Privacy Policy

1.0 Introduction

Redundancy Payment Central Fund Ltd (ABN 97 007 133 833) trading as Incolink (Incolink, we, us, our) is committed to protecting the privacy and the security of your personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs).

This Privacy Policy describes our policies and practices for collecting, storing, handling, using, and disclosing your personal information. It also explains how you may complain about a breach of the privacy laws and how we will deal with such complaints, how you can access the personal information we hold about you and how to have that information corrected.

2.0 Who we are & what do we do?

Incolink is a joint enterprise of employer associations and industry unions in the commercial building, construction and civil allied industries in Victoria, Tasmania, South Australia and New South Wales. One of our main functions is to administer and operate redundancy, portable sick leave, and income protection insurance schemes (collectively Funds) for the commercial construction sector. Our services are made available to both our employer and worker members and key stakeholders in the industry.

3.0 What is personal information?

Personal information includes any information or opinion about you or information from which you can be reasonably identified by others. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it. Personal information may include things such as your name, address, contact details, date of birth, government issued identifiers (such as
your tax file number, Medicare number or driver’s licence number), and bank account details. It also includes Sensitive Information.

Sensitive information includes, without limitation, details of your religious beliefs, membership of a trade union and health information.

4.0 Collection of personal information

Incolink will not collect personal information unless the information is necessary for one or more of our functions or activities. In order to perform our functions, Incolink may need to collect information about you, including whether or not you are a member of a trade union. By agreeing to this Privacy Policy, you consent to Incolink collecting information about you, either from you, your employer or other third parties, where collecting that information is reasonably necessary for Incolink to perform one or more of our functions or activities.

Incolink will only collect personal information by lawful and fair means and not in an unreasonably intrusive manner. Incolink will collect information about you directly from you, where and when it isreasonable and practicable to do so. However, you acknowledge and agree that Incolink may collect personal information about you from third parties, such as your employer. Where Incolink collects personal information about you from a third party, reasonable steps will be taken to ensure that you are made aware of how to contact Incolink to access your information, the purposes for which the information is collected, the types of organisations to which information is usually disclosed and any lawthat requires the particular information to be collected.

Personal information collected by Incolink includes, but is not limited to:
• Name and address;
• Telephone number(s);
• Date of birth;
• Email address;
• Occupation;
• Tax File Number (TFN); and
• Memberships to other organisations such as unions and/or any other representative associations or bodies.

In addition to the administration of the Funds (as outlined in clause 2 of this Policy), Incolink currently also offers the following non-exhaustive range of related services, such as employment advice, counselling support, onsite education and awareness, injury management and insurance related services. Incolink may also collaborate, work in partnerships, enter into joint ventures or such other legal relationships with third parties (collectively Arrangements) in respect of the services referred to above and generally in furtherance of the administration of the Funds. As part of these functions, detailed personal and sensitive information may be collected and/or you may be asked to provide personal information for the purposes mentioned above. If you do not provide this additional personal information, Incolink may be unable to properly provide the services and/or administer the Funds through the Arrangements, which may affect your entitlements or benefits under the Funds. See clause 8 below on other circumstances where we disclose your personal information.

4.1 Sensitive information

In order to provide the range of services to you, the information we collect from you may include sensitive information. We will only collect sensitive information about you if it is reasonably necessary for our business functions and activities. For example, we may collect voice or facial biometric information to verify your identity or authorise payments.

We collect sensitive information in the same way that we collect personal information, which is outlined in this Policy. In addition, we may collect sensitive information indirectly from third parties you deal with, for example in relation to your health information, from a health practitioner (such as a psychologist or physiotherapist). We only hold, use and disclose sensitive information about you for our purposes and functions. For instance, we provide a range of valuable services such as counselling (including drug and alcohol, crisis intervention), employment support. We may need to collect use and disclose sensitive information about you so that we can best provide these services, manage our relationship with you, deal with your enquiries and concerns.

This may include disclosing to third parties, for example those that provide services to us such as legal, accounting, insurance underwriters and brokers government agencies, law enforcement bodies, courts and other dispute resolution processes.

5.0 What if you choose not to provide information to us?

We may be unable to provide our products or services to you where we do not have all the relevant information, we require to deliver such products or services.

5.1. Anonymity and pseudonymity

Where practical, you may deal with us anonymously or using a pseudonym. The majority of our services, however, will require collection of your personal information to allow us to provide you with the appropriate products, services or responses.

6.0 For what purpose do we hold, use and disclose personal information

Incolink may hold, use, or disclose personal information for the primary purpose for which it was collected. Typically, this will include administering the Funds that Incolink manages, managing your membership details and making any payment which you may become entitled to receive. If Incolink holds, uses or discloses personal information for a purpose other than the primary purpose for which it was collected (the secondary purpose), Incolink will ensure that the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that Incolink would hold, use or disclose the personal information in that way:
• you have consented to the use or disclosure of the personal information for the secondary purpose;
• use or disclosure is required or authorised by law; or
• the use or disclosure is otherwise permitted by the Act.

