Privacy. Policy. Purpose. Coverage. Policy. Code and version control:

Similar documents
The following guidelines have been developed to assist all staff with the adherence to the Privacy & Data Protection Act (Vic) 2014 (the PDP Act ).

To confirm Bendigo Kangan Institutes efforts to meet its obligations under State and Federal legislation to manage personal and private information.

Legal Compliance Education and Awareness. Privacy Act (Commonwealth)

Privacy Policy. Responsible Officer. General Counsel Approved by

Privacy & Data Protection Procedure-Box Hill Institute Group

Privacy Policy. Naval Group

EQUAL ACCESS FUNDING PTY LTD PRIVACY POLICY

Aboriginal Housing Victoria (AHV) Privacy Policy

We are committed to safeguarding your personal information in accordance with the requirements of the Privacy Act 1988.

MONASH UNIVERSITY PRIVACY COMPLIANCE MANUAL

* Unless otherwise indicated, this policy will still apply beyond the review date.

personal information AML information

Synergy Accountants are tax agents registered under the Tax Agent Services Act 2009 and are subject to the Taxation Administration Act 1953.

Privacy Policy. Football Federation Victoria. Effective March Amended March Mitchell Murphy CEO

Privacy Policy. Who we are. Definitions

Privacy Policy. Amendment History. Trustee Name

We are bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles set out in the Act.

PRIVACY AND CREDIT REPORTING POLICY

Where our documents ask for personal information, we will normally state the general purposes for its use and to whom it may be disclosed.

National Privacy Principles - Soccer NSW [POLICY]

University of Wollongong

GUIDELINES FOR THE CONTRACTING OUT OF RESEARCH ACTIVITIES

Arcare Aged Care APP Privacy Policy

ASTRAZENECA GLOBAL POLICY DATA PRIVACY

PRIVACY STATEMENT. For further details on PCB s privacy policy contact:

JPMorgan recognises the importance of the personal information we hold about individuals and the trust they place in us.

Privacy policy June 2014

Fitzwilliam College Data Protection Policy

Privacy Policy. NESS Super is committed to respecting your right to privacy and protecting your personal information.

A guide to compliance with privacy laws in Australia

Privacy Policy. IS Industry Fund Pty Ltd ATF Intrust Super. Revision History. The table below sets out the history of this document.

Privacy Policy. Effective Date 1 December 2017

Who are we? Our commitment to protect your privacy

Hazards in Handling Health Records

Please retain this for your files. ONLINE REFERENCE NUMBER Smartform number

Our privacy commitment to you. What types of personal information is collected and why? About us. Personal information. What is personal information?

ING Privacy Policy. Issued June 2017

Management of Personal Information Policy (Privacy Policy)

STEADFAST UNDERWRITING AGENCIES PRIVACY POLICY

BERKLEY INSURANCE COMPANY PRIVACY POLICY

Privacy fact sheet 17

Voyages Privacy Policy

In the name of Allah the most Beneficent the most Merciful 18/9/2018. Privacy Policy

What types of personal information is collected and why? Our privacy commitment to you. Personal information. What is personal information?

Please retain this for your files. ONLINE REFERENCE NUMBER Smartform number

Connective Credit Services Pty Ltd ABN Address. Level 20, 567 Collins Street, Melbourne VIC 3000 Telephone

BWA Financial Group Pty Ltd Privacy Policy

BOSTON CAPITAL PTY LTD ( BC ) ABN PRIVACY POLICY

1.1 This document is the Privacy Policy of Ricoh Australia Pty Ltd (ABN

AMIST Super. Privacy Policy

Guide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information

YMCA SOUTH AUSTRALIA Privacy Policy

We may collect personal information about you such as: Your name, current address, previous address details;

4 Up Skilling Pty Ltd. Privacy Policy

Victorian Taxi Directorate

IMB s Privacy Policy. imb.com.au ued1018. Contents. Overview. What personal information we collect

RAMS Privacy Policy. When you trust us with your personal information, you expect us to protect it and keep it safe.

