What is personal information?
Personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable (whether the information is true or not or recorded in any form or not).
Personal information can also be sensitive information and health information. ‘Sensitive information’ is personal information about an individual’s health, racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices or criminal record. ‘Health information’ includes information about an individual’s physical or psychological health, health services provided to the individual or an individual’s expressed wishes about the future provision of health services.
What obligations relating to personal information must we comply with?
When collecting, using and handling personal information, we are required to comply with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles set out in that Act as they relate to organisations.
When are we permitted to collect personal information?
We are permitted to collect personal information where it is reasonably necessary for our functions or activities. At a high level those functions and activities relate to:
- Providing services to our customers.
- Promoting and growing our business.
- Undertaking research and development and improving our services.
- Obtaining services from other businesses.
- Employing staff.
- Participating in industry processes.
- Managing our corporate affairs.
- Complying with legal and regulatory obligations.
- Protecting our rights and entitlements.
Can you refuse to provide personal information to us?
When you interact with us you may choose to act anonymously or provide a pseudonym where it is practical to do so. However, we may refuse to deal with you if it is impractical for us to do so without you providing personal information to us.
How do we collect and hold personal information?
We receive personal information in different ways and through a number of different media including:
- By telephone.
- Through face to face communications.
- Via digital or online sources.
- By email.
- By hard copy correspondence and documentation.
We keep different types of records that include personal information. These include records stored electronically on data bases and also hard copy files. We take reasonable steps to ensure that the personal information we keep is protected from misuse, loss or any unauthorised access, modification or disclosure.
We will take such steps as are reasonable in the circumstances to destroy or de-identify personal information that we no longer need.
When are we permitted to collect sensitive information?
The circumstances in which we are permitted to collect sensitive information are:
- the information is reasonably necessary for one or more of our functions or activities and the individual concerned has consented to its collection;
- the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or
- a permitted general situation or permitted health situation (as defined under the Privacy Act) exists in relation to the collection of the information.
What kinds of personal information do we collect?
The kinds of personal information we will collect from you (if any) depends on the relationship we have with you. Examples of the types of personal information that we collect that the Australian Privacy Principles apply to are:
- Contact details.
- Information to confirm identity.
- Bank or credit card details.
- Credit information.
- Information about or related to a service we supply to you.
For what purposes do we use or disclose personal information?
We may use or disclose personal information for the purpose it was collected. Depending on the circumstances, we may use or disclose customer personal information for the following purposes:
- To decide whether to provide a service.
- To provide and administer a service.
- To obtain payment for a service.
- To undertake research and development activities.
- To comply with our legal and regulatory obligations.
- To deal with complaints.
- To protect our rights and entitlements.
Depending on the circumstances we may disclose personal information to:
- Related entities.
- Credit reporting agencies.
- Our suppliers.
- Our contractors or agents.
- Government or regulatory bodies.
- Law enforcement bodies.
- Complaint handling bodies.
- Our professional advisers.
Unless you opt out from receiving direct marketing from us, we, or third parties on our behalf, may also use and disclose your personal information to contact you to provide information to you about our products and services.
We are also permitted to use or disclose personal information for other secondary purposes including the following:
- where the individual has consented to the use or disclosure for the secondary purpose;
- the secondary purpose is related to (or in the case of sensitive information directly related to) the purpose for which the personal information was collected and the individual concerned would reasonably expect us to use or disclose the information;
- the use or disclosure is required or authorised under an Australian law or a court or tribunal order;
- a permitted general or health situation exists as defined in the Privacy Act; or
- we reasonably believe that the use or disclosure of the personal information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
We may also disclose information to data and call centres, IT service providers, mail houses and other service providers we may engage to help manage our information resources. These persons are generally located within Australia but we may also use service providers located overseas including service providers in the Philippines.
How can you access your personal information held by us?
- we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- giving access would have an unreasonable impact on the privacy of other individuals;
- the request for access is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings between us and the individual, and would not be accessible by the process of discovery in those proceedings;
- giving access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
- giving access would be unlawful;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- both of the following apply:
- we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to its functions or activities has been, is being or may be engaged in;
- giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
- giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.
What should you do if you believe personal information held by us about you is wrong?
Where we are satisfied that the personal information is wrong, we will take such steps (if any) as are reasonable in the circumstances to correct the personal information.
How should you complain if you believe we have breached our obligations under the Australian Privacy Principles?
Dealing with us on-line
This policy also applies to personal information that you email to us or provide when using our website.
There are inherent risks in transmitting information across the internet. We cannot ensure the security of personal information transmitted to us via online channels. Once we receive personal information online, we take steps to protect that information from misuse, loss, unauthorised access, modification and disclosure in accordance with this policy.
- each page of the website that you visit;
- your server address;
- the type of browser you are using;
- your operating system;
- your top level domain name;
- the date and time that each page is accessed; and
- documents that you download.
Where searching of our website is enabled, terms that you enter when searching our website may be collected for analytical and system administration purposes, but will not be associated with any other information that we collect, hence the user is not identifiable.
This policy does not apply to, and we are not responsible for, the use of or the protection of information provided to any other websites that may be linked to our website.
How to contact us?
GPO Box 110
HAWTHORN VIC 3122
or via email [email protected]