Privacy.

We take it seriously...

Privacy and Information Storage Policy

Privacy and Information Storage Policy
Introduction
ELEV8 Consulting is committed to protecting the privacy and confidentiality of personal information that we collect, use, store, and disclose in the course of providing our services. This policy outlines our approach to privacy and information storage, and explains the measures that we have put in place to ensure compliance with privacy laws and best practices.
 
Scope
This policy applies to all personal information that ELEV8 Consulting collects, uses, stores, and discloses in the course of providing our services. This includes but is not limited to personal information about our clients, workers, stakeholders, and partners.
 
Purpose
The purpose of this policy is to ensure that personal information is collected, used, stored, and protected in accordance with the Privacy Act 1988 and other relevant privacy and confidentiality requirements.
 
Roles and Responsibilities
All employees of ELEV8 Consulting Pty Ltd are responsible for complying with this policy and ensuring the protection of personal information. The Managing Director is responsible for monitoring compliance with this policy and ensuring that all employees are trained on privacy and confidentiality requirements.
 
Collection, Use, and Disclosure of Personal Information
ELEV8 Consulting collects, uses, and discloses personal information only for purposes that are relevant to our services, and that have been consented to by the individuals concerned. We obtain consent through a detailed consent form that outlines the purposes for which personal information will be collected, used, and disclosed, and we review this consent annually to ensure that it remains valid and up-to-date.
ELEV8 Consulting limits the collection of personal information to what is necessary for the intended purpose, and ensures that any personal information that we collect is accurate, complete, and up-to-date. We use and disclose personal information only for the purpose for which it was collected, unless we obtain consent or are required by law to do so.
ELEV8 Consulting does not sell, trade, or rent personal information to third parties. We only disclose personal information to third parties when it is necessary to provide our services, or when we are required by law to do so.
 
Consent Management and Withdrawal of Consent
ELEV8 Consulting ensures that individuals provide informed and voluntary consent for the collection, use, and disclosure of their personal information. For sensitive information, such as health records, we take extra steps to obtain explicit consent. Individuals have the right to withdraw consent at any time by contacting us directly. Upon withdrawal of consent, ELEV8 Consulting will cease any further use or disclosure of the individual's personal information unless required by law.
 
Information Storage and Security
ELEV8 Consulting stores personal information in a secure manner to prevent unauthorised access, use, or disclosure. We use a case management system that is designed to ensure the security of personal information. Only appropriate people have access to the case and its details, and all activity and communication related to the case are completed through the system to minimise the risk of privacy breaches.
Any personal information that we collect as part of assessments or attendance at appointments is transferred onto the case management system in electronic form, and hard copies are then destroyed to further minimize the risk of unauthorised access.
ELEV8 Consulting uses appropriate physical, technical, and administrative safeguards to protect personal information against loss, theft, unauthorised access, use, or disclosure. We regularly review and update our security measures to ensure that they remain effective and up-to-date.
 
Australian Privacy Principles (APPs) Compliance
ELEV8 Consulting is committed to complying with the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988. These principles govern the collection, use, storage, and disclosure of personal information.
 
Data Access, Correction and Protection
ELEV8 Consulting recognises the right of individuals to access and correct their personal information that we hold. We provide individuals with access to their personal information upon request, and we allow them to correct any errors or omissions that they identify.
Access to personal information must be granted on a need-to-know basis, and employees are prohibited from sharing or disclosing any personal information with unauthorised individuals.
All ELEV8 Consulting employees are required to use a strong password to protect access to ELEV8 Consulting's information systems. All ELEV8 Consulting data is backed up regularly and securely.
Personal information is deleted or destroyed in accordance with the Privacy Act 1988 when it is no longer required, and ELEV8 Consulting ensures that all hard copies of personal information are securely destroyed.
 
Retention and Destruction of Personal Information
ELEV8 Consulting retains personal information only for as long as necessary to fulfil the purposes for which it was collected, in accordance with the Privacy Act 1988 and any contractual obligations. Personal information will be securely destroyed or de-identified when it is no longer required. Our retention periods vary depending on the nature of the information:
  • Client records: Retained for a minimum of seven years after the last contact or as required by law.
  • Employee records: Retained in accordance with applicable employment and taxation laws. We use secure methods for the destruction of physical documents (e.g., shredding) and digital data (e.g., permanent deletion from systems).
 
Notifiable Data Breaches (NDB) Scheme
ELEV8 Consulting complies with the Notifiable Data Breaches (NDB) Scheme, as outlined in the Privacy Act 1988. In the event of an eligible data breach, where there is unauthorised access to, disclosure of, or loss of personal information likely to result in serious harm, ELEV8 Consulting will:
  • Notify affected individuals as soon as practicable, providing recommendations on how they can mitigate potential harm.
  • Notify the Office of the Australian Information Commissioner (OAIC) within 30 days of becoming aware of the breach.
  • Follow our Incident Response Procedure to mitigate the breach and prevent future occurrences.
 
Complaints Mechanism and Escalation
ELEV8 Consulting is committed to addressing privacy-related complaints promptly and transparently. Complaints regarding our handling of personal information can be made to our Privacy Officer. We aim to:
  • Acknowledge receipt of complaints within five business days.
  • Investigate and respond to complaints within 30 business days.
  • If a complaint cannot be resolved internally, we will inform the individual of their right to escalate the matter to the Office of the Australian Information Commissioner (OAIC) for further review. Individuals may contact the OAIC through their website or by phone for more information on lodging a complaint.
 
 
Training and Accountability
ELEV8 Consulting provides ongoing training to all employees and contractors on privacy and confidentiality requirements and processes. We ensure that they understand and follow these requirements and processes to protect personal information.
ELEV8 Consulting management is accountable for compliance with privacy and confidentiality requirements. We complete a privacy and confidentiality accountability self-assessment on an annual basis to ensure that effective measures are in place and to consider continuous improvement initiatives for ongoing compliance with privacy laws and best practices.
 
Complaints and Enquiries
ELEV8 Consulting takes privacy complaints and enquiries seriously. We have procedures in place to receive and respond to complaints and enquiries about our privacy practices. We investigate all complaints and take appropriate measures to address any privacy concerns that are raised.
 
Breach Response
ELEV8 Consulting has developed an Incident Response Procedure to respond promptly to any suspected or confirmed data breaches. The Incident Response Plan outlines the steps to be taken in the event of a breach, including notification of affected individuals, regulatory bodies, and other relevant stakeholders.
 
Monitoring and Review
ELEV8 Consulting regularly reviews and monitors its policies and procedures to ensure they are up-to-date and effective in protecting personal information. Any changes to policies and procedures will be communicated to employees and other relevant stakeholders. This policy will be reviewed annually or as necessary to ensure compliance with the Privacy Act 1988 and other relevant privacy and confidentiality requirements.
We may make changes to this Privacy and Information Storage and Use Policy from time to time. Any updates will be posted on our website.
 
Conclusion
ELEV8 Consulting takes the protection of personal information seriously and has implemented policies and procedures to ensure compliance with the Privacy Act 1988. These policies and procedures provide a strong foundation for protecting personal information and ensuring ongoing compliance with privacy and confidentiality requirements.

  
Follow Us on Socials: