Purpose
This Privacy Policy Statement is prepared in accordance with The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) which made many significant changes to the Privacy Act 1988 (Privacy Act), the associated Australian Privacy Principles (APPs). Details of the changes to the Privacy Act can be found on the Office of Australian Information Commissioners’ website (www.oaic.gov.au).
The APPs set out minimum standards for the way in which organisations deal with individuals' personal information. Under the Act, personal information is defined as:
- personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
Privacy commitment
Natural Hazards Research Australia (the Centre) is committed to the protection of individuals' personal information in accordance with the Privacy Act.
This Privacy Policy Statement (Privacy Policy) explains how the Centre collects, stores, uses and discloses personal information, and the rights of individuals to gain access to information held about them by the Centre.
Collection of personal information
The Centre only collects personal information which is necessary in connection with its business purposes. The purposes for which the Centre collects personal information include:
- responding to issues addressed by an individual to the Centre;
- facilitating the conduct of business transactions and operations between the Centre and the individual;
- providing a subscription service to individuals;
- delivering the Disaster Challenge; and
- ensuring that our website at www.naturalhazards.com.au remains relevant to individuals.
The specific types of personal information collected and used by the Centre varies according to the purpose for collection. However, in general this information includes:
- Individuals' names, addresses, contact details (e.g. telephone number and email address, employer and role);
- Information about transactions or dealings between individuals and the Centre; and
- Individuals' areas of interest.
The Centre collects most of the personal information it requires directly from the relevant individual by way of written forms voluntarily completed by the individual. The Centre may also collect information from individuals by telephone, in person, by its employees, or by written correspondence from time-to-time. In certain circumstances, the Centre may also collect personal information about an individual from third parties.
It is important that the Centre collects the information it requires about an individual in order to provide services which remain relevant to that individual.
Where an individual, or entity, provides the Centre with personal information about another individual, they must first ensure that the other individual is aware of:
- The disclosure of their information to the Centre and the purposes for which the information is collected and used by the Centre; and
- The individual's ability to request access to the personal information held about them by the Centre, and to advise the Centre if they think the information is inaccurate, incomplete or out-of-date.
The Centre does not actively collect sensitive information. However, if sensitive information is collected, the Centre will first obtain the consent of the relevant individual, or otherwise ensure that the collection is in accordance with the APPs.
Collection of personal information during research projects
The Centre is in the business of conducting research which will include the interviewing and surveying of members of the public and organisations. The collection of data will be covered by a higher level of privacy protection including obtaining Human Ethics approval through an Ethics Committee. This personal information will be treated in accordance with the requirements outlined in the ethics approval, for that activity. Any publication of material arising from this data will be suitably de-identified.
Use and disclosure of personal information
The Centre may use and disclose an individual's personal information for the primary purpose for which the information was collected, reasonably expected secondary purposes, where the individual has consented, and otherwise in accordance with the APPs, including:
- To provide goods or services to the individual, including a newsletter or similar subscription service;
- To provide information to members of the Centre;
- Where required or authorised by law;
- To provide information to agents, contractors and service providers engaged by the Centre to deliver goods and services or otherwise act on behalf of the Centre, or to provide goods and services to the Centre, these providers will be bound by similar privacy conditions;
- To investigate and resolve complaints concerning the provision of services by the Centre or others associated with the Centre; and
- To provide individuals with updates and other information from time to time about the Centre’s goods, services and activities. Individuals may notify the Centre at any time if they do not wish to receive this information.
The Centre’s website and email systems are cloud-based services and therefore may be based outside Australia, however the Centre will only transfer personal information outside of Australia in accordance with the APPs including:
- With the individual's consent (this is deemed to have been give through the entering of information of the Centre’s website or through the use of the Centre’s email addresses);
- Where the Centre is under a contractual obligation (with the individual or another party) to do so, or there is some other benefit to the individual; or
- Where the Centre is satisfied that the recipient of the information will uphold principles for the fair handling of personal information, and will not deal with the personal information in a manner inconsistent with the APPs and this Privacy Policy.
Data quality storage and security
The Centre strives to ensure that all personal information held in its records is secure, accurate, complete and up-to-date.
Personal information is held in a combination of electronic and hard copy records stored securely at the Centre’s facilities. Hard copy information is stored in secure office facilities, including locked filing cabinets at the Centre’s premises. Electronic information is protected by password security and other data protection measures.
Access to personal information is restricted in accordance with the Centre’s procedures to those personnel whose job functions require access to such information. Access to customer personal information is restricted to the Centre’s executive personnel. Certain administrative functions may from time to time be contracted out to third parties, and in these cases appropriate security measures are implemented to ensure the security and integrity of all personal information.
Access to information
Please contact us if you would like to access a copy of your personal information or believe that the information we have about you is not up-to-date, complete or accurate. You have the right to request the correction of any information which relates to you and is inaccurate. If you would like the Centre to delete your personal information, please let us know and we will take all reasonable steps to delete it unless we are required by law to keep it.
Use of cookies
The Centre’s website allow anonymous browsing and does not require a user to identify themselves, unless they wish to register for a service.
The Centre’s website does use cookies and session information cookies, which are pieces of information that a site sends to your computer or device's hard drive when you access information on our site. Each time you use your computer or device to access the site, the information that was previously received is sent back to the site by your browser. Cookies do not identify individual users. However, when you visit the Centre site, our servers may record information about your usage, the time of your visit, its duration, the pages you visit and settings.
The Centre will use information to create aggregate statistics about usage and other related site information that does not personally identify members. The information we collect through these cookies remains anonymous and is not linked to any personal information. If you do not agree to the use of cookies, you can set the preferences on your browser to remove all cookies and reject cookies in the future.
Changes to the Privacy Policy
The Centre may review and update this Privacy Policy from time to time to reflect changes in the law, the Centre’s business practices and procedures, and the community's changing privacy expectations. Changes to the Privacy Policy will not be notified to individuals, but the latest version of this Privacy Policy will be available from the Centre’s Office’s or website at any time.
Point of contact
To request access to personal information held in the Centre’s records, to make a privacy related complaint, to obtain more information about the Privacy Policy or to enquire about privacy matters generally, please contact the Communications Director as follows:
Communications Director Natural Hazards Research Australia PO Box 116 Carlton South, VIC 3053 Phone: 03 7032 6309 Email: office@naturalhazards.com.au
More details of the Privacy Act can be obtained from the office of the Australian Information Commissioner www.oaic.gov.au.