13. IDENTIFIERS
We will not use identifiers assigned by the Government, such as a tax file number, Medicare number or provider number, for our own file recording purposes, unless one of the exemptions in the Privacy Act applies. PIR endeavours to avoid data-matching, being the comparison of data collected and held for two or more separate purposes in order to identify common features in relation to individuals, as a basis for further investigation or action in relation to those individuals.
14. HOW DO WE KEEP PERSONAL INFORMATION ACCURATE AND UP TO DATE?
PIR is committed to ensuring that the personal information it collects, uses and discloses is relevant, accurate, complete and up to date.
We encourage individuals to contact us to update any personal information we hold about them. If we correct information that has previously been disclosed to another entity, we will notify the other entity within a reasonable period of the correction. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge individuals for correcting the information.
15. YOU HAVE THE ABILITY TO GAIN ACCESS TO YOUR PERSONAL INFORMATION
Subject to the exceptions set out in the Privacy Act, individuals may gain access to the personal information that we hold about them by contacting the PIR Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
An individual’s request for access to his or her personal information will be dealt with by allowing the individual to look at his or her personal information at the offices of PIR. We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
16. UPDATES TO THIS POLICY
This Policy will be reviewed from time to time to take account of new laws and technology, and changes to our operations and the business environment. Changes to this policy will be reviewed by PIR’s Compliance Committee.
17. RESPONSIBILITIES
It is the responsibility of management to inform employees and other relevant third parties about the PIR Privacy Policy. Management must ensure that they advise PIR’s employees and other relevant third parties of any changes to the Privacy Policy.
It is the responsibility of all employees and other relevant parties to ensure that they understand and comply with this Privacy Policy.
18. PRIVACY TRAINING
All new employees are provided with timely and appropriate access to PIR’s Privacy Policy. All employees are provided with opportunities to attend privacy training, which covers PIR’s obligations under the Act and the APPs. Employees must ensure that they understand the Privacy related issues that could adversely affect PIR and its customers if not properly adhered to.
19. NON-COMPLIANCE AND DISCIPLINARY ACTIONS
Privacy breaches must be reported to management by employees and relevant third parties. Ignorance of the PIR Privacy Policy will not be an acceptable excuse for non-compliance. Employees or other relevant third parties that do not comply with PIR’s Privacy Policy may be subject to disciplinary action.