1. DEFINITIONS
"Act" means the Privacy Amendment (Private Sector) Act 2000;
"Contractors" means those parties described as such in the Schedule;
"Identifier" means a number assigned by the Commonwealth of Australia or a department or agency on its behalf to an individual to identify uniquely that individual for the purposes of the Commonwealth's operations. However an individual's name or Australian Business Number as defined in the A New Tax System (Australian Business Number) Act 1999 is not an Identifier;
"Information" means Personal Information collected about an individual and includes Health Information and Sensitive Information;
"Internal Recipients" means those parties described as such in the Schedule;
"National Privacy Principles" means the National Privacy Principles specified in the Act;
"Organisation" means the Organisation described as such in the Schedule;
"Personal Information" means Information or opinion whether true or not and whether recorded in a material form or not about an individual whose identity is apparent or can reasonably be ascertained from the Information or opinion, and includes the Personal Information described in the Schedule;
"Purposes" means the primary and secondary purposes described in the Schedule;
"Recipients" means the Third Party Recipients and the Internal Recipients as described in the Schedule;
"Responsible" means in the context of clause 12.2, a person who is responsible for an individual and includes:
(a) A parent of the individual; or
(b) A child or sibling of the individual and at least 18 years of age; or 3
(c) A spouse or de facto spouse of the individual; or
(d) A relative of the individual at least 18 years of age and a member of the individual's house hold;
(e) A guardian of the individual;
(f) Exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual's health;
(g) A person who has an intimate personal relationship with the individual;
(h) A person nominated by the individual to be contacted in case of emergency;
"Security" means the security used to protect the Information from unauthorised access and disclosure and shall include the security measures described in the Schedule and Secure will have the same meaning;
"Sensitive Information" means Information or opinion about any individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health Information about an individual;
"Source" means the source of the Information which where it is practical and reasonable to do so shall be from the person about whom the Information is collected and otherwise from the parties described in the Schedule;
"Third Party Recipients" means those parties described as such in the Schedule;
"Us" means the Organisation and “We” shall have the same meaning;
"You" means the individual about whom we are collecting Information.
2. COLLECTION OF INFORMATION
2.1 Purpose
We shall only collect Personal Information that is necessary for our Purposes. Generally we only collect Personal Information of the nature described in the Schedule to this Policy.
2.2 Lawful Means
We shall only collect Personal Information by lawful and fair means and not in any unreasonable or in an unreasonably intrusive way.
2.3 Notification
Where it is practical to do so, at or before the time that we collect any personal Information from an individual we shall take all reasonable steps to ensure that you are aware of:
(a) our identity and how to contact us;
(b) the fact that the individual are able to gain access to the Information;
(c) the Purposes for which the Information is collected;
(d) the Recipient's to whom we would usually disclose that Information;
(e) any laws that require particular Information to be collected; and
(f) the main consequences for the Individual if all or part of the Information is not provided.
2.4 Collect from you only
Where it is reasonable or practical to do so, we shall endeavour to only collect Information about you from you.
2.5 Notice to you
Where we collect Information about you from someone else we will take reasonable steps to ensure that you have been made aware of the matters listed in clause 2.3 above unless in our opinion making you aware of these matters would pose a serious threat to the life or health of anyone.
3. USE AND DISCLOSURE
3.1 Disclosure
We shall only disclose Personal Information in accordance with the terms of this Policy. However we do disclose Personal Information to Contractors as specified in this Policy.
3.2 Secondary Purpose
We shall not use or disclose any Information about you for a Secondary Purpose unless:
(a) both of the following apply:
(i) the Secondary Purpose is related to the Primary Purpose and if the Information is Sensitive Information, the secondary purpose is directly related to the Primary Purpose; and
(ii) you would reasonably expect us to use or disclose the Information for the Secondary Purpose; or
(b) you have consented to the use or disclosure; or
(c) the Information is not Sensitive Information and the use of the Information is for the
Secondary Purpose of direct marketing:
(i) it is impractical for us to seek your consent for that particular use;
(ii) we have chosen not to charge you to give effect to your request not to receive direct marketing communications;
(iii) you have not made a request to us not to receive direct marketing communications;
(iv) in each direct marketing communication with you we have drawn your attention or prominently displayed a notice that you may express a wish not to receive any further direct marketing communications; and
(v) each written direct marketing communication from us to you specifies our business address and telephone number and the number at which we can be contacted directly; or
(d) we reasonably believe that the use or disclosure is necessary to lessen or prevent:
(i) serious or imminent threat to an individual's life, health or safety; or
(ii) a serious threat to public health or public safety;
(e) we have reason to suspect that unlawful activity is being engaged in and we use or disclose the Personal Information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
(f) the use or disclosure of the Information is required or authorised by or under law;
(g) we reasonably believe that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of the police or other enforcement body:
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) protection of public revenues;
(iv) the prevention, detection, investigation or remedy of seriously improper conduct or prescribed conduct;
(v) the preparation for or conduct of proceedings before and court or tribunal or implementation of the orders of the court tribunal.
