1.2 When used in this policy, the term ‘personal information’ has the meaning given to it in the Privacy Act. In general terms, ‘personal information’ is information or an opinion relating to an individual which can be used to identify that individual.
1.3 From time to time we will review this policy. We will notify you about any changes to our policy by posting an updated version of the policy on our website at www.countrywide.net.au .
Types of information collected
2.1 We may collect and hold personal information about you, that is, information that can identify you and is relevant to providing you with the services you are seeking or related to our business functions and activities. The kinds of information we typically collect include:
a) your name, address, telephone number, email address, fax number and other contact information;
b) age or birth date;
c) system access passwords;
d) profession occupation or job title;
e) for users of www.munchmonitor.com , bank account/credit card details and information relating to allergies and dietary requirements;
f) where you are our employee, your personnel records including your employment agreement, pay records, leave records, tax status, criminal record checks, biometric data, health information, superannuation records, training records, and performance and disciplinary records;
g) personal information from your interaction with our websites, including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the website, mobile network information, time, date, referring URL, the type of operating system and browser, ad data, IP address and standard web log data; and
h) any other information we consider may assist us in providing or marketing our services.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous data or aggregated information about how users use our websites. We do not re-identify this information to turn it into personal information.
Method of collection
2.2 We collect personal information in a number of ways including:
a) when you provide information directly to us, in person, by phone or in writing (whether by email, or through surveys, competitions, promotions or other electronic means);
b) when you interact with, or place orders via, our websites, in which case we record information sent to us by your computer, mobile device or other device you are using to access the relevant site;
c) through your use of electronic devices including tablets, supplied by us to you, or otherwise connecting to our systems in order to facilitate and enable you to perform your duties or provide services to us;
d) when you complete an application, contract or purchase order with us;
e) during conversations or written (including electronic) correspondence between you and our representatives;
f) from third parties such as through our members, service providers and operators of linked websites.
2.3 In some circumstances, personal information is provided to us by third parties such as data providers and brokers, credit reporting bodies, law enforcement agencies and other government entities or other organisations conducting activities on your behalf. With your expressed or implied consent, your personal information may be used and disclosed to us this way.
2.4 In respect of personal information which is provided to us by third parties, we seek assurances that all such personal information has been collected lawfully and in compliance with the Privacy Act and that all required consents have been obtained for, and disclosure statements made in respect of, the intended use of that personal information. However, we will not be responsible for, and accept no liability in respect of, any failure by a third party to do so.
Purpose of collection
2.5 We collect personal information about you so that we can perform our business activities and functions and provide you with services in a personalised, safe and efficient manner. The personal information that we collect and hold about you depends on your interaction with us.
2.6 Generally, we will collect, use and hold your personal information for the purposes of:
a) assessing applications;
b) providing products or services to you or someone else you know, including the administration of our rewards program and delivering rewards under that program;
c) monitoring, auditing and evaluating our products and services;
d) conducting business with you, developing our relationship with you and assisting you to develop relationships with our members;
e) communicating with you about our products and services;
f) providing you with promotional and marketing information about products and services that our related entities and other organisations that we have affiliations with have and that may be of interest to you;
g) conducting market research;
h) facilitating our internal business operations, including the fulfilment of any legal requirements;
i) assisting you in developing relationships with customers and suppliers and providing trade references upon request; and
j) dealing with any complaints or enquiries.
2.7 Where you are our employee, we may collect, hold, use and disclose your personal information for all purposes connected with our employment relationship or as otherwise authorised by you at the time of collection. This includes hiring you, training you, administering your personnel records (including pay and leave records), and managing your performance. It may also include the collection of your sensitive personal information (including health information) for purposes connected with managing and complying with our work, health and safety obligations.
2.8 We may also use your personal information (excluding your sensitive information which will only be used for the purpose for which it is collected) for other purposes related to those described above, and/or for a purpose for which you would reasonably expect it to be used, as permitted by applicable laws.
2.10 Cookies may collect and store your personal information. This policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies.
2.11 Cookies may be used to provide you our services, including to identify you as a user of our website, remember your preferences, customise and measure the effectiveness of our services, promotions and marketing, analyse your usage of our services, and for security purposes.
2.12 You also may encounter Cookies used by third parties and placed on certain website pages that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.
3.1 Your personal information will not be shared, sold, rented or disclosed other than as described in this policy. We only use or disclose information about you for the purposes for which it was collected and as otherwise set out in this policy.
3.2 We may disclose personal information about you to:
a) any person or any organisation for any authorised purpose with your express consent;
b) our personnel, including our employees, agents and contractors;
c) any Related Bodies Corporate (as defined by the Corporations Act 2001(Cth);
d) when we act as agents, the principals for whom we act;
e) other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the services we provide to you, including:
i) mailing houses;
ii) market research organisations;
iii) specialist consultants; and
iv) website analytics providers;
f) third party service providers who assist us in operating our business (for instance our IT service providers and entities who assist us to administer our rewards program);
g) travel agents in instances where you are given overseas holidays as part of our rewards program, including Turkey;
h) other organisations with whom we have affiliations so that those organisations may provide you with information about services and various promotions;
i) government and regulatory authorities and other similar organisations, as required or authorised by law; and
j) such entities that we propose to merge with or be acquired by.
3.3 The third party service providers and travel agents may be based overseas or use overseas infrastructure to perform services for us. In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where you would reasonably expect us to and the purpose is related to the purpose of collection). Except where specific individual consent has been obtained, we take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information
3.4 We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the Privacy Act and the APPs or equivalent privacy laws. However, we note that some service providers may not be required to comply with this policy.
3.5 We sometimes handle personal information relying on exemptions under the Privacy Act. These include exemptions in relation to (i) employee records; (ii) related bodies corporate; (iii) provision of services to State or Territory authorities; and (iv) overseas operations relating to personal information of non- Australians. Any permitted handling of personal information under such exemptions will take priority over this policy to the extent of any inconsistency.
4. FAILURE TO PROVIDE INFORMATION
4.1 If you do not provide us with your personal information, or the information you provide is incomplete or inaccurate, some or all of the following may happen:
a) we may not be able to provide the requested products or services to you, either to the same standard or at all; or
b) we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions; or
c) we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful; or
d) if you are a prospective employee, we may not be able to hire you; or
e) if you are our employee, it may be a breach of your employment conditions to not provide us with the information; or
f) if you are a contractor to us, you may not be able to provide your services to us.
5. STORAGE AND SECURITY
5.1 We store, protect and process your personal information by taking reasonable steps. The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure. Personal information is destroyed or de-identified when no longer required for any of the purposes for which it may be lawfully used or disclosed.
5.2 When you submit sensitive information via the website, your information is protected both online and offline. Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page. While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
5.3 After you cancel your account with us, we will retain your information for as long as we reasonably need it for the purposes outlined in this policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or permitted by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to delete all of your information.
5.4 As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online or that it will not be disclosed in a manner that is inconsistent with this policy. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
6. NOTIFIABLE DATA BREACHES
6.1 In the event that there is a data breach, we will take all reasonable steps to contain the suspected or known breach where possible. We will take immediate steps to limit any further access or distribution where possible.
6.2 If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach.
6.3 If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made.
6.4 Where we are aware of reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.
6.5 We will review the incident and take action to prevent future breaches.
7. ACCESS AND CORRECTION
7.1 You may request access to personal information we hold about you, by making a written request. We will respond to your request within a reasonable period. We may charge you a reasonable fee for processing your request (but not for making a request for access).
7.2 We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons). For example, we may need to refuse access if granting access would unreasonably interfere with the privacy of others or would result in a breach of confidentiality.
7.3 If, upon receiving access to your personal information, or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
7.4 If we refuse to correct your personal information, we will provide you with a written notice that sets out the reasons for our refusal (unless it would be unreasonable to provide those reasons) and provide you with a statement regarding the mechanisms available to you to make a complaint. We will also, where requested by you, take reasonable steps to attach to or associate with the information a statement of the correction sought but not made, or a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
a) information we collect and hold about individuals who are directors of a company, when providing commercial credit to that company;
b) information we collect and hold about individuals who provide a personal guarantee to us in relation to commercial credit we provide to a company; and
c) information we collect and hold about individuals who are obtaining that credit for their own business purposes as sole traders or partners in a partnership.
8.3 When you apply for or obtain or guarantee credit from us, the credit-related personal information that we collect from you includes information that identifies you, such as your name, postal address, email address and date of birth and your driver’s license number.
8.4 We may exchange credit-related personal information about you with credit reporting bodies (CRBs) for the purposes of assessing commercial credit applications from you or companies of which you are a director, and also to assess whether to accept a guarantee from you.
8.5 We may use the information we collect from and about you for account management and administrative purposes directly related to the provision or management of the commercial credit we provide to you or to companies of which you are a director.
8.6 We may also report defaults in payment terms or guarantee commitments in relation to commercial credit to CRBs. We may also disclose your credit-related personal information to any guarantor of your obligations to us.
8.7 We may also use the information we collect from and about you to:
a) collect overdue payments;
b) assign debts; and
c) create assessments and ratings of your creditworthiness.
b) Personal Information breaches – see section “NOTIFIABLE DATA BREACHES”;
c) Transfer of information overseas – see section “DISCLOSURE” and
d) Security – see section “STORAGE AND SECURITY”;
e) Complaints – see section “CONTACTING US OR MAKING A COMPLAINT”.
9. CONTACTING US OR MAKING A COMPLAINT
If you wish to make a complaint about a breach of the Privacy Act, the Australian Privacy Principles or a privacy code that applies to us or if you have any concerns about how we have treated your Personal Information, please contact us, as set out below, and we will take reasonable steps to investigate the complaint and respond to you.
Contact: Company Secretary
Post: Countrywide Food Service Distributors, PO Box 1431, Parramatta NSW 2124 Phone: (02) 8604 2500
If you feel that your complaint or concerns have not been satisfactorily resolved, you can contact the Office of the Australian Information Commissioner at:
Post: GPO Box 5218 SYDNEY NSW 2001
Email: email@example.com Phone: 1300 363 992
10. MORE INFORMATION
For more information about privacy in general, you can visit the Office of the Australian Information Commissioner website at www.oaic.gov.au.
WHISTLE BLOWER POLICY
1.1 Countrywide Australasia Limited (the Company) is committed to ensuring the highest standards of integrity and promoting a culture of honest and ethical behaviour, corporate compliance and good corporate governance. As part of this commitment, the Company recognises the need to have robust procedures in place to ensure people can report instances of suspected unethical, illegal, fraudulent or undesirable conduct by the Company or its officers, employees or agents, and to ensure that anyone who does report such behaviour can do so without fear of reprisal, discrimination, intimidation or victimisation.
1.2 The Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 (Act), effective from 1 July 2019, has provided for an expanded corporate whistleblowing scheme and a new tax affairs whistleblowing scheme (the Whistleblower Regime) providing additional statutory protections and immunities to Whistleblowers.
1.3 This Whistleblower Policy (the Policy) forms part of the Company’s broader risk management framework and aligns with the Company’s Code of Conduct and statement of values. Separate polices within the Company are also relevant to the conduct of directors, employees and contractors including policies and procedures dealing with human resources, safety and other This Policy supports and is to be read in conjunction with those documents and the statutory protections provided under the Whistleblower Regime.
2. OBJECTIVES OF THIS POLICY
2.1 This Policy has been established to:
a) encourage the reporting of misconduct, illegal, fraudulent or other unethical conduct or serious wrongdoing, including the matters set out in Section 6 (Reportable Conduct), so that systemic and serious issues can be raised promptly and effectively addressed;
b) provide an appropriate procedure for individuals to report such conduct in the knowledge that they can act without fear of victimisation, disadvantage or reprisal;
c) ensure that any person who makes a report in accordance with this policy (a Whistleblower) is appropriately protected from detrimental action (see Section 11); and
d) provide transparency around Countrywide’s framework for receiving handling and investigating disclosures.
2.2 To support its stated objectives, this Policy provides a framework for Whistleblowers by:
a) providing reasonable protections for a Whistle-blower who, acting honestly with genuine or reasonable belief that the information in the allegation is true or likely to be true, raises concerns about Reportable Conduct (See Section 6); and
b) ensuring allegations of Reportable Conduct are properly and lawfully investigated and addressed.
3. COMPANY RESPONSIBILITIES
3.1 The Finance, Risk and Audit Committee of the Board (the FRAC) has responsibility for, and ownership of, this Policy, including approving the Policy and any amendments. The FRAC will ensure that this Policy complies with the Company’s legal and ethical obligations, and that all those under its control comply with it. This Policy will be periodically reviewed and if necessary, updated, to ensure the Company’s ongoing compliance with its obligations under the Whistleblower regime.
3.2 The Whistleblower Protection Officers (WPOs) set out in Schedule 1, have the day-to-day responsibility for:
a) Implementing this Policy and ensuring it is made available to the officers and employees of the Company, monitoring its use and effectiveness and dealing with any queries about it.
b) Receiving disclosures under this Policy, as relevant, from Whistleblowers.
c) Ensuring the Whistleblower has access to this Policy, is aware of the Whistleblower statutory protections provided under the Whistleblower Regime and the support available from the Company
d) Obtaining information from the Whistleblower that:
(i) where appropriate, assists the Company to investigate the report effectively; and
(ii) confirms whether the Whistleblower holds any concern of victimisation or retaliation for themselves, or another person, due to making the report, and any assistance or support they may require.
e) Disclosing any conflict of interest they may have in respect of a disclosure.
f) Assessing disclosures made under this Policy and their management, including:
(i) determining whether a disclosure falls under this Policy and should be investigated or is more appropriately managed by another workplace policy of the Company;
(ii) subject to any permissions granted by the Whistleblower, taking all reasonable steps to ensure a Whistleblower’s identity is kept confidential (such as removing the Whistleblower’s name, position title or number, and other identifying details from the report);
(iii) where a disclosure is sufficiently serious, notifying the Chair of the FRAC and/or the Board;
(iv) seeking legal advice on the Company’s statutory or other legal obligations arising from a disclosure made under this Policy, or the application of this Policy;
(v) in conjunction with the FRAC and/or the Company’s human resources team, assessing the risk of any detrimental conduct to a Whistleblower, or other person, due to a disclosure made under this Whistleblower policy, and ensuring the implementation of appropriate safeguards;
(vi) notifying the director of human outsource team in circumstances where, if the disclosure was proven, there could be disciplinary consequences for an employee of the Company.
(vii) where a Whistleblower has consented to their identity being shared, liaising with the Whistleblower to obtain any further information necessary to properly investigate the matter.
g) Explaining next steps to the Whistleblower, including:
(i) if appropriate, referring the matter for investigation (see Section 9.1),
(ii) what steps will be taken to preserve the confidentiality of the Whistleblower’s identity where consent to disclose his/her identity to persons involved in conducting the investigation, is limited or has not been given by the Whistleblower.
3.3 For the purposes of this Policy, the Company’s WPOs are the Company’s director of Human Resources, Chief Financial Officer, Chair of FRAC and Company Secretary. (See Schedule 1).
3.4 The senior executive team of the Company are responsible for ensuring those reporting to them understand and comply with this Policy, are given adequate and regular training on it and ensuring appropriate resources are made available to sustain an effective Whistleblower management plan in the Company.
3.5 The director of Human Outsource has overall responsibility for any disciplinary process that is triggered by a disclosure under this Policy that, if established, leads to an allegation of misconduct or serious misconduct against an employee of the Company, or where a report involves a personal work-related grievance (as defined in Section 6.3).
3.6 Managers of the Company play an important role in supporting the objectives of this Policy, and ensuring their direct reports are able to obtain information about the correct processes for making a disclosure or seeking further advice and support about whistleblowing. Managers are responsible for enforcing the importance of this Policy with their reports, together with why disclosing wrongdoing is so vital to the Company’s risk management framework.
