This Policy outlines the principles adopted by Hive & Wellness Australia Pty Ltd (HWA) to protect the personal information of individuals in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
HWA is committed to handling personal information in a lawful, fair, and transparent manner. We will take all reasonable steps to ensure that any personal data we collect, use, hold, or disclose is managed in accordance with applicable Australian privacy laws and regulatory requirements.
HWA collects personal information that is reasonably necessary for our functions, services, and compliance obligations. We are committed to collecting this information lawfully, fairly, and transparently, and to protecting the rights of individuals whose data we hold.
We will inform individuals of the purposes of collection and, where required, seek their consent—unless an exception under the Privacy Act 1988 applies (e.g. where collection is required or authorised by law or necessary for the performance of a contract).
The types of personal information we collect and hold may include (but are not limited to):
Name
Date of birth
Residential or postal address
Email address or telephone number
Financial details (e.g. bank account information, if you are a supplier or shareholder)
Tax File Number or ABN, where required by law
Information about your interactions with our services (e.g. purchase history or enquiry records)
In the context of stakeholder engagement, we may collect information as follows:
Consumers – name and contact details (e.g. email address, phone number)
Beekeepers – name, address, ABN, and banking information for payment purposes
Suppliers and trade customers – representative’s name, employer, job title, and contact information
Prospective employees – full name, contact details, employment history, education, referee information, and next of kin details (for emergency purposes)
Shareholders – name, address, shareholding information, tax file number, and banking details for dividend processing
We collect personal information directly from you when you:
Interact with us in person, by phone, email, facsimile or mail
Submit information through our website or online forms
Apply for employment or provide us with documentation during recruitment
Engage with our services, participate in promotions, or submit feedback
Attend meetings or communicate with us through social media platforms
We will only collect personal information by lawful and fair means, and not in an unreasonably intrusive way.
On occasion, HWA may collect personal information about you from third parties, including:
Recruitment agencies or referees (for job applicants)
HWA’s share registry service provider (for shareholders)
Publicly available sources such as business directories or professional websites
Online job platforms or career portals where we advertise vacancies
We take reasonable steps to ensure that any personal information received from third parties is collected with appropriate consent and handled in accordance with this policy.
Where lawful and practical, individuals may choose to interact with us anonymously or by using a pseudonym (e.g, when making a general enquiry through our website). However, in some cases, we may not be able to provide certain products or services without identifying information.
Our website uses cookies to enhance user experience and gather usage analytics. A cookie is a small text file placed on your device that enables us to recognise repeat visitors, remember preferences, and improve website functionality.
Cookies may collect information such as: IP address, browser type, operating system, referring website, pages visited and time spent on site, date and time of access.
You can control how cookies are handled by adjusting your browser settings to block, delete, or warn about cookies. Refer to your browser’s help menu for more information.
HWA is committed to ethical sourcing and responsible data collection in alignment with our obligations under the ETI Base Code, and applicable international labour standards. We apply additional care when collecting information from vulnerable individuals, including migrant workers, young workers, or those in temporary or non-standard arrangements. All information is collected with due respect for privacy, human dignity, and data minimisation principles.
HWA collects, holds, uses and discloses personal information only where it is reasonably necessary for our business operations, legal obligations, or other legitimate interests. We are committed to ensuring that personal information is only used for the purposes for which it was collected or for purposes that a reasonable person would expect. The purposes for which we hold, use and disclose information include:
Providing our products and services to consumers and trade customers
Responding to enquiries, complaints, or feedback
Administering promotions, competitions, or surveys
Communicating updates or service information to customers
Conducting internal planning, research, reporting, and product development
Improving our website, systems, and customer experience
Performing data analytics to inform business decisions
Fulfilling obligations to shareholders and processing payments (e.g. dividends)
Complying with applicable laws, regulations, and reporting obligations
Managing risk, fraud prevention, and insurance claims
Assessing potential business acquisitions or partnerships
4. Human Resources & Recruitment
Managing recruitment and assessing job applicants
Facilitating onboarding, emergency contact registration, and employment screening
HWA will not use or disclose your personal information for any purpose other than those reasonably expected, unless you have given consent or we are required or permitted to do so by law.
If you do not wish to receive marketing communications from HWA, you may opt out at any time by contacting the Privacy Officer. We will honour all such requests and ensure you are not contacted for promotional purposes unless you have expressly consented to it.
HWA uses and discloses personal information solely for the purposes outlined in this Policy, or for other purposes that are reasonably expected, with your consent, or where required or authorised by law. We take appropriate steps to ensure that personal information is only shared with trusted third parties who are bound by obligations of confidentiality and data security.
We may disclose personal information to the following third parties:
IT support, hosting, and cloud service providers
Software application vendors and digital communication platforms
Legal counsel, auditors, and regulatory consultants
Insurers or government authorities, where required
Share registry operators
Payment processors and financial institutions
Logistics and delivery service providers
4. Business Transactions
If HWA undergoes a sale, merger, restructure, or business transition, personal information may be disclosed to relevant parties involved, subject to confidentiality undertakings.
We undertake due diligence when engaging third-party service providers and take reasonable steps to ensure their privacy and ethical standards align with our commitments under the Privacy Act 1988 and the ETI Base Code.
