- What is “personal information”?
- The Privacy Act 1988 (Cth) currently defines “personal information” as meaning information or an opinion about an identified individual or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
- What information do we collect?
The kind of personal information that we collect from you will depend on how you use the Website. The personal information may include:
- Your name
- Your address
- Your date of birth
- Your contact details
- Your credit card details
- User ID for accessing the online service
- Information provided by you regarding your personal and family medical history and status, dietary requirements, previous illnesses or injuries or current state of health.
- Your address
- How we collect your personal information
- We may collect personal information from you whenever you input such information into the Website.
- We may hold your personal information in either hard copy or electronic form, or both. We will take reasonable steps to hold your personal information in a secure manner to ensure that it is protected from unauthorised access, modification or disclosure.
- We will take reasonable steps to ensure that your personal information is accurate, complete and up to date, and any personal information that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay. We request that you let us know if you notice any errors or discrepancies in information we hold about you and letting us know if your personal details change.
- We will take reasonable steps to destroy and/or de-identify your personal information once it is no longer needed, unless we are required by Australian law, or a court or tribunal to retain it.
- Purpose of collection
- The purpose for which we collect personal information is to provide you with the best service experience possible on the Website and in the provision of the Services.
- We customarily disclose personal information only to our service providers who assist us in operating the Website. Your personal information may also be exposed from time to time to maintenance and support personnel acting in the normal course of their duties.
- By using the Website, you consent to the receipt of direct marketing material. We will only use your personal information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from use. We do not use sensitive personal information in direct marketing activity. Our direct marketing material will include a simple means by which you can request not to receive further communications of this nature.
- Access and correction
Australian Privacy Principle 12 permits you to obtain access to the personal information we hold about you in certain circumstances, and Australian Privacy Principle 13 allows you to correct inaccurate, out of date, incomplete, irrelevant or misleading personal information. If you would like to obtain such access, please contact us as set out below. We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
- Complaint procedure
If you have a complaint concerning the manner in which we maintain the privacy of your personal information, please contact us as set out below. All complaints will be considered by Aysha O’Connor and we may seek further information from you to clarify your concerns. If we agree that your complaint is well founded, we will, in consultation with you, take appropriate steps to rectify the problem. If you remain dissatisfied with the outcome, you may refer the matter to the Office of the Australian Information Commissioner.
- Overseas transfer
Your personal information may be transferred overseas or stored overseas if the transfer is to you, or to one of your authorized representatives, or it is with your express consent, or the transfer is necessary for the provision of contracted products or services to you. For example, we may store your personal information in a cloud or other type of networked electronic storage which uses data storage facilities outside of Australia. Countries to which we may transfer your personal information include the United States of America.
It is not possible to identify each and every country to which your personal information may be sent. If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the Australian Privacy Principles if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Australian Privacy Principles.
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe (including a broader definition of “personal information”). Where this is the case, there may be additional rights and remedies available to you under the GDPR if your personal information is handled in a manner inconsistent with that law. These include the following lawful bases for processing your personal information:
- Consent – you have given clear consent for us to process your personal information for a specific purpose;
- Contract – the processing is necessary for a contract you have with us, or because you have asked us to take specific steps before entering into a contract;
- Legal obligation – the processing is necessary for us to comply with any legislative requirements (not including contractual obligations);
- Vital interests – the processing is necessary to protect someone’s life;
- Public task – the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
- Legitimate interests – the processing is necessary for our legitimate interests or the legitimate interests of a third party – unless there is a good reason to protect your personal information which overrides those legitimate interests.
- How to contact us about privacy
If you have any queries, or if you seek access to your personal information, or if you have a complaint about our privacy practices, you can contact Aysha O’Connor via email firstname.lastname@example.org or phone 0411 226 716