Privacy Policy

DOCUMENT CONTROL INFORMATION Document Name:

Privacy Policy

Board Adoption Date

22 September 2021

Version:

3 (August 2024)

Author:

Catherine Cooper

Revision

Biennially

Available to Public:

Yes

1. Purpose

To outline how The Australian POTS Foundation (APF) manages the collection, quality, security, use and disclosure of personal information.

2. Scope

Applicable to all APF officers, employees and contractors.

3. Responsibilities

The APF Board, is responsible for developing, adopting and reviewing this policy.

The Chief Executive Officer (CEO) is responsible for the implementation of this policy, for monitoring changes in privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.

NB. Where no CEO is appointed, their responsibilities will be assumed by the Chairperson or nominated delegate as approved by the Board.

4. Policy

4.1 Introduction

As the APF respects the privacy of its partners and stakeholders, it has adopted the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Commonwealth) (Privacy Act).

From 21 December 2001, the NPPs govern the way in which private sector organisations collect, use, disclose, store, secure and dispose of your Personal Information.

The Australian Privacy Principles may be obtained from the website of The Office of the Federal Privacy Commissioner at www.privacy.gov.au.

4.2 Collection

The APF will:

  • Only collect information that is necessary for the performance and primary function of the APF
  • Notify stakeholders about why we collect the information and how it is administered
  • Notify stakeholders that this information is accessible to them
  • Collect personal information from the person themselves wherever possible
  • If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected
  • Collect sensitive information only with the person’s consent. (Sensitive information includes health information and information about religious beliefs, race, gender and others)
  • Determine, where unsolicited information is received, whether the personal information could have been collected in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).

4.3 Use and Disclosure

The APF will:

  • Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose
  • For other uses, the APF will obtain consent from the affected person
  • In relation to a secondary purpose, use or disclose the personal information only where:
  • Main purpose example
    1. a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
    2. the person has consented; or
    3. certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety
  • In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and the APF has provided an opt-out and the opt-out has not been taken up
  • In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out)
  • State whether the information is sent overseas and will ensure that any overseas providers of services are as compliant with privacy as the APF is required to be
  • Provide all individuals’ access to personal information except where it is a threat to life or health or it is authorised by law to refuse and, if a person is able to establish that the personal information is not accurate, then the APF must take steps to correct it
  • Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties
  • Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.

4.4 Storage

APF will:

  • Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorised access, interference, unauthorised modification or disclosure
  • Before the APF discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. The APF will have systems which provide sufficient security.
  • Ensure that APF data is up to date, accurate and complete.

4.5 Destruction and de-identification

The APF will:

  • Destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.

4.6 Data Quality

APF will:

  • Take reasonable steps to ensure the information the APF collects is accurate, complete, up to date, and relevant to the functions we perform.

4.7 Data Security and Retention

The APF will:

  • Destroy records in accordance with ACNC record keeping obligations.

4.8 Openness

The APF will:

  • Ensure stakeholders are aware of the APF Privacy Policy and its purposes
  • Make this information freely available upon request.

4.9 Access and Correction

The APF will:

  • Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.

4.10 Anonymity

  • Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.

4.11 Making information available to other organisations

The APF can:

  • Release information to third parties where it is requested by the person concerned or where there is a statutory requirement to do so.

5. Breaches of the Policy

As identified, all personal information breaches should be immediately reported to the CEO If a data breach occurs the APF will respond appropriately as per Part IIIC of the Privacy Act 1988 and the Privacy Amendment (Notifiable Data Breaches) Act 2017. If the breach is likely to result in serious harm to any individuals whose personal information is involved, the APF will meet its notification obligations.

6. Review of the Policy

The Policy is to be periodically reviewed as and when required, or when there is a change in the legislation, but at least biennially.

7. Publication of the Policy

Upon request, this Policy is to be made available to the APF stakeholders.

ANNEXURE A: Privacy Policy – For External Use/Privacy Act Compliance

The Australian POTS Foundation Website Privacy Policy

The APF is committed to protecting your privacy and complies with privacy laws. The Privacy Act regulates the collection, use, disclosure, storage and security of personal information of government agencies and private organisations.

Please note:

  • We collect personal information in response to your request to receive information and to provide information on related events and activities.
  • Your personal information will not be disclosed to outside parties and will only be used by APF.
  • You can request access to any of your personal information by contacting us at admin@potsfoundation.org.au
  • We will assume your consent to the access of your personal information
ShopMembersClinician Directory