3.7 The Chair of the FRAC has responsibility for:
a) periodically reviewing that any recommendations made from investigations into disclosures made under this Policy are implemented by the Company as required; and
b) analysing matters reported in disclosures and providing recommendations to the FRAC on future audit activity by the Company.
3.8 All employees of the Company are required, and all other eligible Whistleblowers (see Section 5.2) under this Policy are strongly encouraged, to report under this Policy if they reasonably suspect that Reportable Conduct or a State of Improper Affairs or Circumstances exists in relation to the Company (see Section 6), whether engaged in by themselves or others.
3.9 All employees of the Company, and persons providing services as an independent contractor or labour hire worker to the Company, are required to:
a) subject to a claim of privilege or self-incrimination, cooperate with a WIO (see Section 9, including by providing relevant documents and information or answering questions during the conduct of any investigation under this Policy;
b) strictly maintain the confidentiality of a Whistleblower’s identity, whether they obtain that information directly or indirectly, in accordance with Section 8;Error! Reference source not found..
c) refrain from committing, or threatening to commit, any act of detrimental conduct to a Whistleblower, or any other person, because they believe or suspect that the Whistleblower, or another person, has made, may have made, proposes to make, or could make a disclosure that qualifies for protection under the Whistleblower Regime, in accordance with Section 11.
4. WHO DOES THIS POLICY APPLY TO?
4.1 This Policy applies to:
a) the Board and each director of the Company;
b) all employees of the Company, whether permanent or casual, full-time or ongoing, contractors or other agents either directly engaged by the Company or engaged by entities owned or managed by the Company;
c) entities or persons providing goods and services to the Company, whether through a company, partnership, sole trader or labour hire arrangement;
d) individuals identified as eligible Whistleblowers in Section 5.1.
4.2 The Company’s employees and officers are required to comply with any lawful directions made by the Company in respect of this Policy. This Policy does not form part of any employee’s contract of employment and the Company may amend it at any time.
4.3 A person who reports under this Policy, also known as a Whistleblower, is defined as anyone who makes, or attempts to make, a report under this Policy. It also includes any person the Company determines is a Whistleblower and should be protected as a result of making a disclosure.
5. WHO CAN MAKE A REPORT?
5.1 Eligible Whistleblowers should make a disclosure under this Whistleblower policy, and employees of the Company must make a disclosure under this Whistleblower policy, if they reasonably suspect conduct on the part of a current or former Company director, officer, employee, contractor, or any person who has business dealings with the Company (in the context of those dealings with the Company), or a state of affairs exists in relation to the Company, that is Reportable Conduct (See Section 6).
5.2 An eligible Whistleblower includes anyone who is, or has been, any of the following in relation to the Company:
a) an officer director or senior manager;
b) a permanent, temporary, casual, part-time or full-time employee;
c) a worker on secondment or supplied by an agency;
d) suppliers of services or goods to the Company, such as contractors, consultants, service providers and business partners;
e) an associate of the Company;
5.3 All individuals who make a disclosure relating to Reportable Conduct in accordance with this Whistleblower policy, whether an eligible Whistleblower or not, will:
a) have their identity protected by the Company, in accordance with Section 8; and
b) be protected from detrimental conduct by the Company in accordance with Section 11.
5.4 Any person who is mentioned in a disclosure will be treated fairly by Company, in accordance with Section 10.
5.5 In addition to the protections outlined in this Policy, an eligible Whistleblower will also qualify for protections available under the statutory Whistleblower Regime when they make a disclosure that qualifies for protection under the Whistleblower Regime (See Schedule 2).
6. WHAT IS REPORTABLE CONDUCT?
6.1 In this Policy, Reportable Conduct includes but is not limited to conduct or a state of affairs in relation to the Company that:
a) is fraudulent or corrupt, involves bribery or corruption, or otherwise amounts to an abuse of authority:
b) constitutes an Improper State of Affairs or Circumstances (See Section 6.2).
c) is illegal, including theft, dealing in or use of illicit drugs, violence or threatened violence, harassment, intimidation, sabotage or criminal damage to property;
d) is in breach of Commonwealth or state/territory legislation or local authority by-laws;
e) is unethical, such as dishonestly altering company records or data, adopting questionable accounting practices, offering or accepting a bribe or the unathorised disclosure of confidential information;
f) is contrary to, or a serious breach of the Company’s Code of Conduct or other Company policies;
g) poses a serious risk to the health and safety of any person at the workplace;
h) causes a risk or harm to the environment ;
i) amounts to behaviour that is oppressive, reckless or grossly negligent ;
j) may cause financial or non-financial loss to the Company, damage its reputation or be otherwise detrimental to the Company’s interests;
k) is an attempt to conceal or delay disclosure of any of the above including engaging in or threatening to engage in detrimental conduct against a person who has made a disclosure, or is believed or suspected to have made, or be planning to make, a disclosure under this Policy.
6.2 For the purposes of this Policy, an Improper State of Affairs or Circumstances includes conduct that:
a) constitutes a contravention of the Corporations Act, ASIC Act, Banking Act, Financial Sector (Collection of Data) Act, Insurance Act, Life Insurance Act, National Consumer Credit Protection Act, Superannuation Industry (Supervision( Act;
b) constitutes an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more;
c) represents a danger to the public or the financial system;
d) indicates a significant risk to public safety of, or confidence in, the financial system, even if it does not involve a breach of law; or
e) involves a discloser seeking legal advice or representation about the operation of the whistleblower protections under the Corporations Act.