7.0 How do we hold personal information?

Incolink strives to maintain the relevance, reliability, accuracy, completeness, and currency of the personal information we hold, and to protect its privacy and security. Much of the information Incolink holds about you will be stored electronically in secure data centres, which are located in Australia, and owned by either Incolink or an external service provider. This does not include third parties backing up or mirroring their data in overseas jurisdictions. Some of your personal information will be stored in paperfiles, which will be held in secure offsite storage.

Incolink may disclose your personal information or sensitive information to third parties located outside of Australia (see clause 8.2. for further information). Incolink takes reasonable physical and electronic security measures to protect the security of the personal information held, including but not limited to:
• ensuring that the personal information that it collects is accurate, complete and up to date;
•protecting personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure;
• destroying or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under the Act or any other applicable law;
• all staff being required to complete training about information security; and
• regular monitoring and review of compliance with internal policies and industry best practice.

8.0 Who does Incolink disclose personal information to, and why?

In order to operate the Funds, to ensure that the purposes of the Funds can be fulfilled including the various purposes mentioned above (see clause 4), Incolink may disclose personal information that it holds in relation to you. Specifically, Incolink may disclose personal information held by Incolink about members to organisations including, but not limited to:
• Principal contractors on building sites;
• Union representatives (including shop stewards);
• Employer association representatives;
• Insurers (and their claims handling agents);
• Employer members of Incolink;
• Government bodies including, but not limited to, Centrelink and the Child Support Agency;
• Third party service providers including, but not limited to, printing companies and document disposal agencies;
• Third parties who Incolink deals with or engages to provide certain services or product offerings to members and may wish to provide related services or product offerings independently of Incolink;
• Any third parties including without limitation any of the parties listed above that may be a party to the Arrangements and who may use the information Incolink discloses as part of thearrangement for that other party’s own purposes; and
• Any other third parties that Incolink enters into an agreement with for any purposes that Incolink
considers may benefit you.

Incolink may also disclose personal and sensitive information if it believes that there is a serious and imminent threat to an individual’s life, health, or safety if there is or a serious threat to public health or public safety.

8.1 Third party disclosure

Where third parties are involved, Incolink will ensure that they become aware of and require them to abide by Incolink’s Privacy Policy.

Incolink may disclose your personal information to external organisations. To protect your personalinformation, we enter into agreements with our service providers that require them to comply with the Privacy Act and to only use the personal information we disclose to them for the specific role we ask them to perform.

We may also disclose your personal information to others, where:
• We are required or authorised by law or where they have a public duty to do so;
• you have expressly consented to the disclosure or the consent may be reasonably inferred from the circumstances; or
• we are otherwise permitted to disclose the information under the Privacy Act.

8.2 Overseas disclosure

Incolink may disclose your personal information to a recipient that is located outside Australia. Any overseas disclosure does not affect our commitment to safeguarding your personal information and we will take reasonable steps to ensure any overseas recipient of your personal information complies with Australian privacy law.

Incolink will not send your personal information to recipients outside of Australia unless:
• We have taken reasonable steps to ensure that the recipient does not breach the Privacy Act, including the APPs;
• the recipient is subject to an information privacy scheme similar to the Privacy Act; or
• the individual has consented to the disclosure.

9.0 Do we use or disclose personal information for marketing?

Incolink also use personal information that we hold about you to send you details of promotional offers and special events that we believe may interest you but will not do so if you tell us not to.

By providing your personal information to Incolink (or by providing your personal information to a third party to provide to Incolink), you consent to:
• the use and disclosure of your personal information by Incolink to send you details of promotional offers and special events that it believes may be of interest to you; and
• the use and disclosure of your personal information for the purpose of direct marketing by any third parties that Incolink has an agreement with and provided Incolink reasonably believes thatthe direct marketing by those third parties may be of benefit to you.

You may withdraw your consent to receiving direct marketing materials from Incolink or a third party at any time. If you do not wish to receive direct marketing materials from Incolink or a third party, you must expressly contact our Privacy Officer using the contact details provided below and request not to receive
direct marketing materials from Incolink or the relevant third party in the future. Alternatively, you can use the ‘unsubscribe’ function found at the bottom of any direct marketing emails that either Incolink or a third party send to you, in which case your name will be removed from the relevant email distribution list.

10.0 European Union General Data Protection Regulation (GDPR)

If you are a member of Incolink and you reside in a country that is a member of the European Economic Area, in addition to the protection you receive under the Privacy Act, you are entitled to other protections provided by the GDPR, including in certain circumstances, the right to:

• Have your personal information erased;
• access your personal information in an electronic and portable format; or
• restrict or object to the processing of your personal information.

