Privacy Statement
Privacy Statement
Purpose
This Privacy Policy Statement is prepared in accordance with The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) which made many significant changes to the Privacy Act 1988 (Privacy Act), the associated Australian Privacy Principles (APPs). Details of the changes to the Privacy Act can be found on the Office of Australian Information Commissioners’ website (www.oaic.gov.au).
The APPs set out minimum standards for the way in which organisations deal with individuals' personal information. Under the Act, personal information is defined as
personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Privacy Commitment
The Bushfire and Natural Hazards Cooperative Research Centre (CRC) is committed to the protection of individuals' personal information in accordance with the Privacy Act.
This Privacy Policy Statement (Privacy Policy) explains how the CRC collects, stores, uses and discloses personal information, and the rights of individuals to gain access to information held about them by the CRC.
Collection of Personal Information
The CRC only collects personal information which is necessary in connection with its business purposes. The purposes for which the CRC collects personal information include:
- responding to issues addressed by an individual to the CRC;
- facilitating the conduct of business transactions and operations between the CRC and the individual;
- providing a subscription service to individuals; and
- ensuring that our website at www.bnhcrc.com.au remains relevant to individuals.
The specific types of personal information collected and used by the CRC varies according to the purpose for collection. However, in general this information includes:
- Individuals' names, addresses, contact details (e.g. telephone number, facsimile number and email address, employer and role);
- Information about transactions or dealings between individuals and the CRC; and
- Individuals' areas of interest.
The CRC collects most of the personal information it requires directly from the relevant individual by way of written forms voluntarily completed by the individual. The CRC may also collect information from individuals by telephone, in person, by its employees, or by written correspondence from time-to-time. In certain circumstances, the CRC may also collect personal information about an individual from third parties.
It is important that the CRC collects the information it requires about an individual in order to provide services which remain relevant to that individual.
Where an individual, or entity, provides the CRC with personal information about another individual, they must first ensure that the other individual is aware of:
- The disclosure of their information to the CRC and the purposes for which the information is collected and used by the CRC; and
- the individual's ability to request access to the personal information held about them by the CRC, and to advise the CRC if they think the information is inaccurate, incomplete or out-of-date.
The CRC does not actively collect sensitive information. However, if sensitive information is collected, the CRC will first obtain the consent of the relevant individual, or otherwise ensure that the collection is in accordance with the APPs.
Collection of Personal Information During Research Projects
The CRC is in the business of conducting research which will include the interviewing and surveying of members of the public and organisations. The collection of data will be covered by a higher level of privacy protection including obtaining Human Ethics approval through an Ethics Committee. This Personal Information will be treated in accordance with the requirements outlined in the ethics approval, for that activity. Any publication of material arising from this data will be suitably de-identified.
Use and Disclosure of Personal Information
The CRC may use and disclose an individual's personal information for the primary purpose for which the information was collected, reasonably expected secondary purposes, where the individual has consented, and otherwise in accordance with the APPs, including:
- To provide goods or services to the individual, including a newsletter or similar subscription service;
- To provide information to members of the CRC;
- Where required or authorised by law;
- To provide information to agents, contractors and service providers engaged by the CRC to deliver goods and services or otherwise act on behalf of the CRC, or to provide goods and services to the CRC, these providers will be bound by similar privacy conditions;
- To investigate and resolve complaints concerning the provision of services by the CRC or others associated with the CRC; and
- To provide individuals with updates and other information from time to time about the CRC's goods, services and activities. Individuals may notify the CRC at any time if they do not wish to receive this information.
The CRC’s website and email systems are cloud-based services and therefore may be based outside Australia, however the CRC will only transfer personal information outside of Australia in accordance with the APPs including:
- With the individual's consent (this is deemed to have been give through the entering of information of the CRCs website or through the use of the CRC’s email addresses);
- Where the CRC is under a contractual obligation (with the individual or another party) to do so, or there is some other benefit to the individual; or
- Where the CRC is satisfied that the recipient of the information will uphold principles for the fair handling of personal information, and will not deal with the personal information in a manner inconsistent with the APPs and this Privacy Policy.
Data Quality Storage and Security
The CRC strives to ensure that all personal information held in its records is secure, accurate, complete and up-to-date.
Personal information is held in a combination of electronic and hard copy records stored securely at the CRC's facilities. Hard copy information is stored in secure office facilities, including locked filing cabinets at the CRC's premises. Electronic information is protected by password security and other data protection measures.
Access to personal information is restricted in accordance with the CRC's procedures to those personnel whose job functions require access to such information. Access to customer personal information is restricted to the CRC management personnel. Certain administrative functions may from time to time be contracted out to third parties, and in these cases appropriate security measures are implemented to ensure the security and integrity of all personal information.
Access to Information
Please contact us if you would like to access a copy of your Personal Information or believe that the information we have about you is not up-to-date, complete or accurate. You have the right to request the correction of any information which relates to you and is inaccurate. If you would like the CRC to delete your Personal Information, please let us know and we will take all reasonable steps to delete it unless we are required by law to keep it.
Use of Cookies
The CRC’s website allow anonymous browsing, and does not require a user to identify themselves, unless they wish to register for a service.
The CRC’s website does use Cookies and session information Cookies which are pieces of information that a site sends to your computer's hard disk when you access information on our site. Each time you use your computer to access the site, the information that was previously received is sent back to the site by your browser. Cookies do not identify individual users. However, when you visit the CRC site, our servers may record information about your usage, the time of your visit, its duration, the pages you visit and settings.
The CRC will use information to create aggregate statistics about usage, and other related site information that does not personally identify members. The information we collect through these cookies remains anonymous and is not linked to any Personal Information. If you do not agree to the use of cookies, you can set the preferences on your browser to remove all cookies and reject cookies in the future.
Changes to Privacy Policy
The CRC may review and update this Privacy Policy from time to time to reflect changes in the law, the CRC's business practices and procedures, and the community's changing privacy expectations. Changes to the Privacy Policy will not be notified to individuals, but the latest version of this Privacy Policy will be available from the CRC's Office at any time.
Point of Contact
To request access to personal information held in the CRC's records, to make a privacy related complaint, to obtain more information about the CRC's Privacy Policy or to enquire about privacy matters generally, please contact the CRC's Communications Manager as follows:
The Communications Manager
Bushfire and Natural Hazards CRC Limited
1/340 Albert Street
EAST MELBOURNE VIC 3002
Phone: 03 9412 9600
Email: office@bnhcrc.com.au
More details of the Privacy Act can be obtained from the office of the Australian Information Commissioner www.oaic.gov.au