6.3 Except as provided in Section 6.4, a personal work-related grievance is not generally considered to be Reportable Conduct under this Policy and should be reported under the relevant workplace policy of the Company. Examples include complaints an employee, or former employee, may hold concerning:
a) an interpersonal conflict with another employee;
b) a decision relating to a transfer or promotion;
c) a decision relating to the terms and conditions of employment, including remuneration;
d) a complaint of bullying, harassment, discrimination or other unfair treatment;
e) any disciplinary or performance management process or a decision to suspend or terminate employment.
While these types of complaints do not qualify for protection under the Whistleblower Regime, they may be protected under other legislation, such as the Fair Work Act 2009 (Cth).
6.4 A personal work-related grievance that has significant implications for the Company, and wider ramifications than for the Whistleblower personally, may be appropriate to disclose under this Policy as Reportable Conduct. Similarly, where the grievance relates to detrimental conduct suffered by the Whistleblower because of making a previous Whistleblower disclosure, or seeking legal advice about Whistleblower protections, the matter should be reported under this Policy. Without limiting the types of matters, examples of personal work-related grievances that may qualify for statutory protection under the Whistleblower Regime include:
a) Mixed reports, for instance where a concern regarding corporate misconduct or wrongdoing is accompanied by a personal work-related grievance, or a personal work-related grievance includes information about corporate misconduct or wrongdoing.
b) Where the matter suggests a behaviour or conduct extending beyond the individual’s personal circumstances, for instance an individual claim of bullying has indicated that there may be a more general culture of bullying or harassment within the Company.
c) The Company, or its officers or agents, has breached an employment (or other) law punishable by more than 12 months imprisonment, or has engaged in conduct that represents a danger to the public.
d) Health & safety offences involving reckless conduct committed by an officer in breach of work, health and safety legislation, and employer or employee organisations giving, receiving or soliciting bribes under the Fair Work Act 2009(Cth).
e) The Company has engaged in conduct that represents a danger to the public, or the information suggests misconduct beyond an individual’s personal circumstances.
f) Where an individual seeks legal advice or legal representation about the statutory protections available under the statutory Whistleblower regime.
6.5 If unsure whether a grievance is Reportable Conduct under this Whistleblower policy, or a personal work- related grievance that is more appropriately managed through a relevant workplace behaviour policy of the Company, employees are encouraged to seek guidance from the Company human resource provider, Human Outsource or obtain independent legal advice.
7. MAKING A DISCLOSURE
7.1 For a report to be investigated, it must contain enough information to form a reasonable basis for investigation. It is important, therefore, for a Whistleblower to provide as much information as possible, such as any known details about the events underlying the report including:
d) name of person(s) involved;
e) possible witnesses to the events;
f) evidence of the events (for example, documents, emails);
g) details of steps already taken (if any) to report the matter elsewhere or to resolve the concern.
If a report does not contain sufficient information to form a reasonable basis for investigation, additional information may be requested from the Whistleblower. If this additional information cannot be obtained and the investigation is unable to be carried out, the report will be closed and the Whistleblower will be informed.
7.2 A disclosure may have serious consequences, including potential damage to the career prospects and reputation of people who may be the subject of allegations of wrongdoing. For this reason, a Whistleblower must have reasonable grounds to suspect Reportable Conduct in relation to the Company.
7.3 A disclosure of Reportable Conduct can be made anonymously, and a Whistleblower may choose to remain anonymous, including during any investigation into the disclosure. If the disclosure is not made anonymously, or an anonymous Whistleblower consents to limited disclosure of their identity (for instance, to the WPO), the Company will take all reasonable steps to ensure that the Whistleblower’s identity remains confidential and that the Whistleblower is provided with appropriate protection and support (See also Sections 8 and 12.3).
7.4 Reportable Conduct can be reported at any time via email to firstname.lastname@example.org . This service is managed by a third party intermediary, Human Outsource, and enables disclosures to be dealt with confidentially, anonymously and in a timely manner. In circumstances where a Whistleblower wishes to retain anonymity, it provides a means for the Company to obtain information that may be necessary to complete an investigation or provide a Whistleblower with updates on the status of the investigation. All reports received from Human Outsource are reported to Company WPOs in accordance with this policy. Reports can also be made directly to a WPO whose details are provided in Schedule 1.
7.5 Whistleblowers can also report concerns to any “eligible recipient” as defined under the Whistleblower Regime, including:
a) any officer or senior manager of the Company;
b) ASIC or APRA;
c) any other prescribed Commonwealth body (as at the date of this policy, there are no prescribed Comonwealth entities under the Corporations Regulations 2001(Cth);
d) an internal or external auditor of the Company, or a member of an audit team conducting an audit of a Company entity;
e) an actuary of the Company;
f) a legal practitioner for the purpose of obtaining legal advice about the operation of the whistleblowing protections (even if the legal practitioner concludes that a disclosure does not relate to Reportable Conduct protected by the Whistleblower Regime);
g) a person designated to receive whistleblowing reports under this Policy (such as a WPO).