HWA takes the security and integrity of personal information seriously. We store personal information in secure physical and electronic formats, either at HWA premises, in secure off-site archives, or with trusted cloud service providers under binding contractual obligations.
Personal information is retained only as long as necessary to fulfil the purpose for which it was collected, or to meet legal and regulatory obligations. Our systems include:
On-site servers and secure physical storage
Cloud-based platforms hosted by reputable third-party vendors
Internal databases with user authentication and access controls
HWA applies a layered approach to information security, including both technical and procedural safeguards:
2.1 Technical Controls
Encryption of data in transit and at rest
Role-based access with multi-factor authentication
Secure firewalls, intrusion detection, and malware protection
2.2 Organisational Controls
Access restricted to authorised personnel on a need-to-know basis
Regular audits, monitoring, and staff privacy training
Strict protocols for the secure destruction or de-identification of data when no longer required
While we take all reasonable steps to protect personal information, no data transmission over the internet can be guaranteed to be entirely secure. If a data breach occurs, HWA will respond promptly in accordance with our Data Breach Response Plan and notify affected individuals in line with the Notifiable Data Breaches scheme under the Privacy Act 1988.
While HWA does not intentionally disclose personal information to overseas recipients, some third-party service providers (such as cloud storage or email platforms) may host data on servers located outside Australia. HWA conducts due diligence to ensure such providers meet Australian privacy standards, including compliance with APP 8 regarding cross-border disclosures.
We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we hold about you is not up to date or accurate, you may ask us to correct it by contacting the Privacy Officer and we will take reasonable steps to amend the information if we agree with the change. If we disagree with your view, we will provide the reasons for our decision (unless it is unreasonable to do so) and the avenue to make a complaint. If we decline to correct your personal information as requested, you may ask us to include a statement with the record indicating that you dispute its accuracy. We will take reasonable steps to add this statement so it is linked to the relevant information.
You may ask us to provide you with details of the personal information we hold about you, and copies of that information. Requests for information should be made to the Privacy Officer: Annette Zbasnik, Company Secretary ([email protected]). If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information.
HWA recognises its legal and ethical obligations to manage personal, health, and sensitive information in a secure, accurate, and accountable manner throughout the information lifecycle. This includes creation, use, storage, access, archiving, and secure disposal of records.
In accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs)—particularly APP 6 (Use and Disclosure), APP 10 (Quality), APP 11 (Security), and APP 13 (Correction)—HWA must ensure that personal and health information is:
Collected lawfully and with informed consent (APP 3 and 5)
Used only for the purpose for which it was collected or as required/authorised by law (APP 6)
Stored securely to prevent unauthorised access, interference, loss or disclosure (APP 11)
Kept accurate, up to date and complete (APP 10)
Available to individuals who request access or correction (APP 12 and 13)
This applies to all formats of information, including physical files, electronic records, emails, databases, case notes, medical certificates, and audio-visual recordings.
Personal and health-related records about employees must be stored and handled with the highest level of confidentiality, especially in the context of injury management and workers’ compensation claims, return-to-work planning, mental health or psychological support documentation, medical assessments, vaccinations, or disability-related accommodations
These records must be accessible only to authorised personnel (e.g. RTW Coordinators, National Safety Manager, People & Culture), and not disclosed without legal authority or employee consent.
HWA will retain records in line with statutory and operational requirements. This includes Mandatory Retention Periods:
Injury and RTW records: Retained for a minimum of 25 years from the date of injury or finalisation of the claim, as per the Workers’ Compensation and Rehabilitation Regulation 2014 (QLD) and equivalent state legislation.
Hazardous chemical exposure records (if applicable): Must be kept for 30 years, under WHS Regulations.
Training and induction records: Usually retained for at least 7 years, unless linked to an incident or investigation.
Employment contracts, performance, grievance or disciplinary records: Retained for 7 years after employment ends, in line with Fair Work obligations and limitation periods.
Records are stored:
In locked cabinets or secure archives (for physical records)
On encrypted servers or access-controlled systems (for digital records)
At the end of the retention period, records will be:
Securely destroyed (e.g. shredding, digital wiping), or
Permanently de-identified, where long-term trends are to be retained for analytics
Employees have the right to request access to their personal information, and to seek correction if they believe it is inaccurate or outdated. Any corrections or challenges to records will be handled in line with APP 13 and HWA’s internal procedures, including the right to request a note of dispute be attached.
HWA is committed to addressing all privacy-related concerns promptly, respectfully, and without retaliation. Individuals have the right to raise questions, concerns, or formal complaints regarding the way we handle personal information.
You may contact the Privacy Officer Annette Zbasnik, Company Secretary ([email protected]) to:
Request more information about this policy
Raise a concern about how your personal information has been collected, used, or disclosed
Make a complaint about a potential privacy breach
You may choose to make your enquiry or complaint on an anonymously basis. However, we may ask you to identify yourself if required by law or if anonymity makes it impractical to investigate or respond appropriately.
When lodging a complaint, please include:
Your contact details (if not anonymous)
A description of the concern or incident
Any relevant supporting documents or timeline
We aim to acknowledge all complaints within 5 business days and to resolve them within 30 days where possible. If a complaint is complex or requires further investigation, we will keep you informed of the progress and anticipated resolution timeline.
If you are not satisfied with our response, you may escalate the complaint to the:
Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992