- Purpose – This policy is aimed to protect the customer and supplier’s information under the Privacy Act 1988, iCake only gain and use this information within the business to provide a better customer experience. iCake will keep these data security.
- Key practices that are prohibited or required by the law
Customer details: iCake only collect customer information to provide customer service, training, and coaching, iCake only using these data within the business purposes.
Protect of data: iCake will keep maintain and monitor all the data we collected and keep them secured. All data will be locked and monitored, only authorised person can reach this information
Access to data: data will be used only for management employees. If any customer like to reach the data, a formal application form is must and ID is also required.
- Main consequences (penalties) of non-compliance
Failing to comply the policy may break the law and be fined of $360,000 for individuals and $1.8 million for organization
Employees who does not comply with this policy may risk of breaching on employment agreement
- Rights and responsibilities of employees and employers
Employees cannot leak any other customer information
Employees cannot make copy of these data at any situation
Employer has responsibility to keep data safe
Employer cannot use data for any non-business purpose
Employer must always comply with this policy and Privacy Act
- Scope / Application –
This policy applies to all FOB and BOH staff, suppliers, customer, and health inspector and anyone entering the property.
The restaurant manager and supervisor on duty takes responsible for monitoring
APPs — Australian Privacy Principles. The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act). They apply to any organisation or agency the Privacy Act covers.
The Privacy Act(1988) — The Privacy Act 1988 (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
- Standards / SOPs / Procedures –
Management and employees should be trained to reach the company standard for collecting and protecting of customer information
Customer must be notified before we record the information and employee must explain to customer why we need this information and what we will use it for
Both customer and manager should sign on document after we are putting all the customer data in the system. And manager should keep file in safe place.
Collection of solicited personal information
Collect customer information:
- Use the customer information form
- Ask customer fill up the form and read the terms and condition
- The information which provided by customer will be only use for improving of service
- Both customer and employee sign on the bottom
- Staff can not collect sensitive information unless use for legal purposes
- Type into computer or keep the form in folder
- Make sure the paper form been discarded after typing the information in computer
security of personal information
Maintain of customer data safe:
- Only management employee has access to reach customer data
- Customer information must be kept at safe place with limited access
- Use the authorised access to maintain the customer data safe
- The place for storing customer data must always have CCTV system .
- Only keep the data for 2 years unless customer like to keep it in system
- Any unused customer data older than 2 years need to be completed deleted
- Dissemination / Distribution of the Policy
And then manager or supervisor must explain to employee one by one, make sure the new employee completely understands this policy and comply with it.
Employee needs to sign on their copy to verify their understanding of policy and agree to comply with it
Management staff should conclude the performance of protecting of customer data on monthly based staff meeting
Ongoing training must provide to keep training staff comply and follow the policy
- Monitoring and Reporting
The police should be laminated and post on somewhere everyone can see and easy to reach, management should demonstrate, follow up and inspect the employees, to make sure all employees follow and comply the procedures.
Provide ongoing training for all employees to understand the importance of keep customer data safe
Management must check and make sure staff comply with the policy on daily bases
Record each staff compliance and breaches, it may effect on employees’ KPI performance
Management should make sure the following forms are using and maintain in this business: customer information record, booking record, use of customer data record
Keep all records for 12 months
Manager must report the performance of compliance policy to director on monthly bases
The policy needs to be checked and updated yearly
Review and update the policy at the end of financial year to make sure the policy up to date and meet the latest food safety regulation.
And need to be reviewed monthly on staff meeting to record any misunderstanding and demonstrate any updates’
The folder should be kept on premise at all time and should be checked by manager or supervisor on weekly bases to make sure everything up to date.
If any questions, we can ask legal department from local council or OAIC