The AIDS Action Council of the ACT (ABN 97812 719 846) (the Council) is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). It is also bound by the Health Records (Privacy & Access) Act 1997 (ACT). The Council understands the importance of, and is committed to, protecting your personal information.
Personal information is information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable and includes sensitive and health information.
1. How we collect your personal information
The Council will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, the Council will collect your personal information directly from you when:
- you make an inquiry or order in relation to goods or services through the Council's website at aidsaction.org.au (the Website);
- you apply or renew your membership with the Council;
- you donate to the Council;
- you contact the Council via telephone or facsimile;
- you use any mobile applications provided by the Council;
- the Council administers and performs any contracts with service providers;
- the Council conducts customer satisfaction and market research surveys;
- the Council administers its services; and
- as otherwise required to manage the Council's business.
In certain cases the Council may collect personal information from publically available sources and third parties, such as suppliers, recruitment agencies, contractors, clients and business partners.
If the Council collects personal information about you from a third party it will, where appropriate, request that the third party inform you that the Council is holding such information, how the Council will use and disclose it, and that you may contact the Council to gain access to and correct and update the information.
2. Types of personal information we collect
The type of personal information the Council may collect can include (but is not limited to), your name, postal address, email address, phone numbers, billing information and, if applicable, employment information.
The Council may also collect and hold sensitive information about you, including:
- health information;
- your racial or ethnic origin;
- your sexual orientation;
The Council only collects sensitive information about you with your consent, or otherwise in accordance with the Privacy Act.
Where you do not wish to provide the Council with your personal information, the Council may not be able to provide you with requested goods or services.
3. Our purposes for handling your personal information
As a general rule, the Council only processes personal information for purposes that would be considered relevant and reasonable in the circumstances.
The Council collects, holds, uses and discloses personal information to:
- offer and provide you with goods and services;
- manage and administer those goods and services, including account keeping procedures;
- report to government or other funding bodies how funding is used (this information will be de-identified wherever possible);
- process any donations and provide receipts;
- communicate with you about the Council's services, causes, events and products, which may be of interest to you;
- communicate with you, including (but not limited to), emailing you tax invoices, dispatch and tracking information, returns and exchange authorisations;
- ascertain how individuals are interacting with the Website to allow the Council to improve the Website to meet the needs of the community;
- respond to your feedback or complaints;
- answer any queries;
- comply with legal and regulatory obligations; and
- otherwise to manage the Council's business.
The Council will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure.
Please be assured that wherever possible the Council uses information in a de-identified form. Personal information will not be disclosed to third parties without your permission, except where permitted or required under the Privacy Act.
The Council may disclose personal information to third parties such as suppliers, organisations that provide the Council with technical and support services, or the Council's professional advisors, where permitted by the Privacy Act. If the Council discloses information to a third party, the Council generally requires that the third party protect your information to the same extent that we do.
Under no circumstances is personal information passed on to third party marketing firms.
4. Protection of personal information
The Council will hold personal information as either secure physical records, electronically, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
The Council maintains appropriate physical, procedural and technical security for office and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.
The Council further protects personal information by restricting access to personal information to only those who need access to the personal information do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
The Council will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
In the event there is an eligible data breach the Council will comply with its obligations under the Privacy Act.
6. Accessing and correcting your personal information
You may contact the Council's Privacy Officer to request access to the personal information that the Council holds about you and/or to make corrections to that information, at any time. On the rare occasions when the Council refuses access, the Council will provide you with a written notice stating the reasons for refusing access. The Council may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by the Council.
The Council is not obliged to correct any of your personal information if it does not agree that it requires correction and may refuse to do so. If the Council refuses a correction request, the Council will provide you with a written notice stating the reasons for refusing.
The Council will respond to all requests for access to or correction of personal information within a reasonable time.
7. Overseas transfers of personal information
If in future the Council does propose to disclose personal information overseas, it will do so in compliance with the requirements of the Privacy Act. The Council will, where practicable, advise of the countries in which any overseas recipients are likely to be located.
If you do not want us to disclose your information to overseas recipients, please let us know.
From time to time the Council may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing the Council with your personal information, you consent to the storage of such information on overseas servers and acknowledge that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
8. Resolving personal information concerns
The Privacy Officer
The AIDS Action Council of the ACT
Havelock House, 85 Northbourne Avenue, Turner ACT 2612
PO Box 5245, Braddon ACT 2612
Telephone: 02 6257 2855
The Council takes all complaints seriously, and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
The last update to this document was 6 June 2018.