1. POLICY STATEMENT
We understand that personal information provided by you to us needs to be handled properly. Your privacy is important to us. We make every effort to maintain the highest standards in dealing with personal information in accordance with the principles set out in the Privacy Act 1988 (Cth). The Privacy Act 1988 (Cth) governs the collection, use, disclosure and storage, of personal information. As well as providing general Australian Privacy Principles (APPs), the Privacy Act 1988 (Cth) provides a framework for the handling of complaints about breaches of privacy, and the role of the Australian Information Commissioner.
In dealing with public sector entities within the State of Victoria, we acknowledge that these entities are bound by the provisions of the Privacy and Data Protection Act 2014 (Vic). We will also make every effort to ensure that we maintain the highest standards in dealing with personal information and data protection in the course of the performance of our obligations as a contracted service provider to those public sector entities to the extent required by the Privacy and Data Protection Act 2014 (Vic) and the Information Privacy Principles (IPPs) in particular.
Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not “Sensitive information” means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record that is also personal information or health information about an individual or genetic information about an individual that is not otherwise health information or biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
3.1. Distribution of this policy
This policy will be:
- displayed at our offices;
- made available on request to anyone who asks for it; and
- provided to all employees and anyone who handles personal information for us.
3.2. Type of personal information to be collected
We collect personal information in a number of ways, including directly, indirectly and through third parties. There include (but are not limited to) the following:
- When you provide information directly to us in person, by phone or in writing (whether electronic, via our communication tools or otherwise);
- Social media;
- When you visit and/or use our website, in which case, we record information sent to us by your computer, mobile device or other access device; and
- From third parties such as our related entities, service providers to us, operators of linked websites, applications and advertising on the Website.
If it is reasonable and practicable to do so, we will endeavour to collect your personal information only from you.
We will ensure that we only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
We will collect only the information that is necessary for the conduct of our business. Information collected will include your name, delivery address, billing address, contact details, details relevant to your order, and details relevant to effect payment.
Although we may use your personal information as stated above, we may also use your personal information for secondary purposes. We may communicate news, promotional offers or special events to you or we may use personal information for marketing, research, planning and product development purposes. We use this information to conduct our business, to provide and market our services, to communicate with you to provide or promote our services and to help us manage and enhance our services. Where you have consented to receiving these communications from us, that consent will remain current until you advise us otherwise. However, you can opt out at any time by contacting our Privacy Officer or by unsubscribing to our commercial electronic messages as set out below.
3.3. Use of personal information
We use your personal information to carry out business with you, to facilitate our financial dealings with you, for internal product analysis, for promotion and direct marketing of our products and services to you, for our internal product/service analysis and to comply with the applicable laws.
Any promotional or direct marketing messages sent to you by us via email, in accordance with the Spam Act 2003 will only be sent with your consent (you may give express consent or consent may be inferred from your conduct and existing business relationship). You can choose not to receive messages from us in the future at any time by using our unsubscribe facility.
3.4. Disclosure of personal information
We may disclose personal information held about you to:
- Government departments or agencies as part of our legal obligations;
- Insurance providers in relation to specific claims;
- Law enforcement agencies;
- Anyone to whom you authorise us to disclose the information;
- Anyone else where authorised by law.
Other companies or individuals who assist us in providing services or who perform functions.
3.5. Treatment of sensitive information
We will not collect Sensitive information from you unless you have consented for us to do so or otherwise required by law.
3.6. Management and security of information
In order to protect your personal information from misuse, loss, unauthorised access, modification or disclosure, we will ensure that:
- Access will be limited to staff who require this information in order to do their jobs;
- It will not be left in areas that allow unauthorised access;
- The physical storage of all materials will be in a secure cabinet or area;
- There is security in transmission:
- Emails will only be sent to a person authorised to receive this material;
- Only limited personal information will be provided over the telephone to persons authorised to receive that information;
- Transfer of information overseas will only occur with your permission.
We will use all reasonable endeavours to keep your personal information in a secure environment, however, this security cannot be guaranteed due to the nature of the internet. We take reasonable steps to protect personal information held from misuse and loss and from unauthorised access, modification or disclosure, for example by use of physical security and restricted access to electronic records. Where we no longer require your personal information we will take reasonable steps to destroy it. These measures are designed to assist in your personal information not being accessed by unauthorised personnel, lost or misused. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us.
3.7. Data quality
We will endeavour to ensure that your personal information we hold is accurate, completed, up to date and relevant to our functions or activities.
3.8. Access to information and updating personal information
All reasonable steps are taken by us to ensure that your personal information held by us is accurate, complete and up to date. If you believe that any of your personal information is inaccurate, please contact us (details below) and subject to the exceptions set out in the Privacy Act 1988 (Cth), you may seek access to and correction of the personal information which we hold about you and we will take all reasonable steps to correct it within a reasonable timeframe. We may deny access where:
- The request is frivolous or vexatious;
- Providing access would have an unreasonable impact on the privacy of other individuals;
- Providing access would pose a serious threat to the life or health of any person;
- We are involved in detection, investigation or remedying of serious improper conduct and providing access would prejudice that; or
- Pursuant to any exceptions contained in the Privacy Act 1988 (Cth) and the Privacy and Data Protection Act 2014 (Vic).
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with us.
3.10. Transborder Data Flow
We may transfer your personal information to someone who is outside of Victoria only if we reasonably believe that the recipient of information is subject to a law, binding scheme or contract which effectively upholds the principles for fair handling of information that are substantially similar to the IPPs and the APPs; or if you consent to the transfer or it is necessary to perform the contract between you and us in consideration of your interest.
3.11. Disposal of information
We will not store information longer than necessary. In disposing of personal information we will ensure that it is either shredded or destroyed in such a way that no one can access the information.
4. KEY RESPONSIBILITIES AND AUTHORITIES
Management is responsible for ensuring the overall responsibility for the implementation of this policy. Both Management and employees are responsible for the collection, use, disclosure, access, storage and disposal of information in line with this policy and the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).
5. HOW YOU CAN MAKE A PRIVACY RELATED COMPLAINT
If you have any questions about privacy-related issues or wish to complain about a breach of the APPs, IPPs when we act as a contracted service provider in a State contract, or the handling of your personal information by us, please contact us (details below). We may ask you to lodge your complaint in writing. Any complaint will be investigated by our Privacy Officer and you will be notified of the making of a decision in relation to your complaint as soon as is practicable after it has been made (usually within 30 days). If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (details below).
MEMBERBenefits Pty Ltd
PO Box 2200
Mornington Vic 3931
For more information on privacy in Australia, please visit the Australian Commonwealth Government’s Office of the Australian Information Commissioner’s website www.oaic.gov.au