Privacy Policy
Date of Review: June 2015
INTRODUCTION
The Board of RVBRFCS is committed to protecting the privacy of personal information which the Organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
RVBRFCS recognises the importance of the Australian Privacy Principles (“APP’s”) and the protection of the privacy of all personal information of individuals which it collects, holds and uses in the course of its activities. Personal information is information or an opinion about an identified individual or about an individual who is reasonably identifiable. The APP’s prescribed in the Privacy Act 1988 as amended (“the Act”) apply to RVBRFCS and all other organisations, and this policy is intended to implement the APP’s and RVBRFCS’s obligations under the APP’s.
PURPOSE
The purpose of this document is to provide a framework for RVBRFCS in dealing with privacy considerations. It sets out two policy documents:
- A policy statement for employees in dealing with a User’s Personal Information; and
- A policy statement applicable to Users of the RFCS prescribing their rights in relation to Personal Information
GENERAL POLICY STATEMENT
RVBRFCS collects and administers a range of personal information for the purposes of providing services for government funding bodies. The Organisation is committed to protecting the privacy of personal information it collects, holds and administers in accordance with its Privacy Policies.
In broad terms this means that RVBRFCS will:
- Collect only information which the Organisation requires for its primary function;
- Ensure that stakeholders are informed as to why the Organisation collects the information and how the Organisation administers the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent un accordance with the Organisation’s policies;
- Store personal information securely, reasonably protecting it from unauthorised access; and
- Provide stakeholders with access to their own information, and the right to seek its correction in accordance with the organisation’s policies and relevant Privacy laws.
POLICY – EMPLOYEES WORKING WITH RVBRFCS USERS
RVBRFCS employees shall adopt the following processes in dealing with and handling any RVBRFCS Users Personal Information:
Collection
RVBRFCS Employees will:
- Only collect information that is necessary for the performance and primary function of RVBRFCS.
- Notify stakeholders about why we collect the information and how it is administered by providing them with a copy of the Organisations Privacy Policy with respect to RVBRFCS Users (“clients”).
Use & Disclosure
RVBRFCS Employees will:
- Only use or disclose information for purposes as stated in the Organisations Privacy Policy with respect to a client’s Personal Information.
- Obtain the consent from the affected person where necessary.
Data Quality
RVBRFCS Employees will:
- Take reasonable steps to ensure the information we collect is accurate, complete, up-to-date, and relevant to the functions we perform as stated in the Organisations
- Privacy Policy with respect to a client’s Personal Information.
Data Security and Retention
RVBRFCS Employees will:
- Safeguard the information we collect and store against misuse, loss, unauthorised access and modification in accordance with the Organisations Privacy Policy with respect to a client’s Personal Information.
- Only destroy records in accordance with Administration & Records Management Policy.
Openness
RVBRFCS Employees will:
- Ensure stakeholders are aware of RVBRFCS’s Privacy Policy and its purposes by providing them with a copy of the Organisation’s Privacy Policy.
- Make this information freely available and on the Organisation’s website.
Access and Correction
RVBRFCS Employees will:
- Ensure individuals have a right to seek access to information held about them and to correct it – if it is inaccurate, incomplete, misleading or not up-to-date in accordance with the Organisation’s Privacy Policy with respect to a client’s Personal Information.
Making information available to other service providers
RVBRFCS Employees:
- shall only release personal information about a client in accordance with the terms of Organisation’s Privacy Policy with respect to a client’s Personal Information.
Basic rules for employees:
- In order to assist the Organisation comply with its Privacy requirements and to avoid any breach of the Organisation’s Privacy Policy by an employee, the following procedure should be adopted by employee’s when collecting a client’s personal information.
The client should be informed of the name of the service and how the service can be contacted if applicable. - The clients should sign the Client Service Agreement and Privacy Declaration Form.
- The clients should be provided with a copy of the Organisations Privacy Statement.
- The clients should be provided with a copy of the Organisations Privacy Policy relating to a client’s personal information and should have the policy briefly explained to them.
RESPONSIBILITY
The Organisation’s Board, Executive Officer, all staff members and volunteers are responsible for the implementation of this Privacy Policy.
The Board is responsible for monitoring changes in Privacy legislation and for reviewing this policy as and when the need arises.
EMPLOYEE OBLIGATIONS
In addition to the obligations owed by an employee under the Privacy Policy for dealing with a client’s Personal Information prescribed above, all employees are required to adhere to the following:
- All employees undertake not to disclose to any person, or make use of, any information or material in respect of any customer/client, supplier or other employee, which has been obtained by the Employee during the course of his/her employment except in accordance with the provisions of the Organisation’s Privacy Policy.
- All employees shall not remove or copy any information, including client’s personal information, from the Employer’s premises without the consent of the Employer.
- The restrictions contained in sub clause (a) and (b) above do not apply to:
a) The use or disclosure of such information in the normal course of the Employee’s duties: and
b) Information which has already become public knowledge other than as a result of a breach of this clause by the employee.
POLICY – RVBRFCS USERS (“CLIENTS”)
1. We respect your privacy
- RVBRFCS (“the Organisation”) respects your right to privacy and this policy sets out how we collect and treat your personal information.
“Personal information” is information we hold which is identifiable as being about you. - RVBRFCS collects and administers a range of personal information for the purposes of providing services for government funding bodies. The Organisation is committed to protecting the privacy of personal information it collects, holds and administers.
- RVBRFCS recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies.
2. What personal information we collect
We may collect personal information from you, including but not limited to the following:
- name
- address
- phone number
- email addresses and fax numbers
- information about the goods or services you have ordered
- information from enquiries you have made
- communications between us
- credit card information
- financial Information including payment information (which may include banking or credit card information);
- spending and buying habits;
- loans and/or mortgages;
- property interests;
- business information relevant to our Organisation, including information concerning any business or enterprise in which you are involved either directly or indirectly.In some cases we may in addition collect video or photographic image of you for use in our publications.In the normal course of the operation of the organisation we also collect from service providers and applicants for employment, such personal information as is necessary for the day to day operations of the Organisation.
3. How we collect your personal information
We collect personal information from you in a variety of ways, including in written form, when you interact with us electronically or in person, online or by telephone,; when you access our website; and when we provide our services to you.
To ensure that clients receive a service through the Organisation that are or may be government funded projects or funded by outside parties, government departments and/or third parties will, from time to time, collect details of clients involved in the said projects for the purpose of conducting client surveys, as well as for assessment, monitoring of project delivery and to permit necessary database maintenance. This information is passed onto the Organisation.
4. Use and purpose of collecting your personal information
Our purposes for collecting and holding personal information are:
- improve our service to you;
- to enable us to offer products and services to clients;
- to enable us to keep clients informed by means of various media about issues affecting industry sectors, policy initiatives and upcoming events;
- to organise our conferences, functions, events, seminars, meetings and generally to manage the clients so as to fulfil our functions;
- to enable us to comply with our constitutional or corporations law obligations,
- to enable us to assess job applications and to employ staff.
- We do not give personal information to third parties for the purpose of direct marketing but we may use personal information for the purpose of offering products and services to clients via us or through our business partners. Clients may elect to opt out of receiving such communications by sending an email or letter to the Privacy Officer and we must action the clients request within a reasonable period.
1. From time to time we disclose member’s personal information to:
- relevant Government Departments
- Rural Financial Counselling branches to assist in branch activities;
- Rural Financial Counselling delegates or committee’s;
- companies with which we have partnership arrangements, to enable client’s to obtain discounted goods or services;
- companies engaged by us to assist in the provision of our services to you
- national councils or other peak commodity bodies in which we participate;
- banks or lending institutions with which we have arrangements in the provision of our services;
- our advisors;
- suppliers of IT services and/or client marketing services;
- third parties engaged by the us to provide services to you for the purpose of, providing services requested by you or to protect any intellectual property rights in any materials displayed on or otherwise available from our website;
- associated or subsidiary organisations which we administer.
5. Disclosure of your personal information overseas
We are likely to disclose your personal information to recipients in the following countries:
Australia
It is not likely that we will disclose personal information to overseas recipients, but if such disclosure were to occur we recognise the obligation to take reasonable steps to ensure that the overseas recipient does not breach the APP’s in relation to the information.
6. Security of your personal information
We take reasonable steps to protect your personal information. However we are not liable for any unauthorised access to this information.
Your personal information is stored in a combination of computer storage facilities and paper based files and other records. We will also take reasonable steps to protect your personal information from misuse, loss and from unauthorised access, modification or disclosure in accordance with the requirements of our privacy policy and the National and/or Australian Privacy Principles.
