Updated April 2023
Diversity Partners Pty Ltd (ABN 67 141 965 148) (we, us, our, Diversity Partners) is a consulting firm that advises clients in relation to diverse and inclusive workplaces.
We are committed to protecting your privacy, in accordance with applicable Australian privacy laws.
This Policy is designed to give you a greater understanding of how we collect, use, disclose and otherwise handle personal information.
1.2 What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable. Examples include your name, address, date of birth and email address.
1.3 Our obligations
We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, security, accessibility and disposal.
We are also required to comply with more specific privacy legislation in some circumstances, such as:
- applicable State and Territory health privacy legislation (including the Victorian Health Records Act ) when we collect and handle health information in the relevant jurisdiction; and
- the Spam Act and the Do Not Call Register Act.
2. What we collect
The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:
- are or work for one of our clients, we may collect details such as your name, job title, address, telephone number and email address
- work for a supplier to Diversity Partners, we may collect details such as your name, job title, address, telephone number and email address
- send us an enquiry or provide us with feedback, we may collect your name, contact details, details of your enquiry or feedback and information about our response
- apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports
2.2 Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection, such as health information. We only collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law to do so.
For example, we may collect:
- Company-wide demographic data ([such as information about gender identity, racial or ethnic origin, sexual orientation, disability) though a diversity and inclusion survey.
2.3 Collection of information other than personal information through our website
When you visit our website, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.
Site visit information
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.
We use and disclose this information in anonymous, aggregated form only for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user’s internet browser.
We only use non-persistent cookies. That is, they are held on your browser’s memory only for the duration of your session.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.
2.4 What if you don’t provide us with your personal information?
We will provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name.
For example, you can access our website and make general phone queries without having to identify yourself
In some cases however, if you don’t provide us with your personal information when requested, we may not be able to provide you with the product or service that you are seeking. For example, you must identify yourself to enter into a client engagement with us.
3. How we collect personal information
3.1 Methods of collection
We collect personal information in a number of ways, including:
- in person (for example, for example, at meetings, conferences or events)
- through our website (for example, if you submit an online enquiry)
- over the telephone
- through written correspondence (such as letters and emails)
- on hard copy forms (for example, competition entry forms and surveys)
3.2 Collection notices
Where we collect personal information about you, we will take reasonable steps to provide you with certain details about that collection (such as the purpose for which we are collecting the information and the type of third parties to which it is usually disclosed). We will generally include this information in a collection notice.
3.3 Unsolicited information
Unsolicited personal information is personal information we receive that we have taken no active steps to collect (such as an employment application sent to us by an individual on their own initiative, rather than in response to a job advertisement).
We may keep records of unsolicited personal information if the Privacy Act permits it (for example, if the information is reasonably necessary for one or more of our functions or activities). If not, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
4. Why we collect personal information
The main purposes for which we collect, hold, use and disclose personal information are set out below.
- providing our services and advice to you
- promoting ourselves and our products and services, including through direct marketing, events and competitions (see under heading 4.2 below)
- obtaining products and services for our business
- performing research and statistical analysis, including for customer satisfaction and service improvement purposes
- answering queries and resolving complaints
- recruiting staff and contractors
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:
- which are required or authorised by or under law; or
- for which you have provided your consent.
4.2 Direct marketing
We may use or disclose your personal information to let you know about us and our products and services (including promotions, special offers and events) either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS or telephone.
Where you have consented to receiving marketing communications from us, your consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting us (details under heading 11 below
- advising us if you receive a marketing call that you no longer wish to receive these calls
- using the unsubscribe facility that we include in our electronic messages (such as emails, SMSes and MMSes)
5. Who we may share your personal information with
We may share personal information with third parties where appropriate for the purposes set out under heading 4, including:
- financial institutions for payment processing
- an individual’s agent or authorised representative
- referees whose details are provided to us by job applicants
- our contracted service providers, including:
- delivery and shipping providers
- information technology and data storage providers
- venues and event organisers
- marketing and communications agencies
- research and statistical analysis providers
- call centres
- mail houses
- external business advisers (such as consultants, recruitment advisors, accountants, auditors and lawyers)
In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
6. Cross border disclosure of personal information
We may disclose personal information to third parties located overseas in the following situations:
- Cloud hosting services
- Survey platforms
- Email platforms
In each case, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information.
7. Data quality and security
We hold personal information in a number of ways, including in electronic databases, email contact lists, and in paper documents held in drawers and cabinets. We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose permitted by the APPs.
You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security (including restricting access to personal information on our systems to staff who need that access to carry out their duties, staff training and workplace policies.
Online credit card payment security
We process payments using EFTPOS and online technologies. All transactions processed by us meet industry security standards to ensure payment details are protected.
While we endeavour to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 11 below).
Third party websites
8. Access and Correction
Please contact our Privacy Officer (details under heading 11 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.
8.4 Timeframe for access and correction requests
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
8.5 What if we do not agree to your request for access or correction?
If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out:
- the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so); and
- available complaint mechanisms.
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this in such a way that will make the statement apparent to users of the information.
If you have a complaint about how we have collected or handled your personal information, please contact us (details under heading 11 below).
We will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week. If we are not able to do so, we will ask you to submit your complaint in writing.
In most cases, we expect to investigate written complaints and provide a response within 30 days of receipt. If the matter is more complex and our investigation may take longer, we will contact you and tell you when we expect to provide our response.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information).
10. Our contact details
Please contact us if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details are set out below.
Mail: Diversity Partners Privacy Officer, Level 8, 91-97 William Street, Melbourne, VIC, 3000
Telephone: 1800 571 999
Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling the OAIC’s enquiry line at 1300 363 992.
11. Changes to this Policy