(Last updated 09/09/21)
Your data privacy IS important to us…
SECTION A – INTRODUCTION
The provisions of this Policy assist Corporate Authorised Representatives in complying with the requirements of the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles in protecting the personal information Corporate Authorised Representatives hold about their clients.
WHEN DOES THIS POLICY APPLY?
This Policy applies to all Corporate Authorised Representatives and employees of Network Influencer (“Representatives”) at all times and the requirements remain in force on an ongoing basis.
SECTION B – CONSIDERATION OF PERSONAL INFORMATION PRIVACY
Representatives ensure that at all times the provisions of this policy are implemented in the day to day running of their business.
Representatives ensure that at all times this Policy:
- is current and reflects the latest applicable Australian laws; and
- contains the following information:
- the kinds of personal information that is collected and held;
- how Representatives collect and hold personal information;
- the purposes for which Representatives collect, hold, use and disclose personal information;
- how an individual may complain about a breach of the Australian Privacy Principles, or other relevant legislation that binds Representatives, and how Representatives deal with such a complaint;
- whether Representatives are likely to disclose personal information to overseas recipients; and
- if Representatives are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located if it is practicable to specify those countries in this policy.
SECTION C – COLLECTION OF PERSONAL INFORMATION (SOLICITED PERSONAL INFORMATION)
- PERSONAL INFORMATION (OTHER THAN SENSITIVE INFORMATION)
- This Section C applies to the collection of personal information that is solicited by Representatives.
- Representatives do not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the Representative’s functions or activities.
- SENSITIVE INFORMATION
- Representatives do not collect sensitive information about an individual unless:
- the individual consents to the collection of the information and the information is reasonably necessary for one or more of the Representative's functions or activities or
- the collection of the information is required or authorised by or under an Australian law or a Court/Tribunal order; or
- MEANS OF COLLECTION
- Representatives only collect personal information by lawful and fair means.
- Representatives only collect personal information about an individual from the individual (rather than someone else), unless it is unreasonable or impracticable to do so or the individual has instructed the Representative to liaise with someone else.
- INFORMATION COLLECTED BY REPRESENTATIVES
- The information Representatives collect may include the following:
- date of birth;
- postal or email address; or
- phone numbers;
- other information the Representative considers necessary to their functions and activities.
- PURPOSE OF COLLECTION
- If an individual is acquiring or has acquired a product or service from the Representative, the individual’s personal information will be collected and held for the purposes of:
- providing the individual with the Representative’s service;
- managing and administering the Representative’s service;
- protecting against fraud, crime or other activity which may cause harm in relation to the Representative’s services;
- complying with legislative and regulatory requirements in any jurisdiction;
- to assist the Representative in the running of its business;
- Representatives may also collect personal information for the purposes of letting an individual know about products or services that might better serve their needs or other opportunities in which they may be interested. Please refer to Section G for further information.
SECTION D – COLLECTION OF PERSONAL INFORMATION (UNSOLICITED PERSONAL INFORMATION)
- DEALING WITH UNSOLICITED PERSONAL INFORMATION
- If the Representative :
- receives personal information about an individual; and
- the information is not solicited by the Representative
the Representative must, within a reasonable period after receiving the information, determine whether or not it was permitted to collect the information under Section C above.
- Representatives may use or disclose the personal information for the purposes of making the determination under paragraph 10.1.
- If the Representative:
- determines that it could not have collected the personal information; and
- the information is not contained in a Commonwealth record,
Representatives must as soon as practicable, destroy the information or ensure that the information is de-identified, only if it is lawful and reasonable to do so.
SECTION E – NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
- NOTIFICATION OF COLLECTION
- This section 11 applies to:
- solicited information; and
- unsolicited information to which section 10 does not apply.
- Representatives must notify the individual of the following matters in the Privacy Statement:
- it’s identity and contact details;
- if Representatives collect the personal information from a third party or the individual is not aware that Representatives have collected the personal information.
- if the collection of the personal information is required or authorised by or under an Australian law or a Court/Tribunal order, the fact that the collection is so required or authorised (including the details of the law or court);
- the purposes for which Representatives collect the personal information;
- the main consequences (if any) for the individual if the information is not collected by the Representative;
- any other entities to which Representatives usually discloses personal information of the kind collected by the Representative;
- that the Representative’s Privacy Statement contains information about how the individual may complain about a breach of the Australian Privacy Principles and how the Representative’s will deal with such a complaint;
- WHO DO REPRESENTATIVES DISCLOSE PERSONAL INFORMATION TO?
