Introduction
The Board of Australian & New Zealand Trauma Society is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
Purpose
The purpose of this document is to provide a framework for Australian & New Zealand Trauma Society in dealing with privacy considerations.
Policy
Australian & New Zealand Trauma Society collects and administers a range of personal information for the purposes of managing membership, promotion of materials to interested individuals. The organisation is committed to protecting the privacy of personal information it collects, holds and administers.
Australian & New Zealand Trauma Society recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and also reflected in our Privacy Policy, which is compliant with the Privacy Act 1988 (Cth) Australia.
Australian & New Zealand Trauma Society is bound by laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
Australian & New Zealand Trauma Society will
- Collect only information which the organisation requires for its primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
- Store personal information securely, protecting it from unauthorised access; and
- Provide stakeholders with access to their own information, and the right to seek its correction.
Authorisation
Secretary, Australian & New Zealand Trauma Society
[Date of approval by the Board]
Australian & New Zealand Trauma Society
Policies can be established or altered only by the Board.
Procedures: may be established or altered by the Executive of ANZTS
Responsibilities
Australian & New Zealand Trauma Society’s Board is responsible for developing, adopting and reviewing this policy.
Australian & New Zealand Trauma Society’s Secretary is responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.
Processes
Collection
Australian & New Zealand Trauma Society will:
- Only collect information that is necessary for the performance and primary function of Australian & New Zealand Trauma Society.
- Collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
- Notify stakeholders about why we collect the information and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Collect personal information from the person themselves wherever possible.
- If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
- Collect Sensitive information only with the person’s consent or if required by law. (Sensitive information includes health information and information about religious beliefs, race, gender and others).
- Australian & New Zealand Trauma Society will also collect sensitive information about an individual if such collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
- is physically or legally incapable of giving consent to the collection; or
- physically cannot communicate consent to the collection; or
- If Australian & New Zealand Trauma Society collects information during the course of the activities of a non-profit organisation—the following conditions must be satisfied:
- the information relates solely to the members of the organisation or to individuals who have regular contact with it in connection with its activities;
- at or before the time of collecting the information, Australian & New Zealand Trauma Society inform the individual whom the information concerns that it will not disclose the information without the individual’s consent; and
- the collection must be necessary for the establishment, exercise or defence of a legal or equitable claim.
- Australian & New Zealand Trauma Society will collect health information about an individual if:
- the information is necessary to provide a health service to the individual; and
- the information is collected as required or authorised by or under law and in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind the organisation.
- Determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).
Use and Disclosure
Australian & New Zealand Trauma Society will:
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses, Australian & New Zealand Trauma Society will obtain consent from the affected person.
- In relation to a secondary purpose, use or disclose the personal information only where:
- a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
- the person has consented; or
- certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
- In relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and Australian & New Zealand Trauma Society has provided an opt out and the opt out has not been taken up.
- In relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
- In each direct marketing communication with the individual, Australian & New Zealand Trauma Society draws to the individual’s attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications.
- State in Australian & New Zealand Trauma Society privacy policy whether the information is sent overseas and further will ensure that any overseas providers of services are as compliant with privacy as Australian & New Zealand Trauma Society is required to be. Such disclosures will only be made if:
- the oversea recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or
- the individual consents to the transfer; or
- the transfer is necessary for the performance of a contract between the individual and the organisation, or for the implementation of pre contractual measures taken in response to the individual’s request; or
- the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the organisation and a third party; or
- the organisation has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles.
- In relation to the overseas transfer of personal information, if it is impractical for Australian & New Zealand Trauma Society to receive the person’s consent to that transfer, Australian & New Zealand Trauma Society must have sufficient reasons to believe that the person would likely give consent could they be contacted.
- Provide all individuals access to personal information except where it is a threat to life or health or it is authorized by law to refuse and, if a person is able to establish that the personal information is not accurate, then Australian & New Zealand Trauma Society must take steps to correct it. Australian & New Zealand Trauma Society may allow a person to attach a statement to their information if Australian & New Zealand Trauma Societydisagrees it is inaccurate.
- Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
- Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.
- Each written direct marketing communication with the individual must set out [organisation]’s business address and telephone number and, if the communication with the individual is made by fax, telex or other electronic means, a number or address at which the organisation can be directly contacted electronically.
