1.0 Privacy Commitment
The Aspen Group is committed to protecting its employees, prospective employees, investors and customers’ privacy and personal information irrespective of how that information has been provided. Aspen is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other privacy laws which govern the way in which organisations hold, collect, use and disclose personal information. In the event a breach does occur Aspen will respond to reduce the risk of damage in accordance with the Office of the Australian Information Commissioner (“OAIC”) mandatory data breach reporting requirements.
2.0 Scope This policy applies to all Aspen employees, directors, board members, temporary workers and independent contractors (collectively referred to in this policy as employee/s). It covers all information collected and/or disseminated by Aspen, including information obtained via electronic devices used to access our services. This policy also applies to prospective employees who may provide Aspen with personal information in relation to potential employment.
3.0 Business Overview Formed in 2001, Aspen Group is an ASX listed property group strategically focused on providing “value for money” accommodation. The accommodation sector is considered to have positive long term structural characteristics, with an enduring customer need and effective capital utilisation. Aspen has been a leading owner and manager of holiday and accommodation parks since 2004.
Aspen currently owns 9 holiday and accommodation parks across Australia. An active acquisition programme is underway to expand the portfolio within the “value for money” accommodation sector.
4.0 What does Aspen Collect? Information collected by Aspen is used for the purpose for which it was primarily collected. Information collected from customers is used for the purpose of managing customer relationships, while information collected from employees and individuals applying for employment is used to assist Aspen to operate and manage its business. The personal information that is collected, held and used may include (but is not limited to):
- Personal identification and contact details;
- Previous employment history;
- Financial information, including pension and payment details;
- Tax file and Medicare numbers;
- Bank account details;
- Health information such as private health care provider details (from residents receiving assistance to access care);
- Next of kin and power of attorney details.
- Additional privacy measures are employed to protect sensitive information (such as health information).
5.0 Purpose of Collection
5.1 Investors Personal information is collected from investors to allow Aspen (or an external service provider*) to process applications and to administer and report on investments. *If you are an investor and would like to find out how the registry handles your information please contact them at: Link Market Services Locked Bag A14 Sydney South NSW 1235 Telephone: 1300 554 474 (toll free within Australia)
5.2 Tenants Collection of personal information from a tenant in an Aspen community allows Aspen to make leasing arrangements, collect rent, communicate with tenants as well as complete other associated documents.
5.3 Residents Receiving Assistance to Access Care Services Collection of personal or sensitive information including information about the health and wellbeing of a resident receiving assistance to access care services is necessary to manage relationships with our care recipients. It also allows Aspen to assist in facilitating the services required, to communicate with residents, notify them about additional services and to comply with applicable laws. The type of information collected will be dependent on the services that the recipient requests or requires.
5.4 Employees & Prospective Employees Aspen collects information necessary to undertake its employment processes, comply with industrial legislation and taxation requirements, promptly pay salaries and wages, properly manage its business, and in the event of an accident or emergency contact a next of kin. Aspen maintains a personnel file for each employee to assist in the management of employees and the operation of its business. This file contains a copy of the employee’s employment application, employment contract, most recent performance appraisals and any formal counselling and disciplinary documents. Other records associated with the administration of payroll and other employment matters may also be included in the file. Prospective employee information is used by Aspen to consider the application for employment and manage the recruitment process. If a candidate is unsuccessful in obtaining a position with Aspen, Aspen will retain their application and personal information including background and reference checks in order to contact the candidate if a position becomes available in the future.
5.5 Short Term Holiday Guests Aspen collects information such as contact details, credit card information and direct debit details from individuals renting cabins (or other accommodation) for short term holidays. This information assists Aspen in managing holiday bookings, communicating with guests and collecting payments.
5.6 Other Aspen may use personal details to manage its business operations (including insurances and legal obligations), help run the organisation, to market other products that it may offer or to provide updates on developments within the business. If an individual would rather not have their personal information used for this purpose they should let Aspen know via the contact details located below.
6.0 How is Information Collected? Personal information may be collected via face to face interviews, application forms, correspondence (written and verbal) and care assistance documentation. In most cases, and where possible, personal information is collected directly from the source. If this is not practical, the information may be obtained from another person or entity. Aspen will only collect personal information which is reasonably necessary to appropriately facilitate the provision of its services and appropriately operate and manage its business.
8.0 Use and Disclosure of Personal Information Personal information is not disclosed to any other person except in the following circumstances:
- In the course of general business practice Aspen may outsource functions, for example unit registry, custodial services, as well as care services provided to residents as these third parties need to have access to personal information;
- During the recruitment process to contact referees and undertake background checks as well as any third- party service providers as may be necessary to progress an application;
- To anyone involved in providing services to employees’ of Aspen including superannuation companies, relevant workers compensation organisations and government agencies including the Australian Tax Office and Department of Human Services;
- To anyone authorised by the individual to receive their personal information (consent may be express or implied);
- To organisations with whom Aspen has contracted to assist in providing services, such as professional advisers;
- To anyone Aspen is required or permitted by law to disclose personal information to;To any third parties involved in a resident’s ongoing healthcare (such as general practitioner, specialist or carer).
9.0 Exemptions Any exemptions to the clauses outlined in this policy will be considered on an individual basis. They are to be documented and discussed with the General Manager IT for consideration. The General Manager IT will provide permission in writing for any such exemption.
10.0 Security At all times Aspen will take reasonable steps to ensure that the personal information collected and held is protected from misuse, loss, unauthorised access and disclosure. Much of this information is stored electronically in a secure environment. Any information that needs to be kept in hard copy is also protected via a range of measures including but not limited to:
- Access to information systems is controlled via access management procedures;
- Company policies and procedures regarding keeping information secure which all employees are bound by;
- All employees are required to complete training on information security and privacy as required;
- Aspen regularly reviews and monitors compliance with policies and best practice.
There are however inherent risks in transmitting information across the internet and Aspen does not have the ability to control security of information collected and stored on third party platforms. In relation to its servers, Aspen takes all reasonable steps to manage data stored to ensure data security.