OESC is committed to respecting privacy and confidentiality in relation to the collection, maintenance, use, archive or disposal of records and information it collects in the performance of its business activities.
OESC is bound by the Australian Privacy Principles (APP) contained in the Privacy Act 1988 (C’th) and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (C’th) .
Position & Process:
APP 1 – Open and transparent management of personal information
APP 2 – Anonymity and pseudonymity
While APP 2 allows individuals to interact with organizations by not identifying themselves and permits the use of a pseudonym OESC is subject to the provisions of the Registered Clubs Act 1976 (NSW) which requires the Club to obtain the following personal information:
Given the aforementioned legislative requirement the exemption provided in APP 2 precluding an individual (member or guest) from using a pseudonym or not identifying themselves when required to do so under an Australian law is applicable.
APP 3 – Collection of personal and sensitive information
OESC only collects personal information that is necessary in the performance of its business activities (i.e. administrative matters, provision of information about Club activities and in accordance with legislative requirements).
Information collected by OESC will not be disclosed to third parties other than as specifically provided for in the privacy legislation.
Members and guests are entitled to expect that their personal information will not be subject to unauthorized interference or use.
OESC does not collect sensitive information of members and guests.
APP 4 – Dealing with unsolicited personal information
Any unsolicited personal information received by the OESC organization, which it is not entitled to is (where lawful and reasonable) destroyed or de-identified as soon as practicable.
APP 5 – Notification of collection
OESC has processes in place (i.e. signage, privacy information handouts & statements and readily accessible downloadable information on the website) to inform its members and guests:
APP 6 – Use or disclosure
OESC only collects personal information about an individual for the purposes outlined under APP 3 (the primary purpose) and will not use or disclose the information for another purpose (the secondary purpose) unless the individual consents to the use or disclosure, or another exception applies.
The exceptions that permit use or disclosure for secondary purpose are:
APP 7 – Direct marketing
OESC only uses member information for the direct marketing of Club activities, events and business.
An ‘opt -out’ mechanism is provided to Club members so they can request the Club to stop sending direct marketing material. OESC will promptly stop sending direct marketing material to a member where such a request is received.
APP 8 – Cross border disclosure
OESC does not send or disclose personal information of its members or guests to any overseas recipients.
APP 9 – Adoption, use or disclosure of government related identifiers
OESC does not adopt, use or disclose a government related identifier of an individual (e.g. Medicare number) as its own identifier.
APP 10 – Quality
OESC takes all reasonable steps to ensure personal information it collects, uses or discloses is:
In the event OESC is required to use or disclose personal information the organization will take reasonable steps to ensure that the personal information is accurate, up-todate and complete as well as being relevant to the purpose for which the information is being used or disclosed.
APP 11 – Security
OESC takes reasonable steps (both physical and logical) to protect the personal information it holds from interference, misuse, loss and unauthorized access, modification and disclosure.
OESC takes reasonable steps to destroy or de‐ identify information where the organization no longer needs the information for any authorized purpose, unless:
It is contained in a Commonwealth record, or
OESC is required by or law or a court/tribunal order to retain the information
APP 12 – Access
OESC will respond to requests for access to personal information within a reasonable timeframe and provide access in the requested manner where reasonable and practicable. OESC will only provide an individual with access to their own personal information and not that of others.
OESC will not charge for requests to access personal information.
OESC will refuse a request to access to personal information:
Where OESC has refused access to personal information the reasons for such a refusal will be provided to the applicant in writing.
OESC has a formal complaints process that includes complaints relating to a breach of the Australian Privacy Principles (APP). All complaints are to be directed the OESC Chief Operating Officer in writing and will be handled according to the following OESC grievance resolution process.
APP 13 – Correction
OESC takes reasonable steps to correct personal information to ensure that it is accurate, upto-date, complete, relevant and not misleading.
Corrections to personal information are undertaken where OESC is satisfied it needs to be corrected, or where requested by the individual.
In the event OESC refuses to correct an individual’s personal information a written statement outlining the reasons for not amending the personal information will be provided to the individual.
Where applicable OESC will provide to other organizations the updated corrected details of the individual’s personal information. OESC will respond within reasonable period to any request for personal information correction and does not charge for corrections and updates. OESC has a formal complaints process that includes complaints relating to a breach of the Australian Privacy Principles (APP). All complaints are to be directed the OESC Chief Operating Officer in writing and will be handled according to the following OESC grievance resolution process.
OESC Privacy Grievance / Complaints Resolution Process
OESC is committed to the early and internal resolution of grievances. All attempts should be made to resolve any grievances internally with the OESC Chief Operating Officer before initiating a formal external grievance resolution processes.
Parties involved in a grievance must participate in the grievance resolution process in good faith.
Grievance resolution processes should be applied fairly, flexibly and quickly.
All parties involved in a grievance should be treated with respect and impartiality. The confidentiality of parties involved in a grievance should be respected at all times, subject to the need to fully investigate the matter and any legal requirements for disclosure. Both the complainant and/or respondent have the right to be represented by a third person. Where applicable, the complainant can request to have an interpreter to be present. Complainants are able to raise issues of concern in an environment free from fear of retribution, victimization or breach of confidentiality. Reasons and full explanations for decisions and actions taken will be kept in writing by the OESC Chief Operating Officer and will be provided to both the complainant and/or representative at every stage of the grievance process – records of grievances remain confidential.
OESC supports an active approach to grievance resolution via internal mechanisms and processes however an external complaint process is also available for privacy complaints via the Office of the Australian Information Commissioner (OAIC) Tel: 1300 363 992.
EMPLOYEE BREACH OF POLICY:
Failure to abide by this policy is a breach of both the Privacy Act 1988 (C’th) and the OESC internal policies and procedures.
Non-compliance may result in legal action being taken against the employee and/or disciplinary action or termination by the employer.
Implement: April 2014
Review: February 2019