- If the disclosure of sensitive information is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety and it is impracticable for Australian & New Zealand Trauma Societyto seek the individual’s consent before the use or disclosure and the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A, the organisation may make such a disclosure.
- If Australian & New Zealand Trauma Society has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, the organisation may make such disclosures.
- Australian & New Zealand Trauma Society may further disclose personal information if its disclosure is mandated by an enforcement body or is required for the following:
- the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
- the enforcement of laws relating to the confiscation of the proceeds of crime;
- the protection of the public revenue;
- the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
- the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
For the purpose of this Clause, Australian & New Zealand Trauma Society must make a written note of the use or disclosure.
Storage Australian & New Zealand Trauma Society
- Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure.
- Before Australian & New Zealand Trauma Society discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. Australian & New Zealand Trauma Society will have systems which provide sufficient security.
- Ensure that Australian & New Zealand Trauma Society data is up to date, accurate and complete.
Destruction and de-identification Australian & New Zealand Trauma Society
- Destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
- Change information to a pseudonym or treat it anonymously if required by the person whose information Australian & New Zealand Trauma Society holds and will not use any government related identifiers unless they are reasonably necessary for our functions.
Data Quality
Australian & New Zealand Trauma Society will:
- Take reasonable steps to ensure the information Australian & New Zealand Trauma Society collects is accurate, complete, up to date, and relevant to the functions we perform.
Data Security and Retention
Australian & New Zealand Trauma Society will:
- Only destroy records in accordance with the organisation’s Records Management Policy.
Openness
Australian & New Zealand Trauma Society will:
- Ensure stakeholders are aware of Australian & New Zealand Trauma Society’s Privacy Policy and its purposes.
- Make this information freely available in relevant publications and on the organisation’s website.
- On request by a person, Australian & New Zealand Trauma Society must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
Access and Correction
Australian & New Zealand Trauma Society will:
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
- If the individual and Australian & New Zealand Trauma Society disagree about whether the information is accurate, complete and up to date, and the individual asks Australian & New Zealand Trauma Society to associate with the information a statement claiming that the information is not accurate, complete or up to date, the Australian & New Zealand Trauma Society will take reasonable steps to do so.
- Australian & New Zealand Trauma Society will provide to the individual its reasons for denial of access or a refusal to correct personal information.
- Australian & New Zealand Trauma Society can withhold the access of an individual to the persons information if:
- providing access would pose a serious and imminent threat to the life or health of any individual; or
- providing access would have an unreasonable impact upon the privacy of other individuals; or
- the request for access is frivolous or vexatious; or
- the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
- providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- providing access would be unlawful; or
- providing access would be likely to prejudice an investigation of possible unlawful activity; or
- an enforcement body performing a lawful security function asks Australian & New Zealand Trauma Society not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
- Where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision making process, Australian & New Zealand Trauma Society may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
- If Australian & New Zealand Trauma Society decides not to provide the individual with access to the information on the basis of the above mentioned reasons, Australian & New Zealand Trauma Society will consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
- Australian & New Zealand Trauma Society may charge for providing access to personal information. However, the charges will be nominal and will not apply to lodging a request for access.
Identifiers
- Australian & New Zealand Trauma Society will not adopt as its own identifier of an individual an identifier that has been assigned by any third party. It may however adopt a prescribed identifier by a prescribed organisation in prescribed circumstances.
- Australian & New Zealand Trauma Society will not use or disclose the identifier assigned to an individual by a third party unless:
- the use or disclosure is necessary for the organisation to fulfil its obligations to the agency; or
- the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.
Anonymity
- Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.
Making information available to other organisations
Australian & New Zealand Trauma Society can:
- Release information to third parties where it is requested by the person concerned.
Authorisation
Secretary, Australian & New Zealand Trauma Society
[Date of approval by the Board]
Australian & New Zealand Trauma Society
PRIVACY POLICY – FOR EXTERNAL USE/PRIVACY ACT COMPLIANCE
PRIVACY POLICY
Your privacy is important
This statement outlines the Australian & New Zealand Trauma Society ‘s policy on how the Australian & New Zealand Trauma Society uses and manages personal information provided to or collected by it.
The Australian & New Zealand Trauma Society is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The Australian & New Zealand Trauma Society may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to the Australian & New Zealand Trauma Society’s operations and practices and to make sure it remains appropriate to the changing legal environment.
