- What is “personal information”?
The Privacy Act 1988 (Cth) (Act) currently defines “personal information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Some personal information, such as health information, is classifiable under the Privacy Act as “sensitive information” and attracts additional protection in relation to collection and use. Under the current Privacy Act, “sensitive information” includes:
- information or an opinion about an individual’s racial or ethnic origin and sexual orientation and practices;
- health information about an individual; and
- genetic information about an individual that is not otherwise health information.
Under the current Privacy Act, “health information” is defined as:
- information or an opinion about:
- the health, including an illness, disability or injury, (at any time) of an individual;
- an individual’s expressed wishes about the future provision of health services to the individual; or
- a health service provided, or to be provided, to an individual,
that is also personal information;
- other personal information collected to provide, or in providing, a health service to an individual;
- other personal information collected in connection with the donation, or intended donation, by an individual of his or her body parts, organs or body substances;
- genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
You should be aware that the Privacy Act contains certain exemptions which may impact upon our privacy obligations. For example, employee records are generally exempt from an organisation’s obligations under the Act. This exemption does not, however, permit us to use personal information contained in employee records for purposes not connected with the employment relationship. Employee records remain confidential.
- What information do we collect?
The kind of personal information (including sensitive information) that we collect from you will depend upon precisely what services you acquire from us. The personal information (and sensitive information) which we collect and hold about you may include:
- your full name;
- your date of birth;
- your postal and email addresses;
- your age;
- your gender;
- your medical history, including any current or former medical conditions and any medications have taken or are currently taken;
- your ethnic background; and
- details of your lifestyle matters.
We collect sensitive information only with your consent (unless an exception under the Privacy Act applies, such as where the law requires or authorises us to collect it without first obtaining your consent) and only to the extent it is directly relevant to a service we are offering to provide, or providing, to you.
- How we collect your personal information
We will generally collect personal information from you when you provide us with information in the course of your routine dealings with us, including when you are registering to use our goods or services.
By voluntarily providing us with information about yourself, you are consenting to our use of that data in the manner described in this policy.
Where reasonable and practicable to do so, we will collect your personal information (including sensitive information) only from you. However, in some circumstances we may be provided with information by third parties, such as third party health care professionals. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.
If we collect personal information from you via our website, we may use digital cookies to remember your preferences and collect online traffic data and browsing characteristics. Internet cookies are small strings of text placed on users’ hard drive during the data exchange that happens when a browser points to a website. The browser stores the message in a text file which is sent back to the server each time the browser requests a page from the server. Cookies and other information collection technologies can only store information that is explicitly provided by the user or visitor in the first place, or information which is already known to the website such as your IP address. You can choose to adjust your browser to reject cookies or to notify you when they are being used, bearing in mind that rejecting cookies can result in a loss of some website functionality.
- Purpose of collection
The purpose for which we collect personal information is to provide you with the goods or services you are seeking from us or for research purposes. We do not collect personal information which is not required in order to provide such goods or services or to conduct such research.
We may have cause to disclose personal information to our service providers who assist us in operating our computer systems. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties. In the event that we outsource part of our infrastructure, it is possible that the entity we engage for this purpose may also have access to your personal information.
Subject to the foregoing, we only use your personal information in a manner consistent with the original purposes of collection or as otherwise permitted by the Australian Privacy Principles.
If you use our goods or services or participate in any research we are conducting, you consent to the receipt of direct marketing material. We will only use your personal information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive personal information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature. An alternative means of opting out is to contact us as set out below and simply request that you receive no further such communications.
- Access and correction
Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct inaccurate personal information subject to certain exceptions. If you wish to seek access for this purpose, please contact us as set out below.
- Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered by our privacy officer and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.
- Overseas transfer
Your personal information will not be disclosed to recipients outside Australia unless you expressly request us to do so. If you request us to transfer your personal information to an overseas recipient, the overseas recipient will not be required to comply with the Australian Privacy Principles and we will not be liable for any mishandling of your information in such circumstances.
- Amendments to this policy
- How to contact us about privacy
If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact us on: firstname.lastname@example.org.
This policy was last updated in March 2021.