We do contract out our data storage and compilation of mailouts, but we take steps to protect the information including ensuring that third parties are subject to privacy obligations. We have internal policies and procedures in place to prevent unauthorised access, modification, disclosure or misuse of personal information.
7. Access to your personal information
As an individual for whom we hold personal information you may request access to the personal information. We will endeavour to respond to the request within 30 days, but in any event will respond within a reasonable period from when the request is received. We will provide you with access to the personal information unless one of the several reasons for refusal set out in the APP’s applies. These reasons include such matters as that access would be unlawful or would unreasonably impact on the privacy of other individuals.
A request for access should be made by email or letter to our Privacy Officer. Alternatively, you can access and update your personal information by contacting us on 02 6662 5055.
We will impose the following charges as reasonable reimbursement of the costs we incur in providing access.
Retrieval of information Charge after request made – $50.00
Photocopying (B & W) of Information – 20c per page;
Faxing information to individual – $1.00 per page;
Mailing Costs – At CostBy law, you have the right to review the personal information the Organisation has on file about you and you may request that information be corrected if you believe it to be incorrect.Following a request, we will provide you with a copy of any personal information, which we hold about you in accordance with our obligations under the PrivacyLegislation.
8. Anonymity and Pseudonymity
Under the APP’s individuals have the option of dealing with an organisation anonymously or by use of a pseudonym unless it is impractical for the organisation to deal with the individual on this basis. While an individual may deal with us anonymously or by use of a pseudonym for the purpose of telephone or general enquiries, we are a client based organisation and it is impractical for us to otherwise deal with individuals who do not identified themselves or who use a pseudonym.
9. Government Identification
Unless otherwise authorised under the provisions of this Policy, we will not adopt, use or disclose a government related identifier of an individual, unless this is required or authorised under an Australian law or by an order of a court or tribunal or unless appropriate in accordance with
10. Correction
We must take reasonable steps to correct personal information about you, which is inaccurate, out of date, incomplete, irrelevant or misleading, and you may request us to do this by contacting the Privacy Officer. We must respond to a request within a reasonable time and if we have disclosed the personal information to any other organisation we must notify that other organisation of the correction.
If we decline to make the correction we must give you written reasons and you may require us to hold with the relevant personal information a statement recording your request.
11. Complaints about privacy
You should contact the Privacy Officer if you, as an individual for whom we hold personal information, wish to make a complaint that we have breached the APP’s in some way, for example in relation to how personal information is collected, how it is stored, or how it is used or disclosed.
All complaints will be logged on a database/complaints register and it is our aim to resolve any such complaint in a timely manner. Your initial complaint may be oral or in writing but you may be required to provide additional information (which may be written information) so that the complaint can be properly investigated.
If the complaint cannot be resolved by discussion at the level of initial contact, it will be referred to our CEO for consideration. You will be informed of the decision of the CEO and the reasons for the decision.
If you remain dissatisfied you may refer your complaint to the Board of the RVBRFCS or alternatively, the Office of the Australian Information Commissioner.
12. Changes
Please be aware that we may change this Privacy Policy in the future. The revised versions will be uploaded onto our website, so please check back from time to time.
13. Website
When you come on to our website we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
Cookies
As is very common for companies, we use cookies on our website. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site. Cookies are not malicious programs that access or damage your computer. We use cookies to improve the experience of people using our website.
Third party sites
Our site has links to other websites not owned or controlled by us. We are not responsible for these sites or the consequences of you going on to those sites.
14. Contact Details
You can contact or advise our Privacy Officer of any request for access or to correct your information, or to request your information be removed. Our Privacy Officer can be contacted through in the following ways:
Telephone: during business hours on 02 6662 5055 at a local call cost.
Email: shirley.mcnaughton@rfcsnsw-northernregion.org
Fax: to the attention of The Privacy Officer on 02 6662 5055.
Mail:
The Privacy Officer
Level 1, Suite 2/75 Magellan Street, Lismore NSW 2480
PO Box 54, LISMORE 2480.
Privacy Officer: The Privacy Officer is Shirley McNaughton, Executive Officer
16. Availability of this Policy
This policy is available on our website. A hard copy can be obtained by contacting the Privacy Officer.