7.6 A disclosure may be made to any of the above recipients verbally or in writing (for example, by email). However, when making a report to a recipient who is a Company senior manager, or a director or Company Secretary, we encourage you to identify that you are making the disclosure under this Policy.
7.7 In the following limited circumstances, a disclosure can also be made to a journalist or a member of a federal, state or territory Parliament:
a) A public interest disclosure can be made to a journalist or parliamentarian if:
(i) the Whistleblower has previously made a disclosure of Reportable Conduct to a regulator and at least 90 days have passed;
(ii) the Whistleblower has reasonable grounds to believe that action is not being, or has not been taken to address the disclosure;
(iii) the Whistleblower has reasonable grounds to believe that making a further disclosure would be in the public interest;
(iv) the Whistleblower has given written notification to the authority that they intend to make a public interest disclosure
(v) the extent of the information disclosed is no greater than necessary to inform the recipient of the misconduct or improper state of affairs to which the first disclosure related.
b) An emergency disclosure can be made when;
(i) the Whistleblower has reasonable grounds to believe the information disclosed concerns a substantial and imminent danger to the health and safety of one or more persons, or the natural environment;
(ii) the individual has previously made a disclosure to an eligible recipient and the Whistleblower has provided a written notification that he or she intends to make an emergency disclosure.
8.1 All information provided by a Whistleblower (including disclosures regarding misconduct that are received indirectly), will be treated as confidential and maintained securely. Any breach of confidentiality will be treated as a serious disciplinary matter.
8.2 The identity of a Whistleblower (or information that is likely to lead to them being identified as a Whistleblower) will be kept confidential, unless any of the following apply:
a) the Whistleblower consents to this information being disclosed;
b) during the investigation of a report, the Company needs to disclose information that may lead to the Whistleblower being identified. (Noting that all reasonable steps will be taken to ensure that the Whistleblower’s identity is not disclosed);
c) the Company is required by law to disclose the Whistleblower’s identity (for example where the Company needs to disclose this information to an external regulator or is ordered to do so by a court);
d) the information is provided to APRA, ASIC or a member of the police; or
e) the Company needs to disclose the information to prevent a serious and imminent threat to life, health or property.
8.3 If any Company personnel receives information about Reportable Conduct, and does not keep that information confidential or discloses any information that is likely to lead to the Whistleblower being identified (except in circumstances permitted above);
a) if they are Company employees, they will be subject to disciplinary action, which may include a formal written warning, or termination of employment with the Company;
b) if they are not a Company employee, the Company may take other corrective action; and
c) they may be subject to penalties under the statutory Whistleblower Regime.
8.4 The Company will ensure all records forming part of an investigation will be kept confidential and stored securely in accordance with Company’s confidentiality obligations and any statutory requirements.
9. INVESTIGATION OF DISCLOSURES
9.1 One of the WPO’s will be appointed as the Whistleblower Investigation Officer (WIO) and will co-ordinate any investigation. The WIO will confirm their appointment to the role to the Whistleblower within 2 business days and will, as soon as practicable, assess all matters notified to them under this Policy.
9.2 The investigation process will vary depending on the nature of the Reportable Conduct and the amount of information provided. The WIO will determine what factors will be considered when investigating a disclosure in line with the Company’s guidelines and procedures. Examples of factors that might be considered include the following:
a) the nature of the Reportable Conduct;
b) when and where the Reportable Conduct occurred;
c) what evidence is available, including any possible witnesses;
d) any immediate concern for a person’s health and safety.
9.3 Once assigned, the WIO:
a) may seek assistance form others within the Company or ‘task’ aspects of an investigation to internal or external resources, where appropriate, subject to the same confidentiality obligations that apply to the WIO;
b) will provide regular updates to the Whistleblower (if the person can be contacted, including through anonymous channels);
c) will ensure appropriate measures are in place to safeguard Whistleblowers, and other persons involved in a disclosure by a Whistleblower, from victimisation or any immediate health and safety concerns.
9.4 Any investigation conducted by the WIO will be thorough, objective, fair, preserve the confidentiality of the Whistleblower and be conducted independent of:
a) the Whistleblower;
b) any person the subject of the disclosure;
c) any parts of the Company’s business concerned.
9.5 The WIO will aim to conclude the investigation and document findings within two months of receiving the disclosure. A report will be provided to the FRAC and/or the Board.
9.6 A Whistleblower will be provided with feedback regarding the outcome of the investigation, if the Whistleblower can be contacted, subject to the privacy and confidentiality rights of any individual under investigation and any other confidentiality requirements. However, the Whistleblower will not be provided with a copy of the investigation report or associated material and there may be circumstances where it will not be appropriate to notify the Whistleblower of the outcome, for example, where the Company is prevented by law from doing so or it would pose a risk of serious harm to an individual.
9.7 Potential outcomes of the investigation are:
a) the concern was substantiated, and appropriate action has been taken;
b) the concern was not substantiated, and no further action will be taken unless further evidence becomes available;
c) a determination was not possible, and no further action will be taken unless further evidence becomes available.
9.8 Where the WIO substantiates the report, the Company will consider whether changes to its processes and systems are required to reduce the likelihood of the Reportable Conduct happening again. Where a person is found to have engaged in misconduct, the matter will be dealt with in accordance with the Company’s disciplinary procedures. This may result in disciplinary action including dismissal.
