DRUG TEST AUSTRALIA (DTA) (the Company) {ABN 28 631 469 497} manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected by DTA.
1. APP Entity
DTA manages personal information, as an APP Entity, under the Australian Privacy Principles (APPs). (View OAIC Privacy Fact Sheet No 17 Jan 2014).
Because we are a contracted service provider to a range of Commonwealth, State and Territory government agencies, it sometimes becomes necessary for us to collect and manage personal information as an Agency under APP 9 – adoption use or disclosure of government related identifiers.
If you wish to know whether this applies to you, please contact us through our contact us page on www.drugtestaustralia.com.au
1.1 Information Flow
APP 1 open and transparent management of personal information
When we collect your personal information:
- We check that it is reasonably necessary for our functions or activities (APP 6 – use or disclosure of personal information) as a Drug Testing company;
- We check that it is current, complete and accurate. This will sometimes mean that we have to cross-check the information that we collect from you with third parties;
- We record and hold your information Record System. Some information may be disclosed to overseas recipients (APP 8- Overseas Disclosures);
- We retrieve your information when we need to use or disclose it for our functions and activities (APP 6 – Use or Disclosure of Personal Information). At that time, we check that it is current, complete, accurate and relevant. This will sometimes mean that we have to cross-check the information that we collect from you with third parties once again – especially if some time has passed since we last checked.
- Subject to some exceptions, we permit you to access your personal information in accordance with APP 12 Access to Personal Information we correct or attach associated statements to your personal information in accordance with APP 13 – Correction of Personal Information
- we destroy or de-identify your personal information when it is no longer needed for any purpose (APP 11 – Security of Personal Information) for which it may be used or disclosed provided that it is lawful for us to do so. We do not destroy or de-identify information that is contained in a Commonwealth Record. (The definition in s.3 Archives Act 1983 which we reached via s.6(1) Privacy Act 1988 (as amended).
2. Kinds of information that we collect and hold
Personal information that we collect and hold is information that is reasonably necessary for the proper performance of our functions and activities as an Drug Testing Company and is likely to differ depending on whether you are:
- a Client/Customer
- Drug Test Donor
- a Referee
2.1 For Clients
The type of information that we typically collect and hold about Clients & customers is information that is necessary to help us manage the presentation and delivery of our products and services and includes:
- Business & Facility information
- Contact information
- Address information
- Trade References
2.2 For Referees
The type of information that we typically collect and hold about Referees is information that is necessary to help to make determinations about the suitability of a business client:
- Credit history
2.3 Drug Testing Donors
The type of information that we typically collect and hold about Drug Test Donors is information that is necessary to help us manage the presentation and delivery of our services and includes:
- Proof of Identification – Full name, Unique Identifier number, Employer
- Consent – Signature
- Test Results
3. Purposes
The purposes for which we collect, hold, use and disclose your personal information are likely to differ depending on whether you are:
- A Client/Customer
- A Referee
- Drug Test donors
The following sections are also relevant to our use and disclosure of your personal information:
- Our Policy on Direct Marketing (APP 7 – Direct marketing)
- Overseas Disclosures (APP 8 – Overseas Disclosures)
3.1 For Clients/Customers
Personal information that we collect, hold, use and disclose about Clients is typically used for:
- Client and business relationship management;
- Marketing services to you;
- Statistical purposes and statutory compliance requirements;
- Policies and Procedures
3.2 For Referees
Personal information that we collect, hold, use and disclose about Referees is typically used for:
- To confirm identity and authority to provide references;
- Business suitability assessment;
3.3 Drug Test Donors
Personal information that we collect, hold, use and disclose about Drug Test Donors is typically used for:
- Testing of saliva and urine samples being undertaken as part of employer’s drug and alcohol testing program
- Access to worksites for Work Safety Management policy
3.4 Direct Marketing
Personal information that we collect, hold, use and disclose will only be used for the following purpose:
- Personal information will be used by our organisation to market directly to our clients & customers about our products and services.
- Personal information will not be passed on to third party organisations for direct marketing purposes.
The organization is compliant with the requirements of the anti-spam legislation.
4. How your personal information is collected
The means by which we will generally collect your personal information are likely to differ depending on whether you are:
- A Client/customer
- A referee
- Drug Test Donor
We sometimes collect information from third parties and publicly available sources when it is necessary for a specific purpose such as checking information that you have given us or where you have consented or would reasonably expect us to collect your personal information in this way.
Sometimes the technology that is used to support communications between us will provide personal information to us – see the section in this policy on (Electronic Transactions).
See also the section on Photos & Images.
4.1 For Clients/Customers
Personal information about you may be collected:
- When you provide it to us for business-related purposes;
We may also collect information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs (OAIC Privacy Fact Sheet No 17 Jan 2014) and our Privacy Policy.
4.2 For Referees
Personal information about you may be collected when you provide it to us:
- In the course of our checking client/customer references with you and when we are checking information that we obtain from you about Clients & or Customers;
We may also collect information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs (OAIC Privacy Fact Sheet No 17 Jan 2014) and our Privacy Policy.
4.3 For Drug Test Donors
Personal information will be collected from you directly when you:
- submit your sample for testing purposes
- Identification is provided
We may also collect information about you from a range of publicly available sources including newspapers, journals, directories, the Internet and social media sites. When we collect personal information about you from publicly available sources for inclusion in our records we will manage the information in accordance with the APPs (OAIC Privacy Fact Sheet No 17 Jan 2014) and our Privacy Policy.
4.4 Photos and Images
We will not request that you supply photographs, scan photo ID, or capture and retain video image data of you in cases where simply sighting photographs or proof of identity documents would be sufficient in the circumstances.