11.0 Access to and correction of personal information

At any time, you may request access to any personal information that Incolink holds about you. Incolink will respond to your requests for access to your personal information within a reasonable time. You may request access to your personal information in a particular manner (such as by having a copy of the personal information that Incolink holds about you, emailed, or posted to you). Incolink will endeavour to comply with such a request if it is reasonable and practicable to do so.

Incolink will generally allow you to access personal information it holds about you, where practicable. If you believe that any personal information that Incolink holds about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you must expressly request that Incolink correct this information. Incolink will respond to your requests for correction of your personal information within a reasonable time. Incolink will take reasonable steps to correct any personal information that it holds about you, which Incolink agrees is inaccurate, out of date, incomplete, irrelevant, or misleading.

Requests for access to, or correction of, any personal information that Incolink holds about you must be expressly made by contacting Incolink’s Privacy Officer using the contact details provided in clause 16 of this document.

There may be some situations where Incolink may not allow you to access personal information that it holds about you or may refuse to correct personal information. In these situations, Incolink will provide you with reasons for this decision and will provide you with information about the mechanisms available to you to challenge the refusal. Additionally, where Incolink declines to correct any personal information that it holds about you, you may request that Incolink associate with the information a statement that you claim that the information is inaccurate, out of date, incomplete, irrelevant or misleading. Incolink will then take reasonable steps to associate such a statement with your personal information.

Depending on the circumstances, a small administrative charge may apply for costs involved in providing you with access to personal information about you. Incolink will not charge you for making a request to access your personal information or for correcting your personal information.

12.0 Users of our website

If you visit www.incolink.org.au (website) to read, browse or download information, our system may record information such as the date and time of your visit to the website, the pages accessed and any information downloaded. This information is used for statistical, reporting and website administration and maintenance purposes only.

Like many websites, our website may use “cookies” from time to time. Cookies are small text files that we transfer to your computer’s hard drive through your web browser to enable our systems to recognise your browser. Cookies may also be used to record non-personal information such as the date, time or duration of your visit, or the pages accessed, for website administration, statistical and maintenance purposes. Any such information will be aggregated and not linked to particular individuals. The default settings of browsers like Internet Explorer always allow cookies, but users can easily erase cookies from their hard-drive, block all cookies, or receive a warning before a cookie is stored. Please note that some parts of the website may not function fully for users that disallow cookies.

While we take great care to protect your personal information on our website, unfortunately no data transmission over the internet can be guaranteed to be fully secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email or by submitting information using the website. We have no way of protecting that information until it reaches us. Incolink will not be liable in any way in relation to any breach of security or unintended loss or disclosure of information due to the website being linked to the internet.

The website may contain links to other sites. We are not responsible for the privacy practices, policies, or content of those sites.

13.0 Notification of Eligible Data Breaches

Due to the Privacy Amendment (Notifiable Data Breaches) Act (Cth) 2017, we are legally required to notify affected you of any eligible data breaches. To comply with this legal requirement, we have implemented a Data Breach Response Plan in order to deal with actual or potential data breaches as well as the notification process to be followed when notifying you.

14.0 Complaints Process

If you believe that your privacy has been breached, please contact us using the details below and provide details of the incident so that we can investigate it.

Our procedure for investigating and dealing with privacy breaches is as follows:
• complaints should be made in writing and submitted to the Privacy Officer using the details below;
• we will treat your complaint confidentially. The Privacy Officer, or his or her nominated representative, will investigate your complaint and contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved;
• we will aim to ensure that your complaint is resolved within a reasonable time and in an appropriate manner with which you are satisfied; and
• if you are not satisfied with our response or our proposed resolution of your complaint, then you may lodge a formal privacy complaint with the Office of the Australian Information Commissioner (OAIC).

The OAIC can be contacted at
Post: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: www.oaic.gov.au

15.0 Miscellaneous

In this Policy “personal information” and “sensitive information” have the same meaning as under the Privacy Act 1988 (Cth). This Policy represents our Policy as at May 2020. We may change this Policy (including the way we handle personal information) from time to time for any reason, including to comply with the Act, by posting the amended policy on our website. The amended policy will be effective upon being posted on this website. Please check our website regularly to ensure that you have the most recent version of the Policy. Although we intend to observe this Policy at all times, it is not legally binding on Incolink in any way. From time to time we may regard it as necessary or desirable to act outside the Policy.

Incolink may do so, subject only to any statutory rights you have under the Act or other applicable legislation

16.0 Contact Details

If you have any questions concerning how Incolink handles personal information, if you wish to gain access to or correct any personal information about you held by Incolink, or if you have any concerns or a complaint regarding the treatment of your personal information or a possible breach of your privacy, please contact:

Post: The Privacy Officer, Incolink, 1 Pelham Street, Carlton VIC 3053
Phone: (03) 9639 3000
Email: privacy@incolink.org.au

ABN 97 007 133 833 © Redundancy Payment Central Fund Ltd 2020. All rights reserved.