1. POLICY STATEMENT
We understand that personal information provided by you to us needs to be handled properly. Your privacy is important to us. We take reasonable steps to manage personal information in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
The Privacy Act 1988 (Cth) sets out how personal information may be collected, used, disclosed and stored. It also establishes the Notifiable Data Breaches Scheme and provides a framework for handling privacy complaints through the Office of the Australian Information Commissioner (OAIC).
In dealing with public sector entities within the State of Victoria, we acknowledge that these entities are bound by the Privacy and Data Protection Act 2014 (Vic). We will also comply with the Information Privacy Principles (IPPs) as required when acting as a contracted service provider to Victorian government agencies.
2. DEFINITIONS
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
“Sensitive information” means information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information that is not otherwise health information, or biometric information used for verification or identification.
3. PROCEDURES
3.1. Distribution of this policy
- Displayed at our offices;
- Made available on request to anyone who asks for it; and
- Provided to all employees and anyone who handles personal information for us.
3.2. Type of personal information to be collected
We collect personal information in a number of ways, including directly, indirectly and through third parties. These include (but are not limited to):
- When you provide information directly to us in person, by phone or in writing (including electronic forms);
- Via social media;
- When you visit or use our website, in which case we may record information sent to us by your computer, mobile device or other access device, including cookies or tracking technologies;
- From third parties such as related entities, service providers to us, operators of linked websites, applications and advertising platforms.
If it is reasonable and practicable to do so, we will endeavour to collect your personal information only from you.
We only collect information by lawful and fair means and not in an unreasonably intrusive way. We collect only the information necessary for the conduct of our business, such as your name, delivery address, billing address, contact details, order details and payment details.
We may also use your personal information for related secondary purposes, including news, promotional offers or special events, marketing, research, planning and product development. You can opt out at any time by contacting our Privacy Officer or by unsubscribing to our communications.
3.3. Use of personal information
We use your personal information to:
- Carry out business with you;
- Facilitate our financial dealings with you;
- Conduct internal product and service analysis;
- Promote and directly market our products and services (with consent);
- Comply with applicable laws.
Any promotional or direct marketing messages sent to you by us via email will comply with the Spam Act 2003. You may opt out at any time.
3.4. Disclosure of personal information
We may disclose personal information to:
- Government departments or agencies as part of our legal obligations;
- Insurance providers in relation to specific claims;
- Law enforcement agencies;
- Service providers who assist us in providing services (such as cloud hosting, payment processors and IT support);
- Anyone to whom you authorise us to disclose the information;
- Others where required or authorised by law.
3.5. Treatment of sensitive information
We will not collect sensitive information from you unless you have consented for us to do so or otherwise required by law.
3.6. Management and security of information
We take reasonable steps to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. These include:
- Limiting access to staff who require the information to do their jobs;
- Secure storage of physical records;
- Restricted access to electronic records;
- Secure transmission of information, including email controls;
- Transfer of information overseas only in compliance with APP 8 requirements and with your consent where required.
Where we no longer require your personal information, we will take reasonable steps to destroy or de-identify it.
3.7. Data quality
We take reasonable steps to ensure that your personal information is accurate, complete, up to date and relevant to our functions or activities.
3.8. Access to and correction of personal information
You may request access to personal information we hold about you and request correction if it is inaccurate, subject to exceptions under the Privacy Act 1988 (Cth) or the Privacy and Data Protection Act 2014 (Vic). Requests should be made to our Privacy Officer.
We may deny access where:
- The request is frivolous or vexatious;
- Providing access would unreasonably impact the privacy of others;
- Providing access would pose a serious threat to life or health;
- Access would prejudice investigations or enforcement activities; or
- Another exception under the law applies.
3.9. Anonymity
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when dealing with us.
3.10. Transborder data flow
We may transfer your personal information overseas only where:
- The recipient is subject to a law or binding scheme substantially similar to the APPs and IPPs; or
- You consent to the transfer; or
- It is necessary for us to perform our contract with you.
3.11. Notifiable data breaches
If we become aware of a data breach that is likely to result in serious harm to individuals, we will comply with the Notifiable Data Breaches Scheme, including notifying affected individuals and the OAIC as required by law.
3.12. Disposal of information
We will not store personal information longer than necessary. Disposal will occur in a secure manner, including shredding or secure electronic deletion.
4. KEY RESPONSIBILITIES AND AUTHORITIES
Management is responsible for ensuring the implementation of this policy. Both management and employees are responsible for handling personal information in line with this policy, the APPs and the IPPs.
5. HOW YOU CAN MAKE A PRIVACY RELATED COMPLAINT
If you have any questions about privacy issues or wish to complain about a breach of the APPs, IPPs, or the handling of your personal information by us, please contact our Privacy Officer (details below). We may ask you to lodge your complaint in writing. Any complaint will be investigated and you will be notified of the outcome, usually within 30 days.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC). For Victorian government-related matters, you may also contact the Office of the Victorian Information Commissioner.
6. CHANGES TO THIS PRIVACY POLICY
We may amend this Privacy Policy at any time. Updated versions will be published on our website. We encourage you to check for updates. Changes will not have retrospective effect and will not alter how we handle previously collected personal information.
If you have any questions or concerns relating to this Privacy Policy or the way in which we deal with your personal information, please contact:
Privacy Officer
MEMBERBenefits Pty Ltd
PO Box 2200
Mornington Vic 3931
Email: info@memberbenefits.com.au
For more information on privacy in Australia, visit the OAIC website: www.oaic.gov.au