PO050 V#2.0 2023

Policy Statement
It is the policy of Soclean to operate our business in a manner that consistently meets or exceeds the legal
rights of persons in regard to the privacy and confidentiality of information relating to them by ensuring
compliance with the provisions of relevant privacy legislation.
Aims And Objectives
As an organisation, we will ensure that only such information as is necessary for employment and business
purposes is collected and that this information will only be accessible by persons who are specifically
authorised to access the information.
We acknowledge that the privacy principles are designed to protect the rights of the individual, yet still allow
access by particular authorities in specific circumstances and for specific purposes. To meet our obligation to
comply with these principles under privacy laws, we will ensure that these principles are adhered to by
management of the organisation and all of our employees and agents.
Soclean will ensure that we comply with these principles in regard to –
• The necessity of personal information to be collected, and the means of collection of this information
• The use or disclosure of personal information about an individual
• Ensuring that information held is accurate, complete, and up to date
• The protection of information from misuse, loss and unauthorised access, modification or disclosure
• The way in which personal information is managed, including the right of individuals to know what
type of personal information relating to them is collected, held, used or disclosed
• Allowing individuals reasonable access to information held about them to the extent allowed by law
• The identification of individuals
• The right of individuals to anonymity when entering into transactions where lawful and practicable
• The transfer of personal information to persons in a foreign country except where allowed by law, and
• The collection of sensitive information without consent or legal authority.
Workers and employees (including line management) must ensure that they do not infringe any privacy
principles in the conduct of their roles and functions, and that any breach (or suspected breach) of privacy
principles are reported to enable the company to comply with its legal obligations under privacy laws.