Personal data and personal information, like other important assets, must be suitably protected to ensure the privacy of individuals is respected, our clients are not exposed, information is secured, our business operations can be conducted, and relevant laws and regulations are adhered to.
This document sets out our global policies regarding:
- the type of data we collect
- the purpose for which we gather and process your data
- how we manage your personal data
- how we disclose your data
- how we manage the transfer of data
- how you can request access and correct your data
- how you can inquire or make a complaint
As a global organisation, Forwood collect and process industry data specific to safety and fatality prevention. As part of our services we also collect “personal data”.
Forwood’s approach is aligned with the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Act), the General Data Protection Regulation (EU) 2016/679 (GDPR) and in accordance with other applicable privacy laws.
Forwood’s approach for Information Management and Cyber Security is aligned to ISO 27001 and we have set out guidelines for the management and protection of business information in accordance with its value, sensitivity and criticality in this related policy.
Review of the policy
The policy must be reviewed at least once every three years. Upon revision, the updated policy must be published and communicated to staff and external parties as relevant. The Director Forwood Enterprises is the only role authorized to approve changes to this policy.
Terms and definitions
Cloud Computing – A model for delivering information technology solutions in which resources are made available via the Internet through web-based applications.
Control – a means of managing risk, which includes policies, standards, procedures, guidelines, practices or organizational structures and which can be administrative, technical, management, or legal in nature.
Computers – includes personal computers (desktops, laptops), mobile devices (tablets, phones), servers, embedded or Internet of Things (IOT) appliances.
Cyber Security Incident – one or more information security events where information security is breached, and systems or information can be accessed and used maliciously.
External Party – a contractor or company that has a business relationship with Forwood but is neither owned nor controlled by Forwood.
Incident – a single or series of unwanted events that have a potential of breaching the law, compromising operations or threatening information security.
Information Security – the practice of protecting information by mitigating information risk.
Information Security Incident – one or more events that could compromise the security of information and weaken or impair operations.
Personal Data – is defined as Personal Information or an opinion relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Information – information relating to any identified or identifiable individual, whether living or deceased. Unauthorized disclosure of such information is likely to breach data privacy in one or multiple operating countries.
Risk – a possible event or condition that, if it occurs, will affect one or more objectives.
Stream – an organizational term describing one or multiple teams within Forwood.
Personal data collected by Forwood is stored either in our databases or those of our service providers. Forwood has implemented measures to ensure the security and confidentiality of your personal data. We only work with third party service providers compliant with our security requirements.
Personal data collection is not the core of our business. We only collect personal data that is necessary for the operation of our business and to supply our services.
If you have consented to our use of information about you, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party (e.g. your employer) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean that you can no longer use our services.
How we process data
We must have a lawful basis for processing your personal data. Depending on the circumstances, this basis will be:
Where you have given us your consent to the processing for one or more specific purposes.
Performance of a contract
Where the processing is necessary for the performance of a contract to which you (or your employer) are a party or in order to take steps at your request prior to entering into a contract.
Where the processing is necessary for compliance with a legal obligation to which we are subject to.
Where the processing is necessary for the purposes of Forwood’s legitimate interests for internal administrative purposes relating to employees, customers and clients or to ensure information security.
How we collect and use data
Forwood collects personal data reasonably necessary to carry out our business, to assess and manage our clients’ needs, and provide our services. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you or third parties and managing client relationships.
The purposes for which Forwood usually collects and uses personal data depends on the nature of your interaction with us, but may include:
- responding to requests for information and other general inquiries
- managing, planning, advertising and administering of our services
- researching, developing and expanding our facilities and services
- informing you of our activities, events, facilities and services
- recruitment processes
- responding to enquires and complaints
Forwood generally collects personal data directly from you. We may collect and update your personal data over the phone, by email, over the internet or social media, or in person.
We may also collect personal data about you from other sources, for example:
- your employer
- our affiliated and related companies
- third party suppliers and contractors who assist us to operate our business
Forwood also collects and uses personal data for market research purposes and to innovate our delivery of products and services.
Forwood may use or disclose your personal data for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details form set out below. If you opt-out of receiving marketing material from us, Forwood may still contact you in relation to its ongoing relationship with you.
The type of data we collect
We collect the following personal data:
Clients and prospective clients
When you enquire about our services or when you become a client or customer of Forwood, a record is made which includes your personal data. The type of personal data that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, but will typically include:
- your name, email, postal address and other contact details
- information about your employer or the organization that you represent
- your professional details (such as the position or role within your organization)
- any additional personal data you provide to us, or authorize us to collect, as part of your interaction with us
Prospective employees, contractors or applicants
We collect personal data when recruiting personnel (for example, when you send us a job application or resume) such as your name, contact details, academic and professional qualifications, work history, payroll information and any other information that we receive from our communications with you, such as feedback or survey responses that you have provided us and information collected at interviews. Generally, we will collect this information directly from you.
We may also collect personal data from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
We may collect personal data about other individuals who are not clients or customers of Forwood such as service providers, contractors, suppliers, sponsors, business partners, industry association representatives and other individuals who interact with us on a commercial basis. The kind of personal data we collect will depend on the capacity in which you are dealing with Forwood. Generally, it would include your name, contact details, and information regarding our interactions and transactions with you.
Visitors to our websites
The way in which we handle the personal data of visitors to our websites is discussed below.
How we interact with you
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content.
How we disclose data
Forwood may share your information with people in the company who need to know that information for business or legal reasons. For example, in order to carry out an administrative function such as processing an invoice, or to direct an enquiry that you have submitted to the relevant department within Forwood.
