The laws that govern us.

These links provide information about the laws of Australia under which we operate in respect to privacy, and we update them as the law is changed or amended from time to time to ensure you are always aware of your rights under law.
The Privacy Act 1988 (Privacy Act) regulates how personal information is handled. The Privacy Act defines personal information as:
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
The Privacy Act includes thirteen Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian and Norfolk Island Government agencies. These are collectively referred to as ‘APP entities’. The Privacy Act also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

Data Security

Data Security, and the storage of your personal information is of the highest priority to us. We take great care with the information we hold about you. The following outlines our approach, and we have strict policies in place to maintain the security of data held by us.
All data and systems reside in Australia, on Australian servers. WRK as a company is a party to the Office of the Australian Information Commissioner (OAIC), and our technology, people and processes comply with the Privacy Act 1988 (Cth) (the Act).
It is the policy of WRK to maintain an information management and data security system designed to meet the requirements of ISO 27001. This includes:
  • Make details of our policy known to all staff and business units, including external parties where appropriate, and determine the need for communication and by what methods relevant to the business management system.
  • Complying with all legal requirements, the Privacy Act 1988 (Cth) (the Act), codes of practice and all other requirements applicable to our activities; therefore, as a company, we are committed to our information security and the continual improvement of the ISMS.
  • Provide all the resources of equipment, trained and competent staff and any other requirements to enable these objectives to be met.
  • Ensure that all employees are made aware of their individual obligations in respect of this information security policy.
  • Maintain a management system that will achieve these objectives and seek continual improvement in the effectiveness and performance of our management system based on “risk”.
This information security policy provides a framework for setting, monitoring, reviewing and achieving our objectives, programs and targets.

To support this policy, we shall:

  • Ensure that all information, including internal, third party, personal and electronic data, is treated with complete confidentiality
  • Maintain integrity of all such information
  • Ensure that our information system and the information contained meet the needs of our core and supporting business operations
  • Comply with all applicable statutory and regulatory requirements
  • Safeguard security of our information assets through effective business continuity management
  • Make information available with minimum disruption
  • Increase staff awareness of information security management through education and training
  • Perform reliable access control to protect our information system against unauthorised access

Under this policy:

  • All breaches of information security, actual or suspected, will be reported to and investigated by authorised persons on the ISMS team
  • The ISMS team is responsible for documenting and maintaining the Information Security Management System
  • Information Security documents not limited to Policies and Procedures, will be made available online through an intranet system to support the ISMS
  • All line managers shall implement the policy within their departments and ensure that every staff member adheres to the policy
  • We maintain audit trails of staff accessing your information.
  • All information is stored in electronic format only, and password protected on secure servers.
  • Our servers are maintained in a physically secured data facility, and the location is not freely available.
  • All staff are required to adhere to our internal policies regarding access and accessing data.

Your access to your data

We value our customers, and you have a legal right to know what information we may hold about you. Our privacy office is available to handle questions, complaints, and act on any information requests you may have regarding what data we have on file, as well as the use and disclosure.

Contact Us

Contact us via phone, email, or write to us, and your request or concern will be handled professionally, courteously and quickly.