If any workplace surveillance technology is used we will ensure that a disclosure meets workplace surveillance disclosure requirements in a way that does not compromise security, where a purpose of the deployment of the technology is to provide security for staff and visitors.
4.5 Electronic Transactions
We collect personal information that individuals choose to give us via online forms or by email, for example when individuals:
- Ask to be on an email list;
- Register as a website account user to access our products and services.
- Make a written online inquiry or email us through our website;
It is important that you understand that there are risks with use of the Internet and you should take all appropriate steps to protect your personal information. It might help you to look at the OAIC’s resource, On-line safety here.
You can contact us by telephone (landline) or mail if you have concerns about making contact via the Internet.
The privacy aspects of our electronic transactions and IT systems are such that we take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
- a) Will ensure that the entity complies with the Australian Privacy Principles and;
b) Will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles.
See also the following topics:
- Social networks and web searches
- Resume harvesting and job matching software
- Browsing
- Cookies
- Web Bugs
- Cloud Computing Services
- Uploading photographs
- Emails
- Call and message logs
- Teleconferences and Video conferences
- Database
- Mobile Access
- Paperless Office
5. How your personal information is held
Personal information is held in our Information Record System until it is no longer needed for any purpose for which it may be used or disclosed at which time it will be de-identified or destroyed provided that it is lawful for us to do so.
We take a range of measures to protect your personal information (APP 11 – Security of Personal Information) from:
- Misuse, interference and loss; and
- Unauthorized access, modification or disclosure
5.1 Our Information Record System
- Personal information is stored in hard copy and filed in appropriate Locked cabinet at all times
- Personal information is also stored in electronic format
- Cloud storage is also used
5.2 Information Security
Access to data within the organization is restricted with granular file permission determined by business owners, this cannot be circumvented. A Firewall at the perimeter of the network restricts outside access to the network. Highest security level schematic business firewall software is used and provided by an external certified IT Administrator.
- Staff training
- “Clean desk” procedures
- Need-to-know and authorization policies
- Collection policies
- Password protection
- Policies on laptop and portable storage devices
- Policy on timely culling
- Shredding and secure disposal procedures
6. Disclosure
We may disclose your personal information for any of the purposes for which it is primarily held or for a lawful related purpose where we are under a legal duty to do so.
Disclosure will be:
- Internally
- To our clients
- Related entities
- To referees for suitability and screening purposes
6.1 Related purpose Disclosure
We outsource a number of services to contracted service supplies (CSPs) from time to time. Our CSPs may see some of your personal information. Typically our CSPs would include:
- Software solutions providers;
- I.T. contractors and database designers and Internet service suppliers;
- Legal and other professional advisors;
- Insurer brokers; loss assessors and underwriters;
- Superannuation fund managers;
- Background checking and screening agents;
We take reasonable steps to ensure that terms of service with our CSPs recognize that we are bound by obligations to protect the privacy of your personal information and that they will not do anything that would cause us to breach those obligations.
7. Access & Correction
Subject to some exceptions set out in privacy law, you can gain access to your personal information that we hold.
Important exceptions include:
- Evaluative opinion material obtained confidentially in the course of our performing reference checks; and access that would impact on the privacy rights of other people. In many cases evaluative material contained in references that we obtain will be collected under obligations of confidentiality that the person who gave us the information is entitled to expect will be observed. We do refuse access if it would breach confidentiality.
For more information about access to your information see our Access Policy (APP 12 -Access to personal Information).
For more information about applying to correct your information see our Correction Policy (APP 13 – Correction of Personal Information).
7.1 Access Policy
If you wish to obtain access to your personal information you should contact our Privacy Co-ordinator. You will need to be in a position to verify your identity.
7.2 Correction Policy
If you find that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to correct it by contacting our Privacy Co-ordinator.
We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant and not misleading.
If we have disclosed personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading, you can ask us to notify the third parties to whom we made the disclosure and we will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
8 Complaints
You have a right to complain about our handling of your personal information if you believe that we have interfered with your privacy. (APP
8.1 Complaints procedure
If you are making a complaint about our handling of your personal information, it should first be made to us in writing.
You can make complaints about our handling of your personal information to our Privacy Co-ordinator, whose contact details are:
Joy Clarke
024964 5520
When making a complaint to us you will need to:
- identify yourself
- give any identification or reference number(s), if relevant
- give a brief description of the matter and why you think our organisation has mishandled your personal information (what happened, when it happened and any consequences)
- let our organisation know what you’d like them to do to resolve the matter.
If you put your complaint in writing also include:
- a contact address
- a contact phone number
- the date (if you’re sending a letter).
When we receive your complaint:
- We will take steps to confirm the authenticity of the complaint and the contact details provided to us that we are responding to you or to a person whom you have authorized to receive information about your complaint;
- Upon confirmation we will write to you to acknowledge receipt and to confirm that we are handling your complaint in accordance with our policy;
- We may ask for clarification of certain aspects of the complaint and for further detail;
- We will consider the complaint and may make inquiries of people who can assist us to establish what has happened and why;
- We will take a reasonable time (usually 30 days) to respond;
- If the complaint can be resolved by procedures for access and correction (Links to level 1: Access & Correction) we will suggest these to you as possible solutions;
- If we believe that your complaint may be capable of some other solution we will suggest that solution to you, on a confidential and without prejudice basis in our response;
If the complaint cannot be resolved by means that we propose in our response, we will suggest that you then make a complaint to the Office of the Australian Information Commissioner here .
DTA Privacy Policy Updated 18 December 2023