This privacy policy assumes that you are resident in Australia. If you are resident in the UK or Europe, please contact us for more information regarding how we treat your personal information.
What kind of personal information does the Australian & New Zealand Trauma Society collect and how does the Australian & New Zealand Trauma Society collect it?
The type of information the Australian & New Zealand Trauma Society collects and holds includes (but is not limited to) personal information, including sensitive information, about:
- Membership
- Attendees and participants at events held by the organisation.
- Other information as required by policy or law
Personal Information you provide:
The Australian & New Zealand Trauma Society will generally collect personal information held about an individual by way of phone calls, forms, meetings etc. You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people:
In some circumstances the Australian & New Zealand Trauma Society may be provided with personal information about an individual from a third party.
How will the Australian & New Zealand Trauma Society use the personal information you provide?
The Australian & New Zealand Trauma Society will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
In relation to direct marketing, the Australian & New Zealand Trauma Society will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere we will still send you direct marketing information where you have consented and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.
Job applicants, staff members and contractors:
In relation to personal information of job applicants, staff members and contractors, the Australian & New Zealand Trauma Society’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which the Australian & New Zealand Trauma Society uses personal information of job applicants, staff members and contractors include:
- for insurance purposes;
- to satisfy the Australian & New Zealand Trauma Society’s legal obligations,
Where the Australian & New Zealand Trauma Society receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
Volunteers:
The v also obtains personal information about volunteers who assist the Australian & New Zealand Trauma Society in its functions or conduct associated activities, such as to enable the Australian & New Zealand Trauma Society and the volunteers to work together.
Who might the Australian & New Zealand Trauma Society disclose personal information to?
The Australian & New Zealand Trauma Society may disclose personal information, including sensitive information, held about an individual to:
- government departments as authorised by law;
- people providing services to theAustralian & New Zealand Trauma Society, where direct information is required to carry out duties required by law;
- anyone you authorise theAustralian & New Zealand Trauma Society to disclose information to.
Sending information overseas:
The Australian & New Zealand Trauma Society will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
How does the Australian & New Zealand Trauma Society treat sensitive information?
In referring to ‘sensitive information’, theAustralian & New Zealand Trauma Society means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual orientation or criminal record, that is also personal information; and health information about an individual”.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
The Australian & New Zealand Trauma Society’s staff / contractors/ volunteers are required to respect the confidentiality of personal information and the privacy of individuals.
The Australian & New Zealand Trauma Society has in place steps to protect the personal information the Australian & New Zealand Trauma Society holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
We have a data breach response plan, which we would follow in the unlikely event of a privacy or data breach.
When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return (if required). We may also use web beacons, Flash local stored objects and JavaScript. If you adjust your browser settings to block, reject or delete these functions, the webpage may not function in an optimal manner. We may also collect information about your IP address, although this may not identify you (if required).
Updating personal information
The Australian & New Zealand Trauma Society endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the Australian & New Zealand Trauma Society by contacting the Privacy Officer (Secretary)/Secretary of the Australian & New Zealand Trauma Society at any time.
The Australian Privacy Principles and the Health Privacy Principles require the Australian & New Zealand Trauma Society not to store personal information longer than necessary. In particular, the Health Privacy Principles impose certain obligations about the length of time health records must be stored.
You have the right to check what personal information the Australian & New Zealand Trauma Society holds about you.
Under the Commonwealth Privacy Act and the Health Records Act, an individual has the right to obtain access to any personal information which the Australian & New Zealand Trauma Society holds about them and to advise the Australian & New Zealand Trauma Society of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation. To make a request to access any information the Australian & New Zealand Trauma Society holds about you, please contact the Privacy Officer (Secretary) in writing.
The Australian & New Zealand Trauma Society may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, the Australian & New Zealand Trauma Society may charge a fee to retrieve and copy any material. Australian & New Zealand Trauma Society If the information sought is extensive, the Australian & New Zealand Trauma Society will advise the likely cost in advance.
How long will the Australian & New Zealand Trauma Society keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for marketing purposes, as you will have consented to that in writing with us.
Enquiries and privacy complaints
If you would like further information about the way the Australian & New Zealand Trauma Society manages the personal information it holds, please contact the Privacy Officer (Secretary). If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Privacy Officer (Secretary) who will first deal with you usually over the phone. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email: enquiries@oaic.gov.au
- tel: 1300 363 992
- fax: +61 2 9284 9666