4. DATA QUALITY
We will take all reasonable steps to ensure that the Information that we collect, use or disclose is accurate, complete and up to date.
5. DATA SECURITY
5.1 Security
We will take reasonable steps at the time that we collect, use or disclose Information to secure the Information we hold from misuse and loss, unauthorised access, modification or disclosure.
5.2 Steps we will take
To protect the Information we shall:
(a) adopt measures to prevent unauthorised entry to our premises, systems to detect unauthorised access and secure containers for storing paper based Personal Information;
(b) will adopt measures to protect our computer systems and networks for storing, processing and transmitting Personal Information and from unauthorised access, modification and disclosure;
(c) we shall protect communications via data transmission including emails and voice transmission from interception and preventing unauthorised intrusion into our computer networks;
(d) we shall adopt procedural and personnel measures for limiting access to Personal Information except by authorised staff approved for the Purposes and controls to minimise security risks to our information technology systems; and such other Security measures as we consider reasonable.
5.3 Destruction of Information
We will take reasonable steps to destroy or permanently de-identify Personal Information if it is no longer needed for any Purpose, in a secure manner.
6. OPENNESS
6.1 Provide Policy
We will make available to any person who requests it, a copy of this policy.
6.2 Specify Purposes
This policy will specify what sort of Personal Information we hold, the Purposes for which we hold the Personal Information and how we collect, hold, use or disclose that Information.
6.3 Contacting Us
You may contact us to request the Information specified in 6.2 above and to correct that Information (in accordance with clause 7) at our contact details which are specified in the Schedule.
7. ACCESS AND CORRECTION
7.1 Access to Information
We shall provide you with access to the Information held by us in relation to you except to the extent that:
(a) in the case of Personal Information other than Health Information,
providing access would pose a serious and imminent threat to the life or health of any individual; or
(b) in the case of Health Information, providing access would pose a serious threat to the life or health of any individual; or
(c) Providing access would have an unreasonable impact upon the privacy of other individuals; or
(d) The request for access is frivolous or vexatious; or
(e) the Information relates to existing or anticipated legal proceedings between us and you and the Information would not be accessible by the process of discovery in those legal proceedings; or
(f) providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
(g) providing access would be unlawful; or
(h) denying access is reasonable or authorised by or under law; or
(i) providing access would be likely to prejudice an investigation of possible unlawful activity; or
(j) providing access would be likely to prejudice:
(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of prescribed law; or
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime; or
(iii) the protection of the public revenue; or
(iv) the prevention, detection, investigation o remedy of seriously improper conduct or prescribed conduct; or
(v) the preparation for or conduct of proceedings before any court or tribunal or implementation of its orders; by or on behalf of the police or an enforcement body; or
(k) an enforcement body performing a lawful security function asks us not to provide access to the Information on the basis that providing access would be likely to cause damage to the security of Australia.
7.2 Request for Access
To request access to the Information held by us about you, you must complete the Request Form annexed to this Policy and we shall contact you within 14 days either provide you with that Personal Information, or notifying you when we shall provide you with the Personal Information which in any event should not be more than 30 days after you have lodged
your Request Form or we will advise you that you that we will not be providing you with access and the reasons that we shall not providing you with access.
7.3 Commercially Sensitive Information
Where providing access to the Personal Information would reveal evaluative information generated by us in connection with a commercially sensitive decision making process we will give you an explanation for the commercially sensitive decision rather than direct access to the
Information.
7.4 Use of Intermediaries
Where because of any of the reasons described in 7.1 above we are not required to provide you with access to the Information then, we will if it is reasonable to do so, give consideration to whether the use of mutually agreed intermediaries would allow sufficient access to meet our needs and the needs of the Individual.
7.5 Costs
We reserve the right to charge an individual for providing access to their Personal Information. Those fees and charges will not be excessive, and will be determined by us from time to time and we shall notify you of those costs prior to providing you access to the Information. We may require those costs to be paid prior to providing you with access.
7.6 Correction of Information
If you establish that the Information we hold about you is not accurate, complete or up to date we shall take reasonable steps to correct the Information so that it is accurate, complete and up to date. If we are not satisfied that the Information is not accurate, complete or up to date, we shall at your request keep with your Personal Information a statement noting your claim that the Information is not accurate, complete or up to date.
7.7 Refusal to Correct
If at any time we refuse or deny access to Information to you or refuse to correct Personal Information we shall provide you with reasons for such denial or refusal.
8. IDENTIFIERS
8.1 Use of Identifiers
We shall not use or disclose an Identifier assigned to an individual unless:
(a) it is necessary for us to fulfil our obligations to the Commonwealth;
(b) any of the reasons described in paragraph e to g above apply to the use or disclosure of the Identifier; or
(c) is otherwise lawful for us to do so.
8.2 Identifying you
We shall not adopt as a means to identify you, your Identifier except to the extent we are authorised to do so by law.
9. ANONYMITY
Unless there is a good practical or legal reason to require identification, we shall you to transact with us anonymously to the extent that it is practical for us to do so.
10. TRANSBORDER DATA FLOWS
We shall not transfer Information to someone or to another organisation in a foreign country unless:
(a) we reasonably believe that the Third Party Recipient is subject to a law, a binding scheme or a contract which effectively upholds principles for the fair handling of the Information that are
substantially similar to the National Privacy Principles; or
(b) you consent to the transfer;
(c) the transfer is necessary to perform a contract between you and us or the implementation of pre-contractual measures taken in response to your request; or
(d) the transfer is necessary for the conclusion or performance of a contract concluded in the interests between ourselves and a third party; or
(e) all of the following apply:
(i) the transfer is for your benefit;
(ii) it is impractical to obtain your consent to that transfer;
(iii) if it were practical to obtain your consent, you would be likely to give it; or
(f) we have taken reasonable steps to ensure that the Information which we intend to transfer will not be held, used or disclosed by the Third Party Recipient inconsistently with the National Privacy Principles.
11. COMPLAINT HANDLING PROCESS
11.1 Complaint
If you believe that we have used or disclosed your Personal Information in a manner which is contrary to this Policy or otherwise breaches the Act, then you should contact us by telephoning our contact as specified in the Schedule to this Policy. If we are able to answer your queries by telephone then we shall endeavour to do so. If we are unable to resolve the matter with you by phone we will provide you with a complaint form to enable you
to notify us in writing of the details of your complaint.
11.2 Our Response
Within 30 days of receipt of your complaint form we shall notify you in writing as to what action we propose to take in relation to your complaint and shall provide you with details of what further action you can take if you are not satisfied with our response.
12 SENSITIVE INFORMATION
12.1 Collection of Sensitive Information
We shall not collect Sensitive Information unless:
(a) you have consented;
(b) the collection is required by law;
(c) the collection is necessary to prevent or lessen serious or imminent
threat to the life or health of any individual where you:
(i) are physically or legally incapable of giving consent to the
collection; or
(ii) physically cannot communicate consent to the collection; or
(d) the collection is necessary for the establishment, exercise or defence of legal action.
SCHEDULE
1. Organisation:
Which Training Pty Ltd (ABN 99 123 104 334)
Address: PO Box 1509, Noosaville QLD 4566
Phone: 1300 765 486
Fax Number: (07) 3009 0339
Contact: Gavin Howard
2. Contractors:
Your personal information will be accessible by IT contractors engaged by us to carry out maintenance, repairs and development of our software and our computer hardware.
3. Personal Information:
We collect the following personal information:
- your name;
- company name (if applicable);
- address;
- phone number;
- email address;
- billing name;
- billing address;
- credit card numbers.
If you work for a company then:
- your title;
- the department in which you are employed;
- facsimile number;
- email address;
- additional information about your company such as company turnover,
- number of employees, and industry;
- your internet address.
4. Purposes
Primary:
To enable us to provide you with access to our website, and our online applications, to enable us to bill you for use of our online services and to enable us to contact you in the course of providing our services to you. The financial and billing information that is collected through the Which Training website and the services is used solely to bill for the services. The information is used to help diagnose technical problems and to administer the Which Training website and
services to improve quality.
Secondary:
To enable us to contact you to discuss your interest in our company, the services we provide and the ways we can provide them and to advise you of announcements and promotions and events from us or our partners. We use your personal information to be able to email you a newsletter and updates about our services.
5. Recipients:
Internal Recipients:
Employees and contractors engaged by us will have access to your personal information. Our resellers and advisors who refer to customers to us may have access to your contact details as well as your account, financial and billing information.
Third Party Recipients:
We have integration partners with whom we exchange customer data and to establish linked business processes, and they may receive your contact details, account details, financial and billing information and business data with respect to integrated business relationships with a customer. Your account, financial and billing information will be made available to
intermediaries to manage credit card processing. If you are a visitor we may collect information regarding your website and customers of your services such as internet addresses.
6. Security:
We use secure sockets layer (SSL) technology as a security measure to help protect against loss, misuse and alteration of your personal information. This incorporates both server authentication and data encryption to help ensure data is safe and secure and available only to you. We have implemented an advanced security method based on dynamic data encoding session identifications and host the services in a secure server environment using a firewall to prevent interference or access from outside.
7. Source:
We obtain your personal information either:
(a) from you, when you register to use our services;
(b) from referral partners;
(c) from integration partners;
(d) by use of cookies which you may agree to accept which will save and retrieve individual authentication information and other per-client device preferences;
(e) by use of cookies to store information about an affiliate or promotion, who has a link which you have followed to our website.
|
About Us