We may disclose your personal data to third parties including the authorities, Forwood’s advisors, suppliers of IT services and third parties engaged by Forwood for the purpose of providing services requested by you; to protect any intellectual property rights in any materials displayed on or otherwise available from Forwood’s website; for the purpose of seeking legal or other professional advice; to respond to a legal request or comply with a legal obligation; and to enforce Forwood’s website terms and conditions of use.
International transfer and disclosure
Forwood is a global organisation and works with clients, service providers, partners, sponsors and commercial interests across the globe. We collect information globally and may transfer, process and store your information outside of your country of residence, to wherever we or our third-party service providers operate for the purpose of providing you the services. Whenever we transfer your information, we take steps to protect it.
It is likely that your personal data will be disclosed to overseas recipients in (but not limited to) the following countries: United States of America, Australia, United Kingdom and the European Union.
Unless we have your consent, we will only disclose your personal data to overseas recipients if they have been determined by the European Commission to offer an adequate level of data protection in accordance with article 45 of the GDPR. If a country does not offer an adequate level of data protection, then we will only transfer personal data to that country or an international organisation where we have provided appropriate safeguards including standard data protection clauses adopted by the European Commission.
For clients and customers
The purposes for which we may use and disclose your personal data will depend on the services we are providing you. For example, if you have engaged us to deliver a service, we may disclose information about you to service providers or partners where this is relevant to our services.
Disclosure to contractors and other service providers
Forwood may disclose information to third parties we engage or partner up with in order to provide our services, including to contractors and service providers used for data processing, data analysis, customer satisfaction surveys, information technology services and support, website maintenance/development, printing, archiving, mailouts, and market research. We may provide information to our partners who are delivering similar services to you.
Personal data may also be shared between related and affiliated companies of Forwood, located in Australia and overseas.
Third parties to whom we have disclosed your personal data may contact you directly to let you know they have collected your personal data and to give you information about their privacy policies.
Other third parties
When required by law, Forwood will disclose personal data to a government authority.
We may disclose your personal data to third parties in the event that we sell, buy or merge any business or assets, including the prospective seller or buyer of such business or assets.
Forwood may also disclose the personal data you provide on a job application to human resources practitioners, hiring managers and to any recruitment advisors for the purpose of considering you for career opportunities within Forwood.
Use and disclosure for administration and management
Forwood will also use and disclose personal data for a range of administrative, management and operational purposes.
Other uses and disclosures
How we store data
Forwood stores information and data in paper-based files or electronic records in secure databases or electronic storage (including trusted third-party storage providers). Personal data may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).
Your personal data will be retained for the duration in which Forwood products or services are supplied, per business or regulatory requirements and no longer than necessary. In certain cases, we may retain personal data for a period following supply of products or services, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule, or regulation.
It is not possible for us to state the precise period for which your personal data will be stored however it is necessary for us to store your personal data:
- while you are employed or engaged by us as an employee or contractor
- while you are a representative of an organization with whom we have an ongoing contract
- while we are providing services to you or your organization
- if you have made an enquiry or complaint which we are in the process of resolving
Upon disposal, we will destroy or render unreadable any such personal data, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Our incident response team will assess all suspected or potential data breaches and, if we have reasonable grounds to believe that there has been an eligible data breach, then Forward will notify the affected individuals and where relevant also the authorities of that data breach within 72 hours of becoming aware of the breach. When a data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify the individual without undue delay.
Your data, your rights
As set by law, you have certain rights with respect to accessing, correcting and deleting your personal data. We may reject or limit your request in certain cases, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, if it is not required by law, or if the burden or expense of providing access would be disproportionate to the risks to your privacy in the case in question.
In some cases, you may need to provide us with additional information, which may include further personal data, to verify your identity and the nature of your request. We will take reasonable steps to respond to all requests within 30 days or less.
You have the following rights:
Right to be informed
You have the right to know what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties.
Right of access
You have the right to request a copy of the information that we hold about you.
Right of rectification
You have the right to correct data that is inaccurate or incomplete.
Right to erasure
You have the right to request that Forwood erase your personal data, under certain conditions.
Right to restrict processing
You have the right to request that Forwood restrict the processing of your personal data, under certain conditions.
Right to object to processing
You have the right to object to Forwood’s processing of your personal data, under certain conditions.
Right to data portability
You have the right to request that Forwood transfer the data that we have collected to another organization, or directly to you, under certain conditions.
Right related to automated decision-making including profiling
You have the right to request a review of automated processing.
Should you wish to have any of your records removed from our database or for any other enquiries relating to your personal data please contact Forwood using the contact details form set out below.
To request access to your personal data please contact us using the contact details form set out below. You will not be charged for making a request to access your personal data, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
We will take reasonable steps to ensure that the personal data we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors or discrepancies in the information, we hold about you and letting us know if your personal details change.
However, if you consider any personal data, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal data in certain circumstances in accordance with the applicable laws and regulations. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal data about the requested correction.
If the GDPR applies to your personal data, we will give you access and correction rights in compliance with the GDPR.
You may make a complaint about privacy using the contact details form set out below. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that Forwood may have breached the Australian Privacy Principles or the Act, a complaint may be made to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on their website. If you believe that Forwood has breached the GDPR, you may lodge a complaint with a supervisory authority in accordance to Article 77 of the GDPR.
For any inquiries or request please contact Forwood directly via our website enquiry form: http://forwoodsafety.com/#enquiry-form