Privacy and Confidentiality Policy

1. Introduction

Eton Irrigation Co-operative Ltd (EICL) is committed to openness, transparency, and accountability. Our policies shall reflect our wish to release all information we hold as far as this is consistent with the protection of individual privacy, the effective management of our organisation, and relevant legislation.

2. Purpose

This policy provides guidance and principles for the protection of personal privacy and information as required by the Privacy Act 1988 (Cth), Australian Privacy Principles (APPs), Information Privacy Act 2009 (QLD) and other legislative instruments.

3. Policy

Eton Irrigation Cooperative Ltd (EICL) collects and stores information so it can provide high quality services, meet it’s legal requirements and provide a safe working environment.

3.1. Accountabilities

Governance
- Accountability for EICL compliance with this Policy rests with the EICL Board and the General Manager, although other Staff within EICL are responsible for day-to-day collection and processing of Personal Information.
Leaders/Managers
- Management Staff have a responsibility to oversee compliance with this Policy by Staff within their area(s) of responsibility.
Staff
- All members of Staff have responsibility to ensure that appropriate steps are taken to protect Personal Information at all times. Staff are expected to report to the EICL General Manager any concerns with or recommended improvements to information privacy and security procedures, and any information to help resolve problem

3.2. Acknowledgement of Confidentiality

EICL will make all Staff aware of the importance of maintaining the confidentiality of Personal Information and other confidential business information. As a condition of employment or affiliation, all new Staff must read the Information Privacy and Confidentiality Policy. In addition, personal information obtained in the course of one’s employment with EICL must be held in confidence even after the affiliation comes to an end.

3.3. Failure to Comply

Failure to comply with this Policy may result in disciplinary action including, but not limited to, the termination of employment, prosecution and restitution for damages.

4. Collection of Personal Information

Set out below are the main types of personal information collected by EICL and the main purposes for which it is collected. If an individual chooses not to provide certain personal information to EICL, the organisation may not be able to provide the individual with the services, information or other arrangement that he or she requires.

4.1. Customers

EICL collects the personal information (for example, name and contact details) it needs to provide services to its customers, personalise such services to meet its customers' needs, provide information to it’s customers and to the general community about EICL’s services, engage in other dealings (such as property access arrangements and property transactions) associated with EICL ’s business or infrastructure and to comply with the law.

4.2. Landowner and Occupier Information

EICL collects personal information (for example, name and contact details) about landowners and occupiers who are located near EICL 's infrastructure. EICL uses this information to contact these individuals in accordance with EICL 's Emergency Action Plans and other EICL business reasons. e.g. access to property etc.

4.3. Information Relating to Employees, Contractors and Job Applicants

When an individual applies for a job or contract with EICL, EICL may collect certain personal information (including name, contact details, working history and relevant records checks) from the individual, from a recruitment consultant or from the individual's previous employers and others who may be able to provide information to EICL. EICL uses this information to decide on whether or not to make the individual an offer of employment or engage the individual under a contract.

EICL may also collect medical information in relation to a job applicant, work-related injury or other work, health and safety matter directly from an individual or from medical practitioners, specialists, allied health professionals and/or rehabilitation providers, but only where the individual consents to such collection.

This policy does not apply to acts and practices in relation to employee records of EICL's current and former employees, which are exempt from the Privacy Act.

4.4. Information from Individuals Who Contact EICL

An individual may choose to provide EICL with his or her name or other contact details when he or she contacts EICL (whether by phone, mail, email, through the EICL website or otherwise).

when an individual makes an enquiry using the EICL website, he or she will be asked to provide a name, email address, telephone number and other information
when an individual submits a Right to Information application with EICL, certain information about the individual is made available to EICL
when an individual engages with EICL via social media, certain information about the individual is made available to EICL

EICL uses this information in order to assist the individual with his or her query or request.

EICL may collect information about an individual from public sources, such as social media sites, in connection with the operation of its business.

Information as Required or Permitted by Law

EICL may also collect information about an individual as required or permitted by law.

5. Accuracy of Personal Information

Staff must take all reasonable steps to ensure the accuracy and completeness of any Personal Information they collect or record and be diligent to protect against making any errors due to carelessness or other oversights.

5.1. Access, Use, Disclosure or Sharing of Personal Information

Staff are only authorised to access, use, disclose or share Personal Information for legitimate purposes based on a “need to know” basis in order to perform their job functions and responsibilities.

No Staff may release personal information about an employee, board member, customer or supplier except in limited circumstances. These circumstances may include:

Instances where the individual has consented to the use of disclosure of information
The individual would reasonably expect the agency to use or disclose the information for the secondary purpose (subject to limitations)
Where prescribed by law (including legislation, court order, subpoena or warrant)
Where compelling circumstances affect the health or safety of any person or the public
In order to protect the public in circumstances where there is a risk of significant harm to the environment or to the health or safety of the public or group of people

5.2. Accessing or Sharing Personal Information with Third Parties

EICL will only disclose personal information to third parties if:

you are reasonably likely to have been aware, or made aware by way of a privacy notice, that your personal information is usually passed to the relevant parties
you have consented to the disclosure of your personal information
you could have reasonably expected us to use or disclose the information, and the use or disclosure relates to the primary reason it was given
we reasonably believe the disclosure is necessary to prevent or lessen a serious threat to anyone’s life, health or safety
the disclosure is required or authorised by law or a court or tribunal order
disclosure is reasonably necessary, as required by law

5.3. Information Security

We take reasonable steps to:

protect personal information we hold against loss, unauthorised access, use, modification, disclosure or misuse
require our contractors to comply with privacy laws and any other appropriate confidentiality and security measures when dealing with personal information under our contracts

Our key policies to protect the information we hold include:

accessing our records internally on a ‘need-to-know’ basis and subject to appropriate security clearance
storage of paper records including personnel and human resource files in appropriately secure, locked cabinets
Clear screens and clear desk policies

The physical and managerial procedures implemented to safeguard the information we hold, includes:

Providing training and awareness to staff on the risks posed to information held by EICL
Access controls, such as unique, authenticated accounts restricted to authorised personnel
Restricting physical access to records and premises to authorised persons
Protecting our technology environment with appropriate security measures such as passwords, firewalls, encryption and scanning for malicious content

Please note, however, that the internet is not a secure environment and although care is taken, EICL cannot guarantee the security of information provided via electronic means. Should we hold multiple records of your personal information, we do not link the multiple instances of your personal information together.

5.4. Disposal

We will take reasonable steps to destroy or deidentify personal information that is no longer needed for any purpose and is not a public record or otherwise required to be retained under law or court or tribunal order.

6. Correction and Complaints Handling

Customers, Contractors and other Stakeholders wishing to update their personal information or make a complaint about the way personal information has been handled will need to contact EICL in writing. Once received EICL staff will contact the party to confirm identity and authorisation.

If parties consider that EICL has failed to resolve the complaint satisfactorily, then a complaint to the office of the Australian Information Commissioner will need to be made.

7. Contact Details

If you have further queries or would like more information about EICL's privacy and security practices, please contact our Company Secretary during our business hours of 8am and 3pm Monday to Friday:
Company Secretary
11 Flaherty St
ETON QLD 4741

PO Box 173
WALKERSTON QLD 4751

Phone: +61 7 49 775 850
E-mail: accounts@etonirrigation.com.au

Last Revision Date: January 2026
Next Revision Date: January 2030
Approver: GM EICL