- Representatives may disclose personal information collected from clients and prospective clients to the following:
- organisations involved in maintaining, reviewing and developing the Representative’s business systems, procedures and infrastructure, including testing or upgrading computer systems;
- organisations involved in the payments system, including financial institutions, merchants and payment organisations;
- organisations involved in product planning and development;
- other organisations, who jointly with the Representative’s, provide its products or services;
- authorised representatives who provide the Representative’s products or services on its behalf;
- the individual’s representatives, including legal advisers;
- the representative’s financial advisers, legal advisers or auditors;
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
- external dispute resolution schemes; or
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
SECTION F – DIRECT MARKETING
- EXCEPTION – PERSONAL INFORMATION OTHER THAN SENSITIVE INFORMATION
- Representatives may use or disclose personal information (other than sensitive information) about an individual for the purposes of direct marketing if:
- the Representative collected the information from the individual; and the individual would reasonably expect the Representative to use or disclose the information for that purpose; or
- the Representative has collected the information from a third party; and either:
- the Representative has obtained the individual’s consent to the use or disclose the information for the purpose of direct marketing; or
- the Representative provides a simple way for the individual to opt out of receiving direct marketing communications;
- in each direct marketing communication with the individual, Representatives must:
- include a prominent statement that the individual may opt out of receiving direct marketing; or
- direct the individual’s attention to the fact that the individual may opt out of receiving direct marketing; and
- the individual has not made a request to opt out of receiving direct marketing.
- REQUESTS TO STOP DIRECT MARKETING
- Where Representatives use or disclose personal information about an individual for the purposes of direct marketing, or facilitating direct marketing by another organisation, the individual may request:
- that the Representative no longer provide them with direct marketing communications;
- that the Representative does not use or disclose the individual’s personal information for the purpose of facilitating direct marketing by another organisation;
- that the Representative provides the source of the personal information.
SECTION G – CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION
- DISCLOSING PERSONAL INFORMATION TO CROSS BORDER RECIPIENTS
- Where Representatives disclose personal information about an individual to a recipient who is not in Australia, Representatives must ensure that the overseas recipient does not breach the Australian Privacy Principles).
SECTION H – INTEGRITY OF PERSONAL INFORMATION
- QUALITY OF PERSONAL INFORMATION
- Representatives must ensure that the personal information it collects and the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete and relevant.
- SECURITY OF PERSONAL INFORMATION
- Representatives must ensure that it protects any personal information it holds from misuse, interference, loss, unauthorised access, modification and disclosure.
- Representatives must take reasonable steps to destroy or de-identify any personal information it holds where:
- they no longer need the personal information for any purpose for which the information may be used or disclosed by the Representative;
- the information is not contained in a Commonwealth record;
- the Representative is not required to retain that information under an Australian law, or a Court/Tribunal order.
- STORAGE OF PERSONAL INFORMATION
- Representatives store personal information in different ways, including:
- hard copy on site;
- electronically secure data centres which are located in Australia and owned by either the Representative or external service providers.
- In order to ensure Representatives protect any personal information it holds from misuse, interference, loss, unauthorised access, modification and disclosure, Representatives must implement one or more of the following procedure/system:
- employees are bound by internal information securities policies and are required to keep information secure;
- all employees are required to complete training about information security;
SECTION I – ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
- Representatives must give an individual access to the personal information it holds about the individual if so requested by the individual.
- Representatives must respond to any request for access to personal information within a reasonable period after the request is made.
- Representatives must give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so and must take such steps as are reasonable in the circumstances to give access in a way that meets the needs of the Representative and the individual.
- Representatives must not charge an individual for making a request and does not impose excessive charges for the individual to access their personal information.
- Representatives are not required to give an individual access to their personal information if:
- the Representative reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- giving access would have an unreasonable impact on the privacy of other individuals; or
- the request for access if frivolous or vexatious; or
- giving access would be unlawful; or
- denying access is required or authorised by or under an Australian law or a Court/Tribunal order; or
- the Representative has reason that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
- REFUSAL TO GIVE ACCESS
- If Representatives refuse to give access in the manner requested by an individual, they will give the individual a written notice that sets out:
- the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- the mechanisms available to complain about the refusal; and
- any other matter prescribed by the regulations.
SECTION J – CORRECTION OF PERSONAL INFORMATION
- CORRECTION OF INFORMATION
- Representatives must take reasonable steps to correct all personal information, having regard to the purpose for which the information is held where:
- the Representative is satisfied the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
- the individual requests the Representative to correct the information.
SECTION K – MISCELLANEOUS
- POLICY BREACHES
- Breaches of this Policy may lead to disciplinary action being taken against Representatives, including dismissal in serious cases and may also result in prosecution under the law where that act is illegal.
- Representatives are encouraged to respond appropriately to and report all breaches of the law and other incidents of non-compliance and seek guidance if they are unsure.
- Representatives must report breaches of this Policy directly to Network Influencer.
- RETENTION OF FORMS
- The Representative retains the completed forms for seven (7) years The completed forms are retained for future reference and review.
- Representatives need to practice thorough and up to date record keeping, not only as a way of meeting Network Influencer’s compliance obligations, but as a way of minimising risk.
- POLICY REVIEW