This statement outlines eRSA’s policy on how eRSA uses and manages personal information provided to or collected by it.
eRSA is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
Personal Information you provide:
eRSA will generally collect personal information held about an individual by way of phone calls, paper and online forms and meetings. You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people:
In some circumstances eRSA may be provided with personal information about an individual from a third party, for example subcontractors.
How will eRSA use the personal information you provide?
eRSA will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
In relation to direct marketing, eRSA will use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing: only then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere we will still send you direct marketing information where you have consented and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our direct marketing.
eRSA treats marketing and seeking donations for the future growth and development of eRSA as important. Personal information held by eRSA may be disclosed to an organisation that assists in eRSA’s marketing
Who might eRSA disclose personal information to?
eRSA may disclose personal information, including sensitive information, held about an individual to:
- government departments;
- people providing services to eRSA; and
- anyone you authorise eRSA to disclose information to.
Sending information overseas:
eRSA will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
We do not use overseas providers of IT services including servers and cloud services.
How does eRSA treat sensitive information?
In referring to ‘sensitive information’, eRSA means:
“information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
eRSA’s staff are required to respect the confidentiality of personal information and the privacy of individuals.
eRSA has in place steps to protect the personal information eRSA holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and password access rights to computerised records.
Updating personal information
eRSA endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by eRSA by contacting eRSA at any time.
The Australian Privacy Principles require eRSA not to store personal information longer than necessary.
You have the right to check what personal information eRSA holds about you.
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which eRSA holds about them and to advise eRSA of any perceived inaccuracy. There are
some exceptions to this right set out in the applicable legislation. To make a request to access any information eRSA holds about you, please contact eRSA in writing.
eRSA may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, eRSA may charge a fee to retrieve and copy any material. If the information sought is extensive, eRSA will advise the likely cost in advance.
How long will eRSA keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. It can however be kept for marketing purposes, if you have consented to that in writing with us.
Enquiries and privacy complaints
If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the CEO.