Larter Consulting (referred to as “Larter”) is dedicated to safeguarding personal and organisational information, and respecting the privacy of individuals and the organisations we work with.
We have adopted the Australian Privacy Principles (APP’s) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The National Privacy Principles (NPP’s) govern the way in which we collect, use, disclose, store, secure and dispose of Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of the Office of the Australian Information Commissioner at https://www.oiac.gov.au.
What is personal information?
This Policy applies to all personal, health or sensitive information about individuals collected, used, stored, disclosed, shared and destroyed by Larter, regardless of the format of the information (recorded or not recorded, in hard-copy or electronic format, in printed, audio, or visual form, web-based or on social media, or in any conversation or discussion).
“Larter associates” refers to employees, directors and sub-contractors or partners of Larter Consulting.
“Confidentiality” is a separate legal concept to privacy. Confidentiality applies to information given to a person or organisation under an obligation not to disclose that information to others unless there is a statutory requirement or duty of care obligation to do so. Confidentiality also applies to organisational information, which is not to be used or disclosed by, staff, sub-contractors without authorisation.
“Privacy” refers to keeping certain personal information free from public knowledge and attention and to having control over its disclosure and use.
Information we collect
Larter collects personal information during its business activities, including when providing some client services. Personal information is also collected when individuals register as a subcontractor, or apply for jobs, sign up for Larter newsletters, email us, and/or register for training and events. The personal information collected may vary and can include information provided by you such as your name, mailing address, e-mail address, telephone number, fax number, social media account details and background information required to apply for a job.
Use of information
Larter uses your personal information to fulfill your requests for information, process your requests to participate in education, training and events, distribute e-newsletters to you, recruit and evaluate job applicants, comply with all applicable laws, and accomplish other purposes you may initiate or request. Personal information collected may also be used for secondary purposes closely related to the primary purpose in collecting the information, in circumstances where you would reasonably expect such information to be disclosed.
Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Larter will only use Sensitive information:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
Our website and social media accounts do not collect personal or Sensitive information about your online activities. Therefore, we do not change our information collection/use practices in response to “do not track” signals from web browsers.
Disclosure of personal information
Larter will not intentionally disclose/transfer (and will take reasonable steps to prevent unauthorised/accidental disclosure of) your personal information to any third parties without your consent, or as otherwise permitted by law, with one exception – sharing your personal information with third party service providers who perform recruitment services on our behalf.
In addition we may disclose information about you:
- If required by law/legal process; To law enforcement authorities/government officials;
- When we believe disclosure is necessary/appropriate to prevent physical harm/financial loss/in connection with an investigation of suspected/actual illegal activity;
- To protect our property/services/legal rights;
- To prevent fraud against Larter/subsidiaries/affiliates/business partners;
- To support auditing/compliance/corporate governance functions; or
- To comply with all applicable laws.
Links to third party sites
Larter has implemented generally accepted standards of technology and information security to protect personal and organisational information from loss, misuse, alteration or unauthorised destruction. We have a Transmission and Storage of Identifiable Information policy to protect misuse or loss of, or theft of, personal information. Where authorised, third party service providers (e.g. bookkeepers) are provided access to personal information, and they are required to treat that information as confidential.
Authorisation from Larter’s Managing Director must be obtained for any storage of personal health information/medical records, and be de-identified. Staff and contracted subcontractors must store all information on the secure Larter server Google Drive File Stream protected by 2-step verification and server-side file encryption.
If clients send information marked Confidential it is to be stored on the secure Larter server Google Drive File Stream in a folder called ‘Confidential’. This folder will be deleted upon conclusion of the project.
Larter staff must not store identifiable information on individual computers.
If authorisation has been provided by Larter’s Managing Director to store identifiable information, it must be stored on a hard drive that is kept in an office (not online, not on laptops) and locked in a secure place in non-work hours. Access to such information is to be limited to people with a genuine business need to access such information.
Larter sub-contractors may store information on their individual computers/portable devices if they are password protected and kept secure.
If a laptop/portable device which contains identifiable information is lost/stolen, this must be report to the Managing Director immediately, even if the information was password protected.
If there is a need to transfer identifiable information, then care must be taken to send it securely via a secure web portal with information encrypted via password in Microsoft Office Word or Excel and files must be removed from the devices promptly once the transfer is complete.
If permitted by law, you may request to access, review, modify or delete the personal information we have collected about you. You may also request a copy of this information and have any inaccuracies corrected. In some cases, you may ask us to stop processing your personal information.
To make such a request or discuss how we process your personal information, please contact us at firstname.lastname@example.org. We will verify your identity to protect your privacy and security before granting access to your personal information. We will promptly investigate and respond to your requests as required by law.
Additionally, if allowed by local law, you may file a complaint with a competent information protection authority.
If you have registered for Larter e-newsletter or alerts or receive invitations from Larter and prefer not to receive future email communications from us, please email email@example.com with the title STOP.