Version No: 3
With Effect Date: 10/01/2017
Version Date: 30/01/2023
Purpose and Scope
Tellus Holdings Ltd (“Tellus”) is committed to protecting the privacy of its employees, stakeholders, clients and vendors.
Tellus is bound by the Privacy Act 1988 (Cth) (the “Privacy Act”) and must protect all personal information according to that Act and other applicable laws.
Tellus is required to handle personal information relating to areas such as employee records, its affiliates or providing services to government authorities that may be subject to certain exemptions from the Privacy Act and, in such cases, those exemptions control its actions.
“Personal Information” means information that identifies an individual or that can be used indirectly to ascertain personal identity. In all cases, Tellus may only collect personal information that is necessary for the operation of its business. For example, personal information can include an employee’s address and contact details. A potential employee may also be asked to provide certain personal details as is needed to confirm their identity, legal right to work, and ability to fulfil role requirements in the case of recruitment activities.
Personal information can also include details about services purchased from Tellus, such as the dates of the purchase or the goods to be transported, delivered, or stored. Financial information provided to Tellus may also require other, necessary information. This may include a billing addressor financial institution account. In all instances Tellus will only collect information that is relevant and necessary to its legal and operational requirements.
Tellus will only collect information directly from the person that the information is required for. For example, personal information may be required to be obtained when a request or order is made online and may include the person’s contact details including an email.
In cases where personal information is required to be collected from a third party, Tellus will take reasonable steps to ensure the person that the information is to be collected on is made aware of why the information is being sort (e.g., from third parties to complete our pre-employment medical screening process).
In certain instances, Tellus may also be required to collect sensitive information, such as a person’s criminal history.
In all such circumstances, this information will only be collected with the person’s consent or otherwise in accordance with applicable laws. In all cases, Tellus will take reasonable precautions to keep all collected information secure and confidential.
Policy Statement
Use And Disclosure of Personal Information
Tellus will endeavour to only use or disclose personal information for purposes related to the reason why it was collected; where consent has been provided; where the law authorises or requires Tellus to do so; or where it is reasonably believed a disclosure is necessary for Commonwealth, State or Territory agencies.
Should personal information be required to be disclosed to third parties, including consultants, auditors, or providers of security or technology services, it will only be determined on the basis that it is a requirement to ensure our business operates effectively and to remain in compliance with Commonwealth, State and Territory legislative requirements.
In some circumstances Tellus may be required to disclose personal Information in the event of an emergency, to assist with law enforcement investigations; or to comply with required applicable Commonwealth, State and Territory laws.
Implementation of this Policy will be assessed as part of Tellus’ internal audit programme.
Security and Storage of Personal Information
Tellus stores personal information in electronic systems and in some circumstances in hard format as paper records.
Tellus is committed to protecting all personal information records, regardless of the information format it is stored as.
Tellus takes all reasonable steps to keep personal information safe from misuse, interference, loss or from unauthorised access, modification or disclosure. These steps include password protection and access privileges to electronic hardware, software and systems platforms. Paper records are secured through physical access controls (e.g., locked cabinets), with authorised access privileges in place.
If personal information is subject to unauthorised loss, use or disclosure through a suspected data or access breach, Tellus will take the necessary steps, as required, in accordance with the Privacy Act.
Tellus may use “cookies” on our external website platforms. A “cookie” is a small amount of data generated between a web browser and a website server, which in turn is stored on a computer or other electronic device. A “cookie” may be used to monitor website traffic or to improve targeted web browsing on a computer or electronic device. Tellus’ websites may also contain links to other websites operated by third parties, including social media platforms. Tellus does not take responsibility for the privacy practices of websites operated by third parties or social network providers.
When personal information is no longer needed for the purpose for which it was obtained, Tellus will take reasonable steps to destroy or permanently de-identify such information. De-identifying personal information includes steps to hide or delete a personal identifier, such as a name or date of birth. In the case of most employee-related personal information, Tellus must securely manage and maintain this information for a minimum of seven years in accordance with the requirements of the Fair Work Act 2009 (Cth) or its predecessors as it relates to the governance of employee personal information.
Requesting Access to Personal Information
Tellus will take all reasonable steps to ensure that personal information collected, used and or disclosed is accurate, complete, and up to date. Employees may seek to access any of their personal information, that Tellus has collected for them, by making a request in writing to the Company Secretary. With respect to these requests, Tellus may not be required by law to provide you the requested information. In these circumstances the reason for this denial will be provided.