9.9 The Company will report serious criminal matters to the police or other appropriate regulatory authorities and will assess and report compliance incidents to any regulatory authority where required. (Noting that the Company may disclose the identity of a Whistleblower to ASIC, APRA or a member of the Australian Federal Police).
10. FAIR TREATMENT OF EMPLOYEES NAMED IN A DISCLOSURE
10.1 The Company will ensure the fair treatment of employees mentioned in a disclosure made under this Policy. The Company will:
a) to the extent that it is practical and appropriate in the circumstances, handle all disclosures confidentially;
b) assess each disclosure on its merits and investigate as appropriate, in accordance with Section 9;
c) advise an employee who is the subject of a disclosure as and when required by principles of natural justice and procedural fairness, and where appropriate having regard to the nature of the disclosure, prior to:
(i) any external actions being taken, such as referring the disclosure to a regulator or law enforcement agency;
(ii) commencing a formal investigation;
d) advise when conduct raised in a disclosure, if proven, could lead to allegations of misconduct being made against an employee the subject of a disclosure, leading to possible disciplinary consequences, including termination of employment;
e) provide details of the persons who can be contacted with issues, queries and concerns, in accordance with Section 12.2;
f) advise the outcome of any investigation into the disclosure, in accordance with Section 9.6.
11. PROTECTION AGAINST DETRIMENTAL ACTION
11.1 A Whistleblower who:
a) suspects on reasonable grounds that a Company officer, employee or contractor has engaged, or plans to engage, in Reportable Conduct; and
b) reports the matter in accordance with this Policy,
must not be subject to Detrimental Action for reporting the Reportable Conduct.
11.2 In this Policy, Detrimental Action includes the following (even if done unintentionally):
a) action causing injury, harm, loss or damage (including psychological harm or damage to reputation);
b) dismissal of an employee;
c) alteration of an employee’s position or duties to their disadvantage;
d) discrimination or other adverse treatment in relation to the Whistleblower’s employment, career, profession, trade or business, including dismissal, demotion or the taking of other disciplinary action;
e) harassment or intimidation of a person;
f) any conduct which incites others to subject the Whistleblower to any of the above conduct.
Reasonable management and administrative action conducted in a reasonable manner by the Company will not constitute detrimental conduct against a Whistleblower or another person.
11.3 A Whistleblower, or other person, who believes on reasonable ground that a Whistleblower has suffered, or may suffer, Detrimental Action, should do any of the following:
a) report the matter under this Policy in accordance with Section 7;
b) seek guidance and support from the from the Company’s outsourced human resources provider, Human Outsource;
c) seek independent legal advice.
11.4 An employee who is found to have subjected a Whistleblower to Detrimental Action will be subject to disciplinary action (which may include termination of employment) and may be guilty of an offence that is subject to prosecution under legislation. The Company may terminate the contract or engagement of non-employees or take other corrective action, where they are found to have subjected a Whistleblower to Detrimental Action.
11.5 The Whistleblower Regime also provides remedies to Whistleblowers who suffer Detrimental Action. If a court finds that victimisation has occurred, the court may order the victimiser and/or the Company to:
a) pay compensation to the person who was subject to the victimisation;
b) pay substantial fines and/or to jail.
12. SUPPORT AVAILABLE TO WHISTLEBLOWERS
12.1 The Company encourages Whistleblowers, or other persons, to raise issues or ask questions if:
a) they are unsure:
(i) whether they are covered by this Policy;
(ii) whether their concerns qualify as a matter to be disclosed under this Policy; or
(iii) as to whom they should make a disclosure.
b) they are the subject of a disclosure or a witness in an investigation of a disclosure and seek support or assistance.
c) they seek information about the type of protections and immunities available to Whistleblowers, and other persons, under this Policy and the Whistleblower Regime.
12.2 Issues, queries and concerns, such as those detailed above, can be raised with:
a) your manager or supervisor;
b) a WPO;
c) the Company’s outsourced human resources provider, Human Outsource.
12.3 Part of the role of the WPO is to safeguard the interests of the Whistleblower, to assist them to understand the process and the available protections and to ensure the integrity of the whistleblowing process. Strategies that may be employed by a WPO to assist a Whistleblower, or another person, include:
a) assistance to manage the stress, time and performance impacts resulting from the disclosure or its investigation;
b) exploring options with the person’s manager and/or human resources team such as permitting the performance of work from another location, assignment to another role, modifications to the workplace or reporting lines;
c) reminding those managing and handling the disclosure and its investigation about their obligations in respect of confidentiality, detrimental conduct, managing conflicts of interest, and the fair treatment of the Whistleblower and others mentioned in the disclosure.
12.4 While Company employees will not be subject to disciplinary action for making a disclosure of Reportable Conduct under this Policy on reasonable grounds, they may still be subject to disciplinary action for misconduct that is revealed as a result of the disclosure. However, the Company may, in its discretion, take the disclosure into account when determining the nature of any disciplinary action.
12.5 If a Whistleblower thinks that the person to whom they made the disclosure of Reportable Conduct has not dealt with the report sufficiently, or at all, they may raise the concerns with the Chair of the FRAC or the Managing Director of the Company.
