Purpose
This Privacy Policy details how we protect privacy and how we comply with the requirements of the Privacy Act 1998 (Cth) and the 13 Australian Privacy Principles. This policy also describes:
- from whom we collect information;
- the types of personal information collected and held by us;
- how this information is collected and held;
- the purposes for which personal information is collected, held, used and disclosed;
- how to can gain access to personal information and seek its correction;
- how to complain or inquire about our collection, handling, use or disclosure of personal information and how that complaint or inquiry will be handled; and
- whether we are likely to disclose personal information to any overseas recipients.
Background
The Privacy Act 1998 (Cth) was amended in 2013 with a number of significant changes which took effect from 12 March 2014. These changes included the introduction of the 13 Australian Privacy Principles.
Definitions
The Privacy Act 1988 (Cth) defines the following terms:
Personal information
Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
Health information
Information or an opinion about the health or a disability (at any time) of an individual.
Sensitive information
(a) information or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- that is also personal information; or
(b) health information about an individual; or
(c) genetic information about an individual that is not otherwise health information.
Policy Statement
From whom we collect personal information
In the course of our operations we may collect personal information from students, potential students, commercial clients, donors, employees, prospective employees, consultants and contractors.
Types of personal information we collect
In the course of our operations we may collect:
- personal information including names, addresses and other contact details, dates of birth and financial information.
- sensitive information including government identifiers (such as TFNs), nationality, country of birth, professional memberships, family court orders and criminal records.
- health information (particularly in relation to prospective employee records) including medical records, disabilities, immunisation details and psychological reports.
How we collect and hold personal information
How we collect personal information will largely be dependent upon whose information we are collecting. If it is reasonable and practical to do so, we collect personal information directly from the person.
Where possible we have attempted to standardise the collection of personal information by using specifically designed forms (e.g. those for our online donors). However, given the nature of our operations, we often also receive personal information by email, letters, notes, exchange of business cards, over the telephone, in face‐to‐face meetings and through financial transactions.
We may also collect personal information from other people (e.g. a third party referee) or independent sources. However, we only do so where it is not reasonable and practical to collect the information from the person directly.
Sometimes we may be provided with personal information without having sought it through our normal means of collection. We refer to this as ‘unsolicited information’. Where we collect unsolicited information we hold, use and or disclose that information only if we could otherwise do so had we collected it by normal means. If that unsolicited information could not have been collected by normal means then we destroy, permanently delete or de‐identify the information as appropriate.
How we use personal information
We use personal information only if it is reasonably necessary for one or more of our activities (the primary purpose) or for a related secondary purpose that would be reasonably expected by the person, or to which the person has consented.
Our uses of personal information include but are not limited to:
- publication and distribution of newsletters to our donors;
- satisfying our legal obligations;
- marketing and promotional activities including communicating with person about the ministries we provide;
- helping us to improve our operations including training our employees; systems development; developing new programs and services; undertaking planning, research and statistical analysis;
- the employment of employees; and
- the engagement of contractors and consultants.
We collect sensitive information reasonably only if it is necessary for one or more of our activities:
- if we have the consent of the individuals to whom the sensitive information relates; or
- if the collection is necessary to lessen or prevent a serious threat to life, health or safety; or
- another permitted general situation or another permitted health situation exists.
Storage and security of personal information
We store personal information in a variety of formats including on databases, in hard copy files and on personal devices, including laptop computers.
The security of personal information is of paramount importance to us and we take all reasonable steps to protect the personal information we hold about from misuse, loss, unauthorised access, modification or disclosure. These steps include:
- restricting access to information on our databases on a need to know basis with different levels of security being allocated to employees based on their roles and responsibilities.
- ensuring all employees are aware that they are not to reveal or share personal passwords.
- ensuring where sensitive information is stored in hard copy files that these files are stored in lockable filing cabinets in lockable rooms. Access to these records is restricted to employees on a need to know basis.
- implementing physical security measures at our premises to prevent break‐ins.
- implementing ICT security systems, policies and procedures designed to protect personal information storage on our computer networks.
- implementing human resources policies and procedures, such as email and internet usage, confidentiality and document security policies, designed to ensure that employees follow correct protocols when handling personal information.
- undertaking due diligence with respect to third party service providers who may have access to personal information, including cloud service providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a similar privacy regime.
Personal information we hold that is no longer needed, or required to be retained by any other laws, is destroyed in secure manner, deleted or de‐identified as appropriate.
Our website may contain links to other websites. We do not share personal information with those websites and we are not responsible for their privacy practices. Please check their privacy policies.
When we disclose personal information
We use personal information only for the purposes for which it was given to us, or for purposes which are directly related to one or more of our activities. We may disclose personal information to government agencies, and other recipients from time to time, only if one or more of the following apply:
- the person has consented;
- the person would reasonably expect us to use or disclose their personal information in this way;
- we are authorised or required to do so by law;
- disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety;
- where another permitted general situation applies or another permitted health situation exists;
- disclosure is reasonably necessary for a law enforcement related activity.
Disclosure of personal information to overseas recipients
We may disclose personal information about an individual to overseas organisations that help us provide our services, in certain circumstances, such as when storing information with a “cloud service provider” which stores data outside of Australia. We take all reasonable steps not to disclose an individual’s personal information to overseas recipients unless:
- we have the individual’s consent which may be implied;
- we have satisfied ourselves that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy regime;
- we form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety; or
- we are taking appropriate action in relation to suspected unlawful activity or serious misconduct.
How we ensure the quality of personal information
We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up‐to‐date. These steps include ensuring that the personal information is accurate, complete and up‐to‐date at the time of collection and when using or disclosing the personal information.
On an ongoing basis we maintain and update personal information when we are advised by individuals or when we become aware through other means that their personal information has changed.
Please contact us if any of the details you have provided change. Individuals should alsocontact us if they believe that the information we have about them is not accurate, complete or up‐to‐date.
How an individual can gain access to their personal information
An individual may request access to the personal information we hold about them, or request that we change the personal information, by contacting us.
If we do not agree to provide an individual with access or to amend their personal information as requested, the individual will be notified accordingly. Where appropriate we will provide that individual with the reason(s) for our decision. If the rejection relates to a request to change an individual’s personal information that individual may make a statement about the requested change and we will attach this to their record.
Privacy complaints
If an individual wishes to make a complaint about a breach by us of the Australian Privacy Principles, that individual may do so by phoning us or providing their written complaint by email or letter to any one of our contact details as noted below.
We will respond to that complaint within a reasonable time, usually no longer than 30 days, and we make seek further information from the individual in order to provide a full and complete response. The complaint may also be taken to the Office of the Australian Information Commissioner.
How to contact us
Individuals can contact us about this Privacy Policy or about their personal information by:
- phoning the College on 02 9577 9977 and asking for the College Risk & Compliance Officer;
- emailing compliance.officer@moore.edu.au
- writing to Moore College Risk & Compliance Officer at 1 King Street, Newtown, NSW 2042.
If practical, individuals can contact us anonymously (i.e. without identifying themselves) or by using a pseudonym. However, if individuals chooses not to identify themselves, we may not be able to give that individual the information or provide the assistance they might otherwise receive if it is not practical to do so.
Changes to our privacy and information handling practices
This Privacy Policy is subject to change at any time. Please check our Privacy Policy on our website (www.moore.edu.au) regularly for any changes.