Privacy Policy. Brambles Limited. Instituted: 30 April 2014 {EXT }

Australian Privacy Policy

This policy is also accessible on the Equestrian Australia (EA) website:

ANZ PRIVACY POLICY PROTECTING YOUR PRIVACY _ANZ PRIVACY POLICY_77562.indd 1 29/04/2016 9:37 am

Welcome To Your Data Protection Journey. Paula Tighe Information Governance Executive

Australia's new mandatory data breach notification laws

A PDF version of this policy is also published on the Ballarat Clarendon College website.

Nicholas Kakalis of Finance Unlimited is licensed under the National Consumer Credit Protection Act The details of our licence are as follows:

Credit Reporting Policy

Code of Acceptance and Refusal of

Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification

DATA PROTECTION POLICY. Little Baddow Parochial Church Council

KCSP Data Protection Policy

Westpac Privacy Policy.

GLOBAL DATA PROTECTION POLICY URUP

ANZ PRIVACY POLICY FEBRUARY 2019

Privacy Policy and. Credit Reporting Policy

CREDIT REPORTING POLICY

PROTECTION OF PERSONAL INFORMATION POLICY (PoPI)

Data Protection Act Policy

Data Protection Policy. Newbury Academy Trust

Kinds of Personal Information we collect and hold

SYDNEY METRO AIRPORTS PRIVACY POLICY This Privacy Policy was last updated on 28 June Our privacy commitment This Privacy Policy applies to

DATA PROTECTION POLICY

GUIDANCE NOTE ON THE DATA PROTECTION ACT Information for clubs & county associations

Data Protection Policy

Privacy Policy. HDI Global SE - UK

Mobius Life Limited Data Privacy Notice

POSITIVE SOLUTIONS FAIR PROCESSING NOTICE

Fair Processing Notice

FINANCIAL SERVICES GUIDE

What is a Fair Processing Notice (FPN)? To ensure that we process your personal data fairly and lawfully we are required to inform you:

CREDIT REPORTING POLICY

GROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).

Privacy. In this section: Privacy Notice. Important information relating to credit reporting

Privacy Policy. Munich Re Australia

Draft Privacy Impact Assessment - Amendments to Chapter 4 of the AML/CTF Rules 25 November 2015

Inteum EU or Switzerland Safe Harbor Policy

SCCCI Personal Data Protection Policy

SELBY WESTHORPE FINANCIAL SOLUTIONS PTY LTD FINANCIAL SERVICES GUIDE

Financial Services Guide: Part One (FSG1)

The collection of the information is required or authorised by, or under, an Australian law or a court/tribunal order.

Claim Form Claim Number (office use only)

Transcription:

Privacy Policy Code and version control: COR013/24-01-2017 Policy owner : Director Corporate and Student Services Date approved by CEO: 24 January 2017 Scheduled review date: 24 January 2020 Related policies and documents: Privacy & Data Protection Act (Vic) 2014, Privacy Act (Cth) 1988, Health Records Act (Vic) 2001, Copyright Act (Cth) 1968, Freedom of Information Act (Vic) 1982, Freedom of Information Policy, Teaching and Research Ethics Policy Purpose To enable William Angliss Institute (the Institute) to meet its privacy obligations by generating awareness of privacy within the Institute and providing guidance on the collection, use, management and disclosure of personal information in line with the Privacy & Data Protection Act (Vic) 2014 and Health Records Act 2001 (Vic). Coverage This policy applies to all personal information collected, used, managed or disclosed by the Institute. Coverage also extends to service providers and contractors to which the Institute has provided personal information or granted access thereof. This policy does not apply to personal information that is: 1. in a publication that is available to the public; 2. kept in a library, art gallery or museum for reference, study or exhibition purposes; 3. a public record under the control of the Keeper of Public Records that is available for public inspection; or 4. an archive within the meaning of the Commonwealth Copyright Act 1968. This policy must be observed by all Institute staff, consultants, external contractors and students who have access to personal and health information held by the Institute or collected on behalf of the Institute. Policy This policy has been developed to assist all staff in adhering to the Privacy & Data Protection Act (Vic) 2014 (the PDPA ) and the Health Records Act 2001 (Vic) (the HRA ). Privacy legislation regulates the way in which personal information is use, managed and disclosed. As the Institute was established by a Victorian Order, the Institute is bound by the Victorian PDPA. The Institute also collects limited information regarding the health and wellbeing of students (such as medical conditions and allergies) and therefore is also subject to the HRA. The objectives of these Acts are to: balance the public interest in the free flow of information with the public interest in respecting privacy and protecting personal information in the public sector; and Privacy Policy Page 1 of 5