13. OTHER WHISTLEBLOWER PROTECTIONS
13.1 Where an Eligible Whistleblower makes a disclosure that qualifies for protection under the Corporations Law or Tax Administration Act (see Schedule 2), the Whistleblower is protected from any of the following in relation to the disclosure:
a) Civil liability (for instance, legal action against the Whistleblower for breach of an employment contract, duty of confidentiality or another contractual obligation).
b) Criminal liability (for instance, the attempted prosecution of the Whistleblower for unlawfully releasing information, or other use of the disclosure against the Whistleblower in a prosecution, other than making a false disclosure).
c) Administrative liability (for instance, disciplinary action for making the disclosure).
13.2 The protections available to Whistleblowers who make a disclosure qualifying for protection under the Corporations Law and the Tax Act do not, however, grant the Whistleblower immunity for any misconduct the Whistleblower has engaged in that is revealed in their disclosure.
13.3 Whistleblowers may also have access to other statutory protections under anti-discrimination and equal opportunity legislation, and the Fair Work Act 2009 (Cth), or under the common law and their contracts of employment or engagement with the Company.
14. POLICY DISSEMINATION AND TRAINING
14.1 This policy is available on the Company’s website and intranet. The policy is covered in the new employee induction process.
14.2 Specialist training is given to employees responsible for key elements of the program and for persons who may receive reports of Reportable Conduct under the Policy.
15. POLICY REVIEW AND AMENDMENT
The Company Secretary, and the Chair of the FRAC will monitor and annually review the content and effectiveness of this Policy. This Policy can be amended with the approval of the FRAC. Any amendments to this Policy shall be affected by the posting of an updated version of the document on the Company’s website at www.countrywide.net.au, and on company the intranet.
WPO (Name & Title)
Mark Algie (Director Human Outsource)
Email: email@example.com M: +61 409 629 401
Grant Harrod (Chair of Finance, Risk & Audit Committee)
Email: firstname.lastname@example.org M: +61 418 612 754
Mark Saus (Chief Financial Officer)
Email: email@example.com M: +61 448 026 047
Karen Lupton (Company Secretary)
Email: firstname.lastname@example.org M: +61 430 802 483
THIS SCHEDULE 2 IS INTENDED FOR INFORMATION PURPOSES ONLY AND SHOULD NOT BE TAKEN AS THE PROVISION OF LEGAL ADVICE IN RESPECT OF THE OPERATION AND APPLICATION OF THE WHISTLEBLOWER REGIME UNDER THE CORPORATIONS LAW OR TAX ADMINISTRATON ACT. LEGAL ADVICE SHOULD BE OBTAINED FROM AN INDEPENDENT LEGAL PRACTITIONER.
WHEN DOES A DISCLOSURE QUALIFY FOR PROTECTION UNDER THE WHISTLEBLOWER REGIME?
The Corporations Act
The Corporations Act (Part 9.4AAA) affords protection to a Whistleblower’s disclosure provided that they
- are an individual described in Section 5.2 of this Policy or an associate of the Company (within the meaning of the Corporations Act);
- have reasonable grounds to suspect that the information they are reporting concerns misconduct1 or an ‘improper state of affairs or circumstances’2 relating to the Company (which would include most forms of Reportable Conduct under this Policy3.
- make the disclosure to an ‘eligible recipient’ (See Section 5).
The Tax Administration Act
The Tax Administration Act provides protection for disclosures of information that indicate misconduct or an improper state of affairs in relation to the tax affairs of an entity or an associate of an entity where the person considers the information may assist the recipient of that information to perform functions or duties in relation to the tax affairs of the entity or an associate.
Protection is provided for disclosures made to the Commissioner of Taxation, any person or agency specified in Section 7.5 of this Policy or to any registered tax agent or BAS agent providing tax agency or BAS services to the Company.
Protections under the Corporations Act and Tax Administration Act
The protections available to an individual who meets the above requirements include:
- the right to have their identity protected in accordance with the provisions of the legislation;
- a requirement for the Company to take reasonable steps to reduce the risk that the individual will be identified as part of any process conducted under this Policy;
- the right to be protected from civil, criminal or administrative liability (including disciplinary action) from making the disclosure; from contractual or other remedies on the basis of the disclosure; and from the admissibility of the information provided in evidence against the person in each case in accordance with the provisions of that legislation. (These protections do not grant immunity for any misconduct engaged in by the individual which is disclosed as part of the report).
- The right to be protected from detrimental treatment or any form of victimisation in accordance with the provisions of that
- The right to compensation and other remedies in accordance with the provisions of that legislation
1 Misconduct is defined under the Corporations Act to include fraud, negligence, default, breach of trust and breach of duty.
2 An “improper state of affairs or circumstances” is not defined in the legislation but could, for example, include business behaviour and practices that cause consumer harm or systemic issues (See also Section 6.2 of this Policy)
3 Not all types of Reportable Conduct will qualify for statutory protection – for example, certain types of Company policy breaches.
It should be noted that:
- Disclosures that are made anonymously will still receive protection under the legislation provided the disclosure meets the relevant criteria for
- A disclosure may also still qualify for protection even if the disclosure turns out to be
- Any disclosures made that qualify for statutory protection will be investigated in accordance with the investigation processes outlined in this
Breach of confidentiality provisions under the Corporations Act and Tax Administration Act
Under the legislation it is an offence to identity a discloser or disclose information that is likely to lead to the identification of the discloser covered by the statutory protections without the individual’s consent or in other circumstances permitted by law, and serious penalties apply.
An individual who believes these confidentiality requirements have been breached can lodge a complaint with the WPO or with a regulator such as ASIC, APRA or the Australian Taxation Office (as relevant).