(Purpose & Principles)
This policy relates to the handling of personal information, which is any information or opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Organisations are required under the Privacy Act 1988 (the Privacy Act) to comply with ten National Privacy Principles under Schedule 3 of the Privacy Act. The Elsema Policy for each principle is set out below.
1.1 We only collect personal information which is necessary for one or more of our functions or activities.
1.2 We only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
1.3 We take reasonable steps to ensure that you are aware at the time of collection of personal information (or as soon as possible afterwards) of the following:
a. the identity of Elsema and how to contact us;
b. the purpose of collection;
c. the fact that you are able to gain access to the information;
d. the organisations (or the types of organisations) to which Elsema usually discloses information of that kind;
e. any law that requires the particular information to be collected; and
f. the main consequences (if any) for you if all or part of the information is not provided.
1.4 In general we do not collect sensitive information without consent. Sensitive information includes information such as racial or ethnic origin, political and religious beliefs, trade union membership, criminal history and health information.
1.5 Where it is reasonable and practicable to do so, we collect personal information about you directly from you unless you are not capable of providing the information.
1.6 Where we collect personal information about you from a third party, we will, where appropriate, request the third party to inform you that we are holding such information, how we will use and disclose the information, and of your rights to contact us to gain access to, correct and update the information. However, we will not make any such request of third parties in special circumstances where it would not be practicable to do so.
2. Use and Disclosure
2.1 Use, in relation to personal information, does not just include mere disclosure of the information, but also includes the inclusion of the information in a publication.
2.2 Disclosure means disclosure outside of the organisation.
2.3 We only use personal information for the primary purpose for which it was collected, or for a related purpose which is within your reasonable expectations.
2.4 We do not disclose the personal information outside of the organisation unless you are aware of or would expect such a disclosure. If we are in doubt, we will seek consent to disclose personal information.
2.5 When using or disclosing personal information, we consider the source of the information – e.g. how and when it was collected, and what you knew at the time of collection. This will assist us in identifying the purpose of collection, and therefore the permitted use of the personal information.
2.6 If we use personal information (other than sensitive information) to send direct marketing material, such as newsletters, we will give you the opportunity to “opt out” of receiving future communications.
2.7 Our staff are trained to comply with our obligations under the Privacy Act and this Policy.
3. Data Quality
3.1 We take all reasonable steps to ensure that personal information is accurate, complete and up to date.
3.2 If we become aware that personal information is incorrect or incomplete, we will endeavour to correct it.
4. Data Security
4.1 We take reasonable steps to protect personal information from misuse and loss from unauthorised access, modification or disclosure. For example, we use passwords for access to computer records and keep hard copy files secure.
4.2 We destroy personal information which is no longer required. Most records are destroyed after 7 years.
5.2 We include a brief statement with respect to privacy on forms used to collect personal information, and mail-outs/newsletters etc, to make individuals aware of our privacy obligations.
5.4 On request, we will explain to individuals in general the types of personal information we hold, for what purposes, and how we collect, hold, use and disclose the information. Our staff are trained to handle general inquiries of this nature, however, if the individual wishes to have access to specific information, they will be referred to the Director.
6. Access and Correction
6.1 In general, you are allowed to have access to personal information held about you. Some exceptions which may apply include, but are not limited to, where:
a. providing access would have an unreasonable impact on the privacy of other individuals; or
b. the request for access is frivolous or vexatious; or
c. providing access would reveal the intentions of Elsema in relation to negotiations with an individual in such a way as to prejudice
those negotiations; or
d. providing access would be unlawful.
6.2 We only accept written requests for access to personal information. Requests are directed to the Director and you may be required to provide proof of identity before the personal information is released to you.
6.3 If you are incapable of requesting access to personal information, then a person acting on your behalf may request access. This person may be the authorised attorney or some other person who is responsible for you. We take reasonable steps to ensure that the person has the authority to make a request for access.
6.4 If you can establish that personal information is incorrect, incomplete or not up to date, then we will endeavour to correct the information.
6.5 If we disagree that the personal information is incorrect, then we may refuse to alter the information. In this case, if you request it, we will make a note of your objection on the file.
6.6 If we deny access or refuse to correct personal information, we will provide you with reasons for this decision.
7.1 An identifier is a number assigned to an individual to identify uniquely the individual, but does not include an individual’s name or ABN.
7.2 Elsema will not adopt as its own identifier of you or use or disclose an identifier of you which has been assigned by a government agency, unless allowed by the National Privacy Principles set out in the Privacy Act.
8.1 If it is lawful and practicable, we will allow you to remain anonymous when dealing with us. For example, where individuals make general inquiries about our organisation and its goods or services, they may wish to remain anonymous.
8.2 If we consider that it is not appropriate to allow you to remain anonymous then we will explain to you the consequences of remaining anonymous. For example, we may not be able to provide you with particular goods or services.
9. Transborder Data Flows
9.1 If we at some stage need to transfer personal information about you outside Australia, then (except where the National Privacy Principles do not require us to do so) we will seek your consent to the transfer of the information if we believe that the overseas third party is not subject to, or has not agreed to comply with, privacy obligations equivalent to those which apply to us under the Privacy Act.
10. Senstive Information
10.1 Sensitive information includes information such as racial or ethnic origin, political and religious beliefs, trade union membership, criminal history and health information.
10.2 Elsema will not collect sensitive information about you unless you have consented, it is required by law or there are other special circumstances.