promote the responsible and transparent handling of personal information in the public sector and promote awareness of these practices. What is Personal Information? Personal Information is defined in the PDPA as being recorded information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information or opinion. Personal Information includes names, addresses, telephone numbers, email addresses, dates of birth, passport numbers and other details which may identify an individual. There are circumstances in which, under the Victorian health and privacy legislation, information about an individual is not considered to be Personal Information, including: when it relates to a person who has been dead for more than 30 years; and when it is contained in a publicly available publication. Personal information may also include health information which refers to any information or opinion regarding the physical or mental health, or disability, of an individual and also includes information regarding the current or future provision of health, disability or aged care services to an individual. Such information will be regulated by the HRA. Whether the context of personal information is within the PDPA or the HRA, staff should be mindful that privacy obligations extend to any form communication of that information, including verbally. Access to Personal Information A person has the right to access their own personal information held by the Institute. A person may also request an amendment to that information if they believe that it is incorrect or make complaints about the information handling practices of the Institute or breaches of their privacy by the Institute. Under the PDPA and HRA, individuals have the right to: a. access information held by the Institute about them, including information held by contracted service providers of the Institute; b. request the correction of information about them held by the Institute, including information held by contracted service providers of the Institute; c. an avenue of complaint regarding interferences with the individual s access to their information held by the Institute or by contracted service providers of the Institute; Guidelines for Departments Collection of Personal Information The Institute will only collect personal information about an individual that is necessary for one or more of its functions or activities. These functions or activities may form part of the Institute s core business function or any ancillary or related business function. At, or near, the time of collection, the Institute will notify the individual of the type of information to be collected, as well as the intended purpose, proposed use and disclosure, as well as their right to access their personal information. The Institute will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up to date. Privacy Policy Page 2 of 5

Personal information should only be accessed and used for the Institute s purposes unless prior consent has been obtained The Institute will not use or disclose personal information without the consent of the individual concerned except in exceptional circumstances where authorised by law or where the individual has provided consent. Personal information should be kept secure The Institute will take reasonable steps to protect the personal information it holds from misuse and loss as well as from unauthorised access, modification or disclosure. On request by an individual, the Institute will take reasonable steps to let the individual know, generally, what sort of personal information it holds, for what purposes and how it collects, uses and discloses that information. The Institute will provide an individual with access to their information on request by that individual, except to the extent that prescribed exceptions apply. If the Institute holds personal information about an individual and that individual is able to establish that the information is not accurate, complete and up to date, the Institute will take reasonable steps to correct the information so that it is accurate, complete and up to date. The Institute will not assign unique identifiers to individuals unless the assignment of unique identifiers is necessary to enable the Institute to carry out any of its functions effectively and efficiently. The Institute will not adopt a unique identifier of the individual that has been assigned by another organisation as their own unique identifier, unless prescribed exceptions apply (see the PDPA). Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when entering transactions with the Institute. The Institute will dispose of and destroy any records no longer required in a secure manner in compliance with the PDPA. Personal information may be disclosed to third parties The Institute may transfer personal information about an individual to another person, entity or organisation (other than the Institute or the individual) only under prescribed conditions. These conditions include where the Institute is obliged by law or where the individual has provided consent that their information may be disclosed to a third party. The Institute may disclose information to third parties for one or more of its activities in the provision of products and services relating to education and training or the communication and promotion thereof. Complaints Provision Any individual who on reasonable grounds believes that the Institute has breached this policy may register a complaint by emailing the Institute s Privacy Officer and specifying details of the alleged breach. The Institute s Privacy Officer can be contacted in the following ways: Mail: William Angliss Institute C/O: Privacy Officer 555 La Trobe Street Melbourne, VIC 3000 Australia Email: governance@angliss.edu.au Phone: (03) 9606 5000 The Institute s Privacy Officer is located within the Corporate and Student Services Department. An individual does not need to be the one who has potentially had their privacy breach to make a complaint. Privacy Policy Page 3 of 5

