As an organisation that is committed to the Child Safety Organisation National Principles, BUSY Ability (a part of The BUSY Group Ltd) is dedicated to creating a child safe culture – refer to our Child Safety and Wellbeing Policy to see how The BUSY Group adopts broader strategies that promote and protect the safety and wellbeing of children and young people.
If you have any feedback in relation to the Child Safety Policy, please email us at – firstname.lastname@example.org
Policy Statement Overview
This policy sets out BUSY Ability (a part of The BUSY Group) responsibilities on the collection, utilisation and disclosure of personal information.
As an organisation that is committed to the Child Safety Organisation National Principles, BUSY Ability is dedicated to creating a child safe culture. Refer to our Child Safety and Wellbeing policy to see how we adopt broader strategies that promote and protect the safety and wellbeing of children and young people.
BUSY Ability discloses personal information:
1. Collection of personal information
- BUSY Ability will collect personal information as follows:
- your name, address and contact details
- your credit or debit account details
- user ID’s and passwords
- any goods or services provided to you
- records of your communications with BUSY Ability
- website usage information
The primary purpose of collecting your personal information is for BUSY Ability’s business and marketing operations, which includes providing the user with advice on BUSY Ability and The BUSY Group’s services, communication interface, and business innovations.
Personal information is only collected:
- if necessary for BUSY Ability’s operations
- by lawful and fair means
- where practicable, only from the individual concerned
BUSY Ability takes all reasonable steps to ensure that you are aware of the following provisions:
- the likely use of the information
- the right of access to the information
- the identity and contact details of the organisations
- any law requiring collection of the information; and
- the main consequences of failure to provide the information
2. Utilisation and Disclosure of your personal information
BUSY Ability discloses personal information:
- for the primary purpose for which it was collected or
- where the individual would reasonably expect this or
- where the individual has consented or
- for direct marketing by BUSY Ability, but giving individuals the opportunity to opt out of such direct marketing; BUSY Ability includes its contact details in any direct marketing
- BUSY Ability does not disclose your personal information for any secondary purposes unless your consent has been given or as required by law.
- BUSY Ability will not sell or license any personal information that it collects from you.
Collection of information other than personal information
Website Site visit information
Within the BUSY Ability website, there will be general information about access visits which may include server address, the date and time of access visit, the pages that are accessed, the information that has been downloaded and the type of Internet browser utilised. BUSY Ability may use this information in anonymous, aggregated form, for statistical purposes only, to assist us in improving the quality and usability of our website.
A cookie is a small string of information that a website transfers to the browser for identification purposes. The cookies that BUSY Ability utilise may identify individual users.
Cookies can either be ‘persistent’ or ‘session’ based. Persistent cookies are stored on the user’s computer, contain an expiration date, and are mainly for the user’s convenience. Session cookies are short-lived and are held on your browser’s memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.
BUSY Ability may use both session and persistent cookies. This information may be used to personalise the user’s current visit to our websites. Upon closing your browser, the session cookie is destroyed.
Most Internet browsers can be set to accept or reject cookies. If the user does not want to accept cookies, they can adjust their Internet browser to reject cookies or to be notified when they are being used. However, rejecting cookies may limit the functionality of our website.
Google Analytics cookies
Google AdWords’ Remarketing
4. Accurate and up-to-date information
BUSY Ability takes reasonable steps to ensure information is accurate and up-to-date by updating its records whenever changes to the data come to its attention. BUSY Ability disregards information which seems likely to be inaccurate or out-of-date by reason of the time which has elapsed since it was collected or by reason of any other information in its possession.
5. Security of your personal information
BUSY Ability protects personal information from misuse or loss by restricting access to the information in electronic format, and by appropriate physical and communications security. Any data destroyed is disposed of in a manner that protects the privacy of information in an appropriate manner.
6. Dealing with unsolicited information
BUSY Ability takes all reasonable steps to ensure that all unsolicited information is destroyed immediately.
7. Access to your personal information
BUSY Ability acknowledges that individuals have a general right of access to information concerning them, and to have inaccurate information corrected.
8. Anonymity when dealing with BUSY Ability
BUSY Ability allows individuals the option not to identify themselves when dealing with it, where practicable.
9. Collecting sensitive information
10. Privacy contact officers
All information about privacy issues can be forwarded to:
This policy will be reviewed annually or when legislated updates are enforced by the The BUSY Group’s Executive Management Team.
The BUSY Group is committed to the confidentiality, security, and availability of its information assets.
This policy; and the supporting Information Security Management System (ISMS) policies, provide management direction and support for information security in accordance with operational requirements, relevant laws and regulations.
This policy is based on the principles and standards as defined in:
- ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
- ISO/IEC 27002:2013: Information technology — Security techniques — Code of practice for information security management
- ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management
INFORMATION SECURITY OBJECTIVES
Through the adherence of this and supporting policies the Information Security Objectives of TBG are:
- Reduce risk and minimise potential threats that may cause damage to TBG’s information assets.
- Ensure TBG’s information assets are available to staff and third parties as and when they are required.
- Ensure TBG staff, and other interested parties are aware of their roles and responsibilities in relation to the security of TBG’s information assets.
This policy applies to all The BUSY Group (TBG) staff, associated third parties; including but not limited to Directors, contractors, clients and visitors, information assets and physical sites. Specifically, this policy applies to all persons in roles as system owners and all persons in roles who are custodians of systems and data. This policy also applies to any new project work that has any information technology, processing or other infrastructure requirement or equipment.
Information is an asset that, like other important operational assets, is essential to The BUSY Group operations and consequently needs to be suitably protected.
Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, it must be adequately protected.
Information security is the protection of information (including systems) from a wide range of threats in order to ensure business continuity, minimise operational risk, and maximize return on investments and operational opportunities.
Information security is achieved by implementing a suitable set of controls (based on risk profile), including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and objectives of the organisation as met.
For each of the risks identified following the risk assessment, a risk treatment decision is made. Options for risk treatment include:
- Applying appropriate controls to reduce the risks;
- Knowingly and objectively accepting risks, providing they clearly satisfy the organisation’s policy and criteria for risk acceptance;
- Avoiding risks by not allowing actions that would cause the risks to occur;
- Transferring the associated risks to other parties, e.g. insurers or suppliers;
- Or a combination of the above options to treat residual risk
TBG Information Security Policy provides information relating to measures and controls surrounding the following key attributes.
- Risk Assessment and Treatment
- Physical and Environmental Security
- Communications and Operations Management
- Access Management and User Responsibility
- Information Systems Acquisition, Development, Security and Maintenance
- Information Security Incident Management
- Business Continuity Management
For further information relating to how TBG handles information security, please contact the IT Security Team: email@example.com
This policy will be reviewed annually or when legislated updates are enforced by TBG, whichever is sooner.