, including, but not
limited to, MSIC applications and employment applications
h)
process
your employment application and obtain references and police checks
i)
contact
you about and administer our events, workshops and seminars we think may be of
interest to you
j)
contact
you about business development opportunities and Fremantle Ports projects that
we think may be of interest to you
k)
communicate
with the community, government and other stakeholders about Fremantle Ports’
activities
l)
respond
to and investigate incidents that have occurred in the Fremantle Ports premises
m)
manage
and ensure personal and transport safety within the Fremantle Ports premises
and other maritime security zones
n)
maintain,
construct and/or remediate land and marine infrastructure
o)
create
aggregate data about Fremantle Ports customers
p)
run
competitions and
q)
comply
with our legal obligations and reporting requirements.
Fremantle Ports will only use your personal or
sensitive information to the extent that it is deemed necessary to fulfil the
above purposes. We may use your personal information for a secondary purpose
related to the purposes above (directly related if it is sensitive
information), but only if we believe you would reasonably expect us to use or
disclose the information for that secondary purpose.
2.2.1
Disclosure
to third parties
Fremantle Ports will only disclose your
personal or sensitive information to other third parties to the extent
necessary to carry out the purposes outlined at section 2.2 of this policy.
Fremantle Ports may be required to disclose
personal or sensitive information to government agencies and local government
authorities. These include:
a)
Department
of Finance
b)
Australia
Taxation Office
c)
Police,
Corruption and Crime Commission
d)
Public
Sector Commission
e)
Department
of Transport and
f)
Regional
Security and GESB
for taxation, superannuation, security or
legal reasons. Fremantle Ports does not provide personal information to other
parties, although aggregate de-identified data (such as a parliamentary
inquiry) may be provided on request.
2.3
Disclosure
to overseas recipients
As per APP8, Fremantle Ports will, unless it
is necessary to facilitate the provision of a particular product or service,
attempt to avoid the disclosure of any of the personal information to overseas
recipients.
2.4
Exceptions
to general use and disclosure of personal and sensitive information
Personal information may be used for limited
purposes other than for which it was collected, including:
a)
with
the consent of the person concerned
b)
to contact individuals in the event of an emergency or
crisis situation
c)
to
prevent a serious threat to a person’s health or life
d)
as
required or authorised by law
e)
where
reasonably necessary for the enforcement of criminal or revenue law.
Any individual in doubt as to whether they are
able to use or disclose a given type or piece of personal or sensitive
information should contact us (see below at section 2.5.1 of this Policy).
2.5
Access
As
per APP12, Fremantle Ports will facilitate an individual’s access to, and the
correction of personal information provided to us.
2.5.1 Access to personal and sensitive information
Individuals
are able to make an enquiry about the status of the personal information
Fremantle Ports have collected via [email protected] and through Freedom of Information. The Freedom of Information Act
1992 (WA) provides members of the public with the right to apply for access to or to make changes to
personal information held by Fremantle Ports in accordance with the Fremantle
Ports Information Statement.
2.5.2
Complaints
Individuals
who have any questions or concerns about our collection, use or disclosure of
personal information, or if you believe that we have not complied with this
Policy or the Act, can make an enquiry or complaint via [email protected].
We
expect our procedures will deal fairly and promptly with your complaint.
However, if you remain dissatisfied, you can also make a formal complaint with
the Office of the Australian Information Commissioner (which is the regulator
responsible for privacy in Australia):
Office of the Australian Information
Commissioner (OAIC) Complaints must be made
in writing | |
( | 1300 363 992 |
* | Director of Compliance Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001 |
8 | www.oaic.gov.au |
2.6
Dealing
with individuals anonymously or via a pseudonym
As per APP2, Fremantle Ports cannot deal with
requests to deal with individuals anonymously or by pseudonym because it would
be impracticable for it to do so due to the nature of Fremantle Ports’ business,
and because in some instances it would be unlawful for Fremantle Ports to do
so.
2.7
Storage
and security of Information
As
per APP11, Fremantle Ports has an obligation to ensure that information is only
used for authorised purposes and is protected from theft, unauthorised
disclosure or inappropriate use. Such information must also not be used for
personal benefit.
Fremantle
Ports employs a number of different strategies to protect personal or sensitive
information. Depending on the service
and the nature of the personal information, these include:
a)
encryption technologies
b)
firewalls and instruction detection systems
c)
virus protection
d)
restricted access
e)
regular vulnerability and penetration testing
f)
security policies and staff training
g)
access controlled electronic storage on and off-site
h)
access controlled physical storage on and off site.
Fremantle Ports adopts a risk-based approach in
assessing the risk and sensitivity of various categories of information when
making Information Technology and Communication (ICT) decisions about where
Information is to be stored. Fremantle
Ports attempts to hold personal and sensitive information on Australian-based
servers. Hard copy personal and sensitive information is stored both in
Fremantle Ports’ office and in a locally based external archiving facility.
Fremantle Ports strives to protect personal and
sensitive information from misuse, interference, loss and from unauthorised
access, modification or disclosure. However, data transmission over the
Internet cannot be guaranteed to be absolutely secure because risks do change
over time.
2.7.1
Destruction, de-identification and deletion of
personal and sensitive information
All information collected by Fremantle Ports,
whether or not it is personal information, will be stored in accordance with
our records policies which comply with the General Disposal Authority for State
Government which is approved by the State Records Commission. Personal
information is to be kept for 75 years after date of birth or 7 years after
cessation of employment whichever is the latter, or 7 years after death.
Fremantle Ports will only use scrambled data
to de-identify Production-copied data when developing and testing new and
upgraded systems and as required.
2.7.2
Notifiable data breaches scheme
In the event of any loss, or unauthorized access or
disclosure of an individual’s personal information that is likely to result in
serious harm to an individual, Fremantle Ports will:
a)
investigate the data breach
b)
attempt to remedy the breach and
c)
notify you and the Australian Information Commissioner
as soon as reasonably practicable, in accordance with
the Act.
2.8
Unsolicited
information
As
per APP4, Fremantle Ports takes reasonable steps to manage unsolicited personal
information appropriately for the purpose in which it was provided.
2.9
Accuracy and security
As per APP10, Fremantle Ports will take reasonable steps to ensure that
any personal or
sensitive information provided by an individual is accurate, complete and up-to-date, and is
protected from misuse, loss, and unauthorised access, modification and
disclosure.
2.10
Website
visit data
Fremantle Ports’ website records visits and
logs the following information for statistical purposes:
a)
user’s
IP address (internally only)
b)
the
date and time of the visit to the website
c)
pages
accessed and documents downloaded
d)
the
previous website visited
e)
the
type and version of browser used.
No attempt is made to identify users or their
browsing activities except, in the unlikely event of an investigation, where a
law enforcement agency may exercise a warrant to inspect the service provider’s
logs. This website does not use cookies.
3
Changes
to this Policy
This Policy may change from time to time as updated on
our website. Before providing us with personal information, please check this Policy
on our website for any changes.
This Policy was last
updated 9 May 2022.
Find out how you can explore the port or get ferry and cruise info...