PRIVACY POLICY

1.     PURPOSE

Heartland Horses (“the Company”) is committed to protecting the privacy of individuals and ensuring compliance with the Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs),

This policy outlines how the Company collects, uses, stores, discloses, and manages personal information in accordance with its legal and ethical responsibilities.

2.     SCOPE

This policy applies to all employees, contractors, customers, suppliers, and any other individuals whose personal information is collected, stored, used, or disclosed by the Company in Australia.

This policy does not apply to “employee records” directly related to the employment relationship, which are exempt under the Privacy Act.

3.     DEFINITIONS

  • Personal Information: Information or opinion about an individual whose identity is reasonably identifiable.
  • Sensitive Information: Information such as health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or criminal record, as defined under the Privacy Act.
  • Employee Record: A record of personal information relating to an employee’s employment with the Company.

4.     POLICY REQUIREMENTS

Collection of Personal Information

  • Personal information will only be collected where it is reasonably necessary for business activities.
  • Information must be collected by lawful and fair means, and not in an unreasonably intrusive way.
  • Where reasonable and practicable, individuals will be notified of the purpose of collection, how the information will be used, and their rights to access and correct it.

Use and Disclosure

Personal information will only be used or disclosed:

  • For the primary purpose for which it was collected.
  • For a related secondary purpose that the individual would reasonably expect.
  • With the individual’s consent.
  • Where required or authorised by law, including law enforcement or health and safety obligations.
  • To prevent or lessen a serious threat to life, health, or safety.

Data Quality and Security

  • Reasonable steps will be taken to ensure personal information is accurate, complete, and up to date.
  • Personal information will be protected against misuse, interference, loss, and unauthorised access, modification, or disclosure.
  • Personal information no longer required will be securely destroyed or de-identified.

Data Breaches

  • Heartland Horses will take reasonable steps to identify, assess and respond to actual or suspected data breaches involving personal information.
  • Where a data breach is likely to result in serious harm to affected individuals, the company will comply with its obligations under the Notifiable Data Breaches Scheme, including notification to affected individuals and the Office of the Australian Information Commissioner where required.

Access and Correction

  • Individuals have the right to request access to their personal information and request corrections if it is inaccurate, out of date, incomplete, or misleading.
  • Access may be refused in certain circumstances permitted by law (e.g., where disclosure would unreasonably impact another person’s privacy).
  • Reasons for refusal will be provided in writing.

Cross-Border Disclosure

  • Personal information will not be transferred outside Australia unless reasonable steps are taken to ensure the overseas recipient complies with the APPs or equivalent safeguards.
  • Personal information may be stored or processed using cloud-based systems located outside Australia. Where this occurs, the company will take reasonable steps to ensure appropriate privacy protections are maintained.

Openness and Transparency

  • This Privacy Policy will be available on request and on the Company’s website.
  • Individuals will be informed about the kinds of personal information held, the purposes for which it is collected, and how it is managed.

Complaints

  • Complaints regarding privacy practices should be directed to the Company’s Privacy Officer.
  • The Privacy Officer for Heartland is the Chief Executive Officer or their nominated delegate.
  • If unresolved, individuals may escalate complaints to the Office of the Australian Information Commissioner (OAIC) or the NSW Privacy Commissioner (if applicable).

5.     EMPLOYEE RESPONSIBILITIES

Employees who access personal information as part of their duties must:

  • Only access information necessary for their role;
  • Maintain the confidentiality of personal information;
  • Report any suspected privacy breach immediately; and
  • Comply with company policies relating to privacy, information security and confidentiality.

6.     EMPLOYEE ACKNOWLEDGMENT

All staff will be required to review and acknowledge this policy via the Employment Hero platform. These acknowledgments will be recorded and maintained for compliance and audit purposes.

7.     POLICY DISCLAIMER

This policy does not form part of any employee’s contract of employment. Heartland Horses reserves the right to vary, replace or revoke this policy at its discretion, in line with business needs and legal obligations.