• clearly communicate our personal information handling practices
• enhance our transparency, and
• give individuals a better and more complete understanding of the sort of personal information that AHHA holds, and the way we handle that information.
Outline of Policy
Part A — Personal Information Handling Practices' explains our general information handling practices across the agency including:
• Why we collect personal information
• How we collect personal information
• How we use your information
• Security of your personal information
Part B — Contacting AHHA - Explains how you can access your personal information, our complaint handling processes and how you can contact us.
Part A — Personal Information Handling Practices
1. Why we collect personal information
AHHA only collects personal information for purposes which are directly related to our functions or activities and only when it is necessary for or directly related to those purposes.
AHHA collects personal information:
• because an individual has provided it to us, for instance if an individual registers to attend an AHHA event, join as a member, contacts us to participate in social media forums, make complaints or to ask us questions about our services;
• because we need it to provide a product or service that an individual has requested, for instance, if they subscribe to an email list or, enter a competition, or purchase products from AHHA or register for or attend anAHHA event;
• because an individual work for us, or applies to us for a job or scholarship.
2. How AHHA collects information when an individual uses written or a digital service (including online and mobile services)
There are two types of information or data AHHA collects:
a. Information that an individual gives us directly such as when they are filling in a form or when they sign up to a service or event online or in writing. This type of information may include an individual’s name, email address or other personal information.
b. Information which tracks an individual’s activity such as personal information collected automatically to monitor the use of our online and mobile services, like the numbers and frequency of visitors to AHHA’s website. This helps us identify what users of our site are most interested in and it can also help us identify if there are any problems that need fixing. Most of the data we collect is aggregated, and this information is effectively anonymous to us.
In some cases we may collect data that can be linked to a user individually. For example, when an individual logs in to the Australian Health Review as an AHHA member, we may store records of information such as the pages viewed or links clicked on. Similarly, if an individual uses our email newsletters we may collect data about the mailings they open and the links they click on.
When engaging with our social media content you can choose to not identify yourself by using a pseudonym.
3. How we use personal information
We only use personal information for the purposes for which we collected it - purposes which are directly related to one of our functions or activities.
We do not give personal information about an individual to anyone else unless one of the following applies:
• The individual has consented to the disclosure,
• The individual would reasonably expect, that information of that kind is usually disclosed to individuals, bodies or agencies (to provide the service you wish to use, for example disclosure of name and address to a third party publisher to facilitate your receipt of AHHA printed materials),
• Disclosure is required or authorised by law or is reasonably necessary for the enforcement of the law, or
• Disclosure will prevent or lessen a serious and imminent threat to life or health.
AHHA is assisted by a variety of third parties to deliver the services we offer. These third parties change from time to time and include technology service providers for Internet, App services, cloud service, publishing and printing services. These third parties may be located in Australia or overseas locations, including but not limited to Singapore and the USA.
Wherever possible, AHHA imposes contractual restrictions equivalent to those imposed on the AHHA under the Privacy Act in respect of collection and use of personal information by those third parties.
AHHA will obtain an individual’s specific consent prior to disclosing information for the purposes of direct marketing of the AHHA’s services. An individual will be able to opt-out of direct marketing at any time if they so choose.
Under no circumstances will AHHA sell or receive payment for licensing or disclosing an individual’s personal information.
4. Data quality
We take steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
5. Security of personal information
AHHA takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. When the personal information that we collect is no longer required, we destroy or delete it in a secure manner.
All credit card details are only stored and transmitted in encrypted form. Unencrypted credit card information isNOT stored on our internet servers. Online credit card payments are currently processed using a third party payment gateway service run by E Way. E Way provides a plastic card industry data security scheme compliant payment gateway service to AHHA that is used to securely process customer payments. Credit card information is never stored in a cookie.
If an individual use their credit card and the transaction is manual rather than electronic, the record will be stored by AHHA for the period that financial records are required to be retained following which it will be destroyed in a secure manner.
There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. In relation to our own servers, we take all reasonable steps to manage data stored on our servers to ensure data security.
Part B – Contact AHHA
6. Accessing personal information
Individuals can access the personal information that we hold about them, and they can ask us to correct the personal information we hold about them. AHHA will take reasonable steps to make appropriate corrections to personal information so that it is accurate, complete and up-to-date unless we consider that there is a sound reason under the Privacy Act or other relevant law to withhold the information, or not make the changes. If AHHAdoes not agree to make requested changes to personal information an individual may make a statement about the requested changes and AHHA will attach this to the record.
If an individual is listed on our network or email lists they are given the opportunity to opt out at any time. An individual can unsubscribe by using the ‘unsubscribe’ options noted in our emails.
7. Complaint Handling Processes
An individual may complain to AHHA about the way we handled their personal information. A complaint should be handled in a timely manner and, where appropriate, resolved quickly and informally. Complaints about AHHAactions should be made in writing. On receipt, the complaint is referred to the Director of Policy and Networks.
A complaint received should always be examined to see whether AHHA acted appropriately. If not, it may be appropriate to provide an explanation or apology. If further action is deemed to be required, the matter may be referred to the Chief Executive for consideration. All responses to complaints will be made in writing.
Under the Privacy Act an individual can make a complaint to the Office of the Australian Information Commissioner about the handling of their personal information by private sector organisations covered by the Privacy Act.