Definition: Personal Information (“PI”) is defined under the new amendments to the Privacy Act as “personal information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not”.
Collection of personal information
Satori Group stores personal information such as:
- contact information, including email address, telephone, mobile;
- demographic information such as address, postcode; and
- next of kin details, including name, telephone, mobile, email.
Use of personal information
Client: Satori Group collects a range of transactional and master data sets from clients. This includes employee master file that contains personal information. Satori Group analyses these data sets to identify anomalies and control breakdowns. This helps client to ensure that there is data integrity within their system and protects the business from unnecessary risks, costly mistakes and fraud. Clients provide such information as a data extract (file) when Satori Group is hosting the environment. These extracts get transferred to Satori’s hosted environment via a secured file transfer protocol (sFTP). For Satori non-hosted environment, clients give Satori Group direct access to the ERP system’s database or also provide data extracts.
Once the information is analysed, the source files (data extracts) and analysed information (results) is stored on a client dedicated server (hosted or non-hosted). Clients can only access the result sets that contains personal information using a browser that uses a secured Hypertext Transfer Protocol (Https).
Employee: Satori Group collects employee personal information to disburse salary and reimbursements and to fulfil the requirements of applicable legislation and regulations around taxation, superannuation, health and safety, work rights, etc.
Storage and Security
Satori Group is committed to ensure that the information client and employee provide are secured. Suitable physical, electronic and managerial procedures to safeguard and secure the information have been put in place. This protects data from misuse, interference, loss and unauthorised access, modification and disclosure. Some of these security measures include, firewall ACL/rules, server monitoring, data encryption and password protection.
Disclosure of Personal Information
Satori Group signs a non-disclosure agreement with clients. To uphold this agreement, Satori does not share any data with third parties, both within Australia or overseas, unless otherwise directed by the client. Further, if there is a valid court order, Satori Group will be obligated to disclose personal information. Client will be notified about the disclosure of data including personal information unless otherwise instructed or directed by the court.
If Satori Group have breached the Australian and New Zealand Privacy laws, complaint about that breach should be sent to SatoriAlerts@satorigroup.com.au with the details of the breach. Satori Group will promptly investigate the complaint and respond in writing, setting out the outcome of the investigation, what steps would be taken to remedy the breach and any other action that will be taken to deal with the complaint.