OUR POLICIES

Child Safety and Wellbeing

As an organisation that is committed to the Child Safety Organisation National Principles, BUSY Ability (a part of The BUSY Group Ltd) is dedicated to creating a child safe culture – refer to our Child Safety and Wellbeing Policy to see how The BUSY Group adopts broader strategies that promote and protect the safety and wellbeing of children and young people.

Download our Child Safety and Wellbeing Policy (PDF)

If you have any feedback in relation to the Child Safety Policy, please email us at – childsafety@thebusygroup.com.au

Privacy Policy

Policy Statement Overview

This policy sets out BUSY Ability (a part of The BUSY Group) responsibilities on the collection, utilisation and disclosure of personal information.

Our Privacy Policy complies with the Australian Privacy Principles set out in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, and explains how the User’s personal information will be managed when dealing with BUSY Ability.

As an organisation that is committed to the Child Safety Organisation National Principles, BUSY Ability is dedicated to creating a child safe culture. Refer to our Child Safety and Wellbeing policy to see how we adopt broader strategies that promote and protect the safety and wellbeing of children and young people.

BUSY Ability discloses personal information:

1. Collection of personal information
  • BUSY Ability will collect personal information as follows:
  • your name, address and contact details
  • your credit or debit account details
  • user ID’s and passwords
  • any goods or services provided to you
  • records of your communications with BUSY Ability
  • website usage information

The primary purpose of collecting your personal information is for BUSY Ability’s business and marketing operations, which includes providing the user with advice on BUSY Ability and The BUSY Group’s services, communication interface, and business innovations.

Personal information is only collected:

  • if necessary for BUSY Ability’s operations
  • by lawful and fair means
  • where practicable, only from the individual concerned

BUSY Ability takes all reasonable steps to ensure that you are aware of the following provisions:

  • the likely use of the information
  • the right of access to the information
  • the identity and contact details of the organisations
  • any law requiring collection of the information; and
  • the main consequences of failure to provide the information
2. Utilisation and Disclosure of your personal information

BUSY Ability discloses personal information:

  • for the primary purpose for which it was collected or
  • where the individual would reasonably expect this or
  • where the individual has consented or
  • for direct marketing by BUSY Ability, but giving individuals the opportunity to opt out of such direct marketing; BUSY Ability includes its contact details in any direct marketing
  • BUSY Ability does not disclose your personal information for any secondary purposes unless your consent has been given or as required by law.
  • BUSY Ability will not sell or license any personal information that it collects from you.
Collection of information other than personal information

Website Site visit information

Within the BUSY Ability website, there will be general information about access visits which may include server address, the date and time of access visit, the pages that are accessed, the information that has been downloaded and the type of Internet browser utilised. BUSY Ability may use this information in anonymous, aggregated form, for statistical purposes only, to assist us in improving the quality and usability of our website.

Cookies

A cookie is a small string of information that a website transfers to the browser for identification purposes. The cookies that BUSY Ability utilise may identify individual users.

Cookies can either be ‘persistent’ or ‘session’ based. Persistent cookies are stored on the user’s computer, contain an expiration date, and are mainly for the user’s convenience. Session cookies are short-lived and are held on your browser’s memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.
BUSY Ability may use both session and persistent cookies. This information may be used to personalise the user’s current visit to our websites. Upon closing your browser, the session cookie is destroyed.

Most Internet browsers can be set to accept or reject cookies. If the user does not want to accept cookies, they can adjust their Internet browser to reject cookies or to be notified when they are being used. However, rejecting cookies may limit the functionality of our website.

Google Analytics cookies

BUSY Ability uses Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store and use this information. Google’s privacy policy is available at: http://www.google.com/privacypolicy.html.

Google AdWords’ Remarketing

BUSY Ability publishes Google AdWords’ Remarketing interest-based advertisements on other websites. This website may use a remarketing tag to advertise online. This means that Google and other third-party vendors may show our ads to you on sites across the Internet. These third-party vendors, including Google and Studio, may use cookies to serve ads to you based upon your past visits to our website.

If you would like to opt out of Google’s use of cookies, you can visit the company’s Ad Preferences Manager at https://www.google.com/ads/preferences/.

4. Accurate and up-to-date information

BUSY Ability takes reasonable steps to ensure information is accurate and up-to-date by updating its records whenever changes to the data come to its attention. BUSY Ability disregards information which seems likely to be inaccurate or out-of-date by reason of the time which has elapsed since it was collected or by reason of any other information in its possession.

5. Security of your personal information

BUSY Ability protects personal information from misuse or loss by restricting access to the information in electronic format, and by appropriate physical and communications security. Any data destroyed is disposed of in a manner that protects the privacy of information in an appropriate manner.

6. Dealing with unsolicited information

BUSY Ability takes all reasonable steps to ensure that all unsolicited information is destroyed immediately.

7. Access to your personal information

BUSY Ability acknowledges that individuals have a general right of access to information concerning them, and to have inaccurate information corrected.

8. Anonymity when dealing with BUSY Ability

BUSY Ability allows individuals the option not to identify themselves when dealing with it, where practicable.

9. Collecting sensitive information

BUSY Ability does not collect sensitive information, unless it is specifically relevant and necessary for the purpose of BUSY Ability’s business operation. All sensitive information that is collected is used in accordance with this privacy policy. BUSY Ability does not use government identifiers (e.g. tax file numbers) to identify individuals.

10. Privacy contact officers

All information about privacy issues can be forwarded to:

Compliance Officer

Email: privacy@thebusygroup.com.au

Policy review

This policy will be reviewed annually or when legislated updates are enforced by the The BUSY Group’s Executive Management Team.

Customer Feedback Process

We appreciate all feedback to assist us in continually improving our service delivery to clients.

If you have feedback you can email info@busyability.org.au or call 1800 761 561

Download a copy of our Customer Feedback Process (PDF)

Information Security

PURPOSE

The BUSY Group is committed to the confidentiality, security, and availability of its information assets.

This policy; and the supporting Information Security Management System (ISMS) policies, provide management direction and support for information security in accordance with operational requirements, relevant laws and regulations.

This policy is based on the principles and standards as defined in:

  • ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
  • ISO/IEC 27002:2013: Information technology — Security techniques — Code of practice for information security management
  • ISO/IEC 27005:2018 Information technology — Security techniques — Information security risk management

​​​​​​​

INFORMATION SECURITY OBJECTIVES

Through the adherence of this and supporting policies the Information Security Objectives of TBG are:

  • Reduce risk and minimise potential threats that may cause damage to TBG’s information assets.
  • Ensure TBG’s information assets are available to staff and third parties as and when they are required.
  • Ensure TBG staff, and other interested parties are aware of their roles and responsibilities in relation to the security of TBG’s information assets.

​​​​​​​

SCOPE

This policy applies to all The BUSY Group (TBG) staff, associated third parties; including but not limited to Directors, contractors, clients and visitors,  information assets and physical sites. Specifically, this policy applies to all persons in roles as system owners and all persons in roles who are custodians of systems and data. This policy also applies to any new project work that has any information technology, processing or other infrastructure requirement or equipment.

​​​​​​​​​​​​​​BACKGROUND

Information is an asset that, like other important operational assets, is essential to The BUSY Group operations and consequently needs to be suitably protected.

Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by post or by using electronic means, shown on films, or spoken in conversation. Whatever form the information takes, or means by which it is shared or stored, it must be adequately protected.

Information security is the protection of information (including systems) from a wide range of threats in order to ensure business continuity, minimise operational risk, and maximize return on investments and operational opportunities.

Information security is achieved by implementing a suitable set of controls (based on risk profile), including policies, processes, procedures, organisational structures and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and objectives of the organisation as met.

For each of the risks identified following the risk assessment, a risk treatment decision is made. Options for risk treatment include:

  • Applying appropriate controls to reduce the risks;
  • Knowingly and objectively accepting risks, providing they clearly satisfy the organisation’s policy and criteria for risk acceptance;
  • Avoiding risks by not allowing actions that would cause the risks to occur;
  • Transferring the associated risks to other parties, e.g. insurers or suppliers;
  • Or a combination of the above options to treat residual risk

 

POLICY INCLUSIONS

TBG Information Security Policy provides information relating to measures and controls surrounding the following key attributes.

  • Risk Assessment and Treatment
  • Physical and Environmental Security
  • ​​​​​​​Communications and Operations Management
  • Access Management and User Responsibility
  • Information Systems Acquisition, Development, Security and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

The BUSY Group have adopted industry best practice Audited and have achieved accreditation for the international standard  ISO27001 for Information Security Management Systems through BSI Certified Auditor.

For further information relating to how TBG handles information security, please contact the IT Security Team: infosec@thebusygroup.com.au

POLICY REVIEW

This policy will be reviewed annually or when legislated updates are enforced by TBG, whichever is sooner.