Purpose

 

OESC is committed to respecting privacy and confidentiality in relation to the collection, maintenance, use, archive or disposal of records and information it collects in the performance of its business activities. OESC is bound by the Australian Privacy Principles (APP) contained in the Privacy Act 1988 (C’th)  and the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (C’th).

 

Scope

 

The OESC Privacy Policy identifies the organisation’s position and processes as pertaining to each of the thirteen (13) Australian Privacy Principles (APPs).

 

Position & Process​

 

APP 1 – Open and transparent management of personal information

OESC maintains a clearly expressed and up to date privacy policy that is freely available upon request and/or downloadable from the organization’s website.

​

APP 2 – Anonymity and pseudonymity

While APP 2 allows individuals to interact with organizations by not identifying themselves and permits the use of a pseudonym OESC is subject to the provisions of the Registered Clubs Act 1976 (NSW), which requires the Club to obtain the following personal information:

• Ordinary Member –  full name, occupation, date of birth, address, signature and date on which the annual fee for membership of the Club was last paid

• Honorary Member –  full name or surname and initials and address

• Temporary Member –  full name or surname and initials, address, signature and date of entry

• Guest of Member – full name or surname and initials, address, signature and date of entry
   

Given the aforementioned legislative requirement, the exemption provided in APP 2 precluding an individual (member or guest) from using a pseudonym or not identifying themselves when required to do so under Australian law is applicable.

 

APP 3 – Collection of personal and sensitive information

OESC only collects personal information that is necessary for the performance of its business activities (i.e. administrative matters, provision of information about Club activities and in accordance with legislative requirements).

Information collected by OESC will not be disclosed to third parties other than as specifically provided for in the privacy legislation.

Members and guests are entitled to expect that their personal information will not be subject to unauthorized interference or use.

OESC does not collect sensitive information from members and guests.

 

APP 4 – Dealing with unsolicited personal information

Any unsolicited personal information received by the OESC organization, which it is not entitled to, is (where lawful and reasonable) destroyed or de-identified as soon as practicable.

 

APP 5 – Notification of collection

OESC has processes in place (i.e. signage, privacy information handouts & statements and readily accessible downloadable information on the website) to inform its members and guests:

• Why OESC is collecting their personal information

• What that personal information will be used for

• Whether OESC collects personal information on its members and guests from third parties

• What the consequences are if personal information is not provided

• The OESC complaint handling process, and

• Any potential overseas disclosure of their personal information

 

APP 6 – Use or disclosure

OESC only collects personal information about an individual for the purposes outlined under APP 3 (the primary purpose) and will not use or disclose the information for another purpose (the secondary purpose) unless the individual consents to the use or disclosure or another exception applies.

The exceptions that permit use or disclosure for secondary purpose are:

• Where required or authorized by or under Australian law or a court/tribunal order

• Where necessary to lessen or prevent a serious threat to any individual’s life, health or safety, or to public health or safety, and it is unreasonable or impracticable to obtain the consent of the individual whose personal information is to be used or disclosed

• When necessary for an organization to take appropriate action in relation to a reasonable suspicion of unlawful activity, or misconduct of a serious nature

• To an enforcement body for one or more enforcement related activities

• To assist in locating a missing person

• To establish, exercise or defend a legal equitable claim, and

• For the purpose of a confidential alternative dispute resolution

 

APP 7 – Direct marketing

OESC only uses member information for the direct marketing of Club activities, events and business.

An ‘opt-out’ mechanism is provided to Club members so they can request the Club to stop sending direct marketing material. OESC will promptly stop sending direct marketing material to a member where such a request is received.

 

APP 8 – Cross border disclosure

OESC does not send or disclose personal information of its members or guests to any overseas recipients.

 

APP 9 – Adoption, use or disclosure of government related identifiers

OESC does not adopt, use or disclose a government related identifier of an individual (e.g. Medicare number) as its own identifier.

 

APP 10 – Quality

OESC takes all reasonable steps to ensure personal information it collects, uses or discloses is:

• Accurate

• Up-to-date, and

• Complete

In the event OESC is required to use or disclose personal information, the organization will take reasonable steps to ensure that the personal information is accurate, up-to-date and complete, as well as being relevant to the purpose for which the information is being used or disclosed.

 

APP 11 – Security

OESC takes reasonable steps (both physical and logical) to protect the personal information it holds from interference, misuse, loss and unauthorized access, modification and disclosure.

OESC takes reasonable steps to destroy or de? Identify information where the organization no longer needs the information for an authorized purpose, unless:

• It is contained in a Commonwealth record, or

• OESC is required by or law or a court/tribunal order to retain the information

 

APP 12 – Access

OESC will respond to requests for access to personal information within a reasonable timeframe and provide access in the requested manner where reasonable and practicable. OESC will only provide an individual with access to their own personal information and not that of others.

OESC will not charge for requests to access personal information.

OESC will refuse a request to access personal information:

• Where there is a serious threat to public health or safety

• If required or authorized by or under an Australian law or a court/tribunal order

• Where suspicion that unlawful activity or misconduct of a serious nature is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter

• Where giving access would likely prejudice one or more enforcement activities conducted by or on behalf of an enforcement body

Where OESC has refused access to personal information, the reasons for such a refusal will be provided to the applicant in writing.

OESC has a formal complaints process that includes complaints relating to a breach of the Australian Privacy Principles (APP). All complaints are to be directed to the OESC Chief Operating Officer in writing and will be handled according to the following OESC grievance resolution process.

 

APP 13 – Correction

OESC takes reasonable steps to correct personal information to ensure that it is accurate, up-to-date, complete, relevant and not misleading.

Corrections to personal information are undertaken where OESC is satisfied it needs to be corrected or where requested by the individual.

In the event OESC refuses to correct an individual’s personal information, a  written statement outlining the reasons for not amending the personal information will be provided to the individual.

Where applicable, OESC will provide to other organizations the updated, corrected details of the individual’s personal information. OESC will respond within a reasonable period to any request for personal information correction and does not charge for corrections and updates. OESC has a formal complaints process that includes complaints relating to a breach of the Australian Privacy Principles (APP). All complaints are to be directed to the OESC Chief Operating Officer in writing and will be handled according to the following OESC grievance resolution process.

​

OESC Privacy Grievance/Complaints Resolution Process

 

OESC is committed to the early and internal resolution of grievances. All attempts should be made to resolve any grievances internally with the OESC Chief Operating Officer before initiating a formal external grievance resolution processes.

Parties involved in a grievance must participate in the grievance resolution process in good faith.

​

Grievance resolution processes should be applied fairly, flexibly and quickly.

​

All parties involved in a grievance should be treated with respect and impartiality. The confidentiality of parties involved in a grievance should be respected at all times, subject to the need to fully investigate the matter and any legal requirements for disclosure. Both the complainant and/or respondent have the right to be represented by a third person. Where applicable, the complainant can request to have an interpreter be present. Complainants are able to raise issues of concern in an environment free from fear of retribution, victimization or breach of confidentiality. Reasons and full explanations for decisions and actions taken will be kept in writing by the OESC Chief Operating Officer and will be provided to both the complainant and/or representative at every stage of the grievance process – records of grievances remain confidential.

​

OESC supports an active approach to grievance resolution via internal mechanisms and processes; however, an external complaint process is also available for privacy complaints via the Office of the Australian Information Commissioner (OAIC) Tel: 1300 363 992.

 

Employee Breach of Policy

Failure to abide by this policy is a breach of both the Privacy Act 1988 (C’th) and the OESC internal policies and procedures.

Non-compliance may result in legal action being taken against the employee and/or disciplinary action or termination by the employer.

​