This Policy outlines Payroll Metrics’ ongoing obligations in respect of how Personal Identifiable Information (PII) is managed.
Payroll Metrics has adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which employee PII is collected, used, disclosed, stored, secured and disposed of.
PII is information that identifies an individual. Payroll Metrics’ software, operated by its customers, collects PII for the sole purpose of calculating earnings, tax and superannuation contributions for customers’ employees in accordance with Australian workplace laws.
3.1 Security of Personal Information
PII is to be:
- stored in a manner that protects it from misuse and loss and from unauthorised access, modification or disclosure
- classified as Confidential Information in Payroll Metrics’ Data Classification Policy, (Section 2.5).
- Removed from desks, computer screens, and common areas unless it is currently in use.
- is required to be stored under lock and key.
- Transmitted using strong encryption, regardless of whether such transmission takes place inside or outside the company’s network.
- Must not be left on voicemail systems, either inside or outside the company’s network, or otherwise recorded.
- destroy or permanently de-identify when it is no longer required for the purpose for which it was obtained. Destruction to be undertaken in accordance with the Treatment of Confidential Information Policy (Section 2.6)
- subject to the provisions of Payroll Metrics’ Back up Policy (Section 2.7).
3.2 Access to Personal Information
Payroll Metrics employees may request access to their PII by requesting a Director to provide the requested information.
Payroll Metrics customers and their employees access their employees’ PII through the use of Payroll Metrics payroll software application:
- for administrators, through the administrator interface
- for employees via the employee self-service portal and through the mobile app, PayBiz.
Access via the software to PII via these interfaces is controlled by user login and password plus, two factor authentication for access via the self-service portal or, a personal Identification code for access via the mobile app.
Payroll Metrics employees do not respond to requests from customers or their employees for PII.
3.3 Disclosure of Personal Information
PII may be disclosed in the following circumstances:
- to third parties where the individual consents to the use or disclosure; and
- Where required or authorised by law.