Definitions Personal Information recorded information or an opinion recorded in any form about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion. Sensitive Information information or an opinion about an individual's: o racial or ethnic origin; or o political opinions; or o membership of a political association; or o religious beliefs or affiliations; or o philosophical beliefs; or o membership of a professional or trade association; or o membership of a trade union; or o sexual preferences or practices; or o criminal record that is also personal information Unique Identifier an identifier (usually a number) assigned by an organisation to an individual uniquely to identify that individual for the purposes of the operations of the organisation but does not include an identifier that consists only of the individual's name. Legislative and/or Institute Management Context This policy enables the Institute to comply with the: Privacy & Data Protection Act (Vic) 2014 Health Records Act (Vic) 2001 Freedom of Information Act (Vic) 1982 Privacy Act Commonwealth (Cth) 1988 Commonwealth Copyright Act (Cth) 1968 Non-compliance with Policy Established breaches of this policy and any associated policy or procedures will be met with disciplinary action. Breach of any law, involving a breach of privacy will be viewed as a serious breach of the terms of employment of any of the Institute s employees, and may result in a formal charge and / or dismissal as stated in the Institute s Code of Conduct. Privacy Policy Page 4 of 5

Privacy Policy Appendix 1 When collecting and managing personal information the Institute complies with the ten Information Privacy Principles contained in the Privacy & Data Protection Act 2014 (Vic). Principle 1- Collection The Institute only collects personal information when reasonable and when it is necessary for its functions or activities. The Institute will collect personal information in a fair and reasonable manner and will take reasonable steps to explain the reasons for collecting the information and whom to make contact with for further details. Principle 2- Use and Disclosure The Institute will not use or disclose personal information other than for its own functions and activities without the consent of the person concerned except in exceptional circumstances where authorised by law. Principle 3 - Data Quality The Institute takes reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up to date. Principle 4 - Data Security The Institute takes reasonable steps to protect personal information from misuse and loss, as well as from unauthorised access, modification or disclosure. The Institute takes reasonable steps to destroy or permanently de-identify personal information when it is no longer needed. Principle 5 - Openness The Institute s privacy policy is available to anyone and available from the Institute webpage. On request the Institute takes reasonable steps to let anyone know, generally, what sort of personal information it holds, for what purposes, as well as how it collects, holds, uses and discloses that information. Principle 6 - Access and Correction The Institute will provide access to the information it holds except in certain circumstances as prescribed in the PDPA and Freedom of Information Act (Vic) 1982. If the Institute holds personal information that is not accurate, complete and/or up to date, it will take reasonable steps to correct the information. In some circumstances the Institute may refuse disclosure of the information held. In such circumstance the Institute will provide you with the reason(s) for this within 45 days. Principle 7 - Unique Identifiers The Institute will only assign unique identifiers to individuals or ask them to provide a unique identifier when it is necessary to enable the Institute to carry out any of its functions effectively and efficiently. Principle 8 - Anonymity Wherever it is lawful and practicable, an individual can have the option of not identifying themselves when entering a transaction with the Institute. Principle 9 Trans-border Data Flows The Institute may transfer personal information about an individual to a third party outside Victoria or Australia (other than the individual or the Institute) where the Institute believes the recipient adheres to similar Information Privacy Principles. Principle 10 - Sensitive Information The Institute will only collect sensitive information with your consent or where the collection is required for legal reasons. Privacy Policy Page 5 of 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback