Privacy Policy
1.0 Privacy Commitment
Ingenia Communities Group (Ingenia or Group) is committed to protecting its employees, prospective employees, investors and customers' privacy and personal information irrespective of how that information has been provided. Ingenia is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) and other privacy laws which govern the way in which organisations hold, collect, use and disclose personal information.
In the event a breach does occur Ingenia will respond to reduce the risk of damage in accordance with the Office of the Australian Information Commissioner (“OAIC”) mandatory data breach reporting requirements.
2.0 Scope
This policy applies to all Ingenia employees, directors, board members, temporary workers and independent contractors (collectively referred to in this policy as employee/s). It covers all information collected and/or disseminated by Ingenia, including information obtained via electronic devices used to access our services.
This policy also applies to prospective employees who may provide Ingenia with personal information in relation to potential employment.
3.0 Business Overview
Ingenia Communities Group comprises Ingenia Communities Holdings Limited, Ingenia Communities Management Trust and Ingenia Communities Fund. Together they are a triple stapled entity of which Ingenia Communities RE Limited is the responsible entity.
Listed on the ASX as INA, Ingenia is a leading owner, operator and developer of a diversified portfolio of seniors housing accommodation. Ingenia Communities has assets across Australia branded as Ingenia Lifestyle, Ingenia Gardens, Ingenia Rentals and Ingenia Holidays. Residents may also from time to time receive assistance to access care services.
4.0 What does Ingenia Collect?
Information collected by Ingenia is used for the purpose for which it was primarily collected. Information collected from customers is used for the purpose of managing customer relationships, while information collected from employees and individuals applying for employment is used to assist Ingenia to operate and manage its business.
The personal information that is collected, held and used may include (but is not limited to): -
• Personal identification and contact details
• Previous employment history
• Financial information, including pension and payment details
• Tax file and Medicare numbers
• Bank account details
• Health information such as private health care provider details (from residents receiving assistance to access care)
• Next of kin and power of attorney details
• Criminal History
Additional privacy measures are employed to protect sensitive information (such as health information).
5.0 Purpose of Collection
5.1 Investors
Personal information is collected from investors to allow Ingenia (or an external service provider*) to process applications and to administer and report on investments.
*If you are an investor and would like to find out how the registry handles your information, please contact them at:
Link Market Services
Locked Bag A14
Sydney South NSW 1235
Telephone: 1300 554 474 (toll free within Australia)
5.2 Tenants
Collection of personal information from a tenant in an Ingenia community allows Ingenia to make decisions on suitability of tenants for the community, leasing arrangements, collect rent, communicate with tenants as well as complete other associated documents.
5.3 Residents Receiving Assistance to Access Care Services
Collection of personal or sensitive information including information about the health and wellbeing of a resident receiving assistance to access care services is necessary to manage relationships with our care recipients. It also allows Ingenia to assist in facilitating the services required, to communicate with residents, notify them about additional services and to comply with applicable laws. The type of information collected will be dependent on the services that the recipient requests or requires.
5.4 Employees & Prospective Employees
Ingenia collects information necessary to undertake its employment processes, comply with industrial legislation and taxation requirements, promptly pay salaries and wages, properly manage its business, and in the event of an accident or emergency contact a next of kin.
Ingenia maintains a personnel file for each employee to assist in the management of employees and the operation of its business. This file contains a copy of the employee's employment application, employment contract, most recent performance appraisals and any formal counseling and disciplinary documents. Other records associated with the administration of payroll and other employment matters may also be included in the file.
Prospective employee information is used by Ingenia to consider the application for employment and manage the recruitment process. If a candidate is unsuccessful in obtaining a position with Ingenia, Ingenia will retain their application and personal information including background and reference checks in order to contact the candidate if a position becomes available in the future.
5.5 Short Term Holiday Guests
Ingenia collects information such as contact details, credit card information and direct debit details from individuals renting cabins (or other accommodation) for short term holidays. This information assists Ingenia in managing holiday bookings, communicating with guests and collecting payments.
5.6 Other
Ingenia may use personal details to manage its business operations (including insurances and legal obligations), help run the organisation, to market other products that it may offer or to provide updates on developments within the business. If an individual would rather not have their personal information used for this purpose, they should let Ingenia know via the contact details located below.
6.0 How is Information Collected?
Personal information may be collected via face-to-face interviews, application forms, correspondence (written and verbal) and care assistance documentation.
In most cases, and where possible, personal information is collected directly from the source. If this is not practical, the information may be obtained from another person or entity.
Ingenia will only collect personal information which is reasonably necessary to appropriately facilitate the provision of its services and appropriately operate and manage its business.
7.0 ‘Cookies’
A 'cookie' is a small data file placed on a computer or device which lets Ingenia identify and interact more effectively with the individual. Cookies do not identify the individual, they simply allow Ingenia to track usage patterns including date and time of day the individual accesses Ingenia’s website, browser type, browser language, the internet protocol (IP) address, number of hits, pages visited and length of user session. Apart from the IP address of the computer an individual may be using, Ingenia does not use cookies to collect any personal data such as name and email address, except when specifically, and knowingly provide such information.
8.0 Use and Disclosure of Personal Information
Personal information is not disclosed to any other person except in the following circumstances: -
• In the course of general business practice Ingenia may outsource functions, for example unit registry, custodial services, as well as care services provided to residents as these third parties need to have access to personal information
• During the recruitment process to contact referees and undertake background checks as well as any third-party service providers as may be necessary to progress an application
• To anyone involved in providing services to employees’ of Ingenia including superannuation companies, relevant workers compensation organisations and government agencies including the Australian Tax Office and Department of Human Services
• To anyone authorised by the individual to receive their personal information (consent may be express or implied)
• To organisations with whom Ingenia has contracted to assist in providing services, such as professional advisers
To anyone Ingenia is required or permitted by law to disclose personal information to
• To any third parties involved in a resident’s ongoing healthcare (such as general practitioner, specialist or carer)
• To police and law enforcement agencies where Ingenia requires a criminal history check
9.0 Exemptions
Any exemptions to the clauses outlined in this policy will be considered on an individual basis. They are to be documented and discussed with the General Manager IT for consideration. The General Manager IT will provide permission in writing for any such exemption.
10.0 Security
At all times Ingenia will take reasonable steps to ensure that the personal information collected and held is protected from misuse, loss, unauthorised access and disclosure. Much of this information is stored electronically in a secure environment. Any information that needs to be kept in hard copy is also protected via a range of measures including but not limited to: -
• Access to information systems is controlled via access management procedures
• Company policies and procedures regarding keeping information secure which all employees are bound by
• All employees are required to complete training on information security and privacy as required
• Ingenia regularly reviews and monitors compliance with policies and best practice
There are however inherent risks in transmitting information across the internet and Ingenia does not have the ability to control security of information collected and stored on third party platforms. In relation to its servers, Ingenia takes all reasonable steps to manage data stored to ensure data security.
11.0 Access & Correction
Individuals have the right to seek access to and/or correct the personal information Ingenia holds about them if they believe it to be inaccurate or out of date.
Customers of Ingenia can arrange this by calling Ingenia’s Privacy Officer (contact details listed below). The request should include a detailed description of the information required. To ensure information is only disclosed to relevant people the customer may be asked to provide identification or in the case of a telephone call asked to verify their identity via security questions.
Employees can update their personal information by completing the employee details form located in the payroll folder on the intranet and forward the completed form to payroll@ingeniacommunities.com.au for any changes to personal details such as bank accounts, email addresses and pay variations. Employees with payroll self service can update address, email and contact details themselves.
Employees who need verification of their employment and salary details must submit a written request to Human Resources. If the information to be released is to a third party, the request must indicate that the employee authorises Ingenia to release the required details.
12.0 Destruction
Personal information records are held for a period considered appropriate by Ingenia. Should a person cease to be a customer/investor/resident/employee of Ingenia, any personal information which we hold about them will be held for the relevant retention periods required by law.
13.0 Enquiries and Complaints
Customers who have a question or wish to raise a concern about the treatment of their personal information should contact Ingenia as set out below.
Privacy Officer
Ingenia Communities
Level 3, 88 Cumberland Street
The Rocks NSW 2000
Telephone: 1300 132 946
Email: privacy@ingeniacommunities.com.au
Ingenia will consider the question or complaint and acknowledge receipt within 48 hours and provide a response within 30 days. If a person feels that the issue remains unresolved or wants further investigation to take place they should contact:
Australian Information Commissioner
www.oaic.gov.au
Investors need to contact Link Market Services if they would like to understand how the registry handles their information: privacy.officer@linkgroup.com
14.0 Policy Review and Refresher
Ingenia will review this policy from time to time and may change the contents in line with business needs and relevant legislation. If changes are made to this policy, the updated version will be available on the intranet. It is then up to each employee to ensure they read and understand them. If an employee is unclear on any details in this document, they should speak with their Manager, IT or HR. Employees should aim to have a read of this policy every couple of months to refresh their memory.
15.0 Document Management
Version Revision Date Nature of Amendment
1.0 November 2013 Initial policy released by Compliance after Management and Board approval (Fiona Cutting)
2.0 March 2014 Minor administration changes to allow consistency with new privacy legislation (Fiona Cutting)
2.1 April 2015 Reviewed with only minor administration changes and update of Care Assistance information (Compliance - Fiona Cutting)
2.1 June 2016 Reviewed with no changes necessary (Compliance - Fiona Cutting)
2.1 May 2017 Reviewed with no changes necessary
3.0 August 2017 Administration changes including address and rebranding
4.0 June 2018 Update to include reference to Mandatory Data Breach reporting requirements and changed template and formatting by Compliance and HR (Fiona Cutting and Jasna Beerden)
5.0 November 2018 Updated to include requirements of the EU General Data Protection Regulation (‘GDPR’) approved by Audit & Risk Committee 21 September 2018
6.0 July 2019 Updated to include recruitment process (Compliance - Fiona Cutting)
6.0 July 2020 Reveiwed with no changes necessary
6.1 November 2020 Privacy Officer change of address
6.2 February 2022 Changes to reflect tenant suitability requirements
6.2 17 Feb 2022 Approved by Audit & Risk Committee
Any queries or questions regarding this policy can be directed to the General Manager IT, Group Risk & Compliance Manager or the General Manager People and Culture