Policy version: 1
Date: 25 November 2019
The purpose of this policy is to ensure Developing East Arnhem Limited can collect personal information through its website necessary for its purposes and functions, while recognising the right of individuals to have their information handled in ways that meet legal requirements, and that they would reasonably expect.
DEAL is committed to protecting the personal information that we collect, use and disclose. This policy enables DEAL to collect information through its website and protects the rights individuals to privacy.
The Privacy Act 1988 protects and regulates the collection, holding, use and disclosure of an individual’s personal information and sensitive information. The core obligations in the Privacy Act are set out in the Australian Privacy Principles (found in Schedule 1 to the Act).
The Privacy Act defines ‘sensitive information’ to include personal information about an individual’s racial or ethnic origin, religious beliefs or affiliations, sexual orientation or practices or criminal record. DEAL will not purposefully collect or store sensitive information.
This Policy sets out our commitment to protecting the privacy of your personal information that we collect through this website www.developingeastarnhem.com.au (Site), or directly from you or from third parties.
You providing personal information indicates that you have had sufficient opportunity to access this Policy and that you have read and accepted it. If you do not wish to provide personal information to us, then you do not have to do so.
Please read this Policy carefully. Please contact us if you have any questions.
Any personal information collected or obtained by DEAL is collected, stored, and used only in accordance with the Privacy Laws, pursuant to section 5(7) of the Information Act (NT). DEAL will not access, use, disclose or retain any personal information as defined in section 5(7) of the Information Act (NT) except in performing their duties under this Policy.
Collection of Personal Information
DEAL will only collect personal information required to:
- communicate with the individual about DEAL activities, services, updates and opportunities; and/or
- complete processes or assessments, and/or deliver services or activities that the individual is contributing to or may be a beneficiary of.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. In some circumstances, however, we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party. Any personal information received from third parties will be treated in accordance with this Policy.
Use of Personal Information
When personal information is collected from an individual, DEAL will take reasonable steps to ensure that personal information is used only for the purpose for which it was collected.
Personal information collected by DEAL can be used for a secondary purpose other than the above if:
- the individual consents;
- the individual would reasonably expect DEAL to use or disclose the information for a secondary purpose, and the secondary purpose is related to the primary purpose;
- the secondary use of the personal information is required or authorised by or under an Australian law;
- a permitted general situation exists in relation to the secondary use of the information;
- a permitted health situation exists in relation to the secondary use of the personal information; or
- DEAL has a reasonable belief that the secondary use is necessary for one or more enforcement related activities conducted by an enforcement body.
Disclosure of Personal Information
DEAL commits not to disclose an individual’s personal information to any other party except in the following circumstances:
- where the disclosure is consented to by the individual;
- where the use or disclosure is required or authorised by law; and/or
- in in order to store data with third party software providers utilised by DEAL for the purposes of data capture, storage and or communication, in which case the third party shall be bound by suitable undertakings to maintain such confidentiality.
While DEAL will require suitable undertakings from its providers, DEAL will not accept liability for the actions of third party software providers utilised by DEAL for data capture, storage and or communication. The direct or implied consent of an individual for DEAL to collect an individual’s personal information is done so with this in mind.
DEAL shall take all reasonable steps to protect the personal information held in its possession against loss, unauthorised access, use, modification, disclosure or misuse. Data is stored and kept secure in line with DEAL’s Information Technology Security Policy and the IT Policy and Procedure Manual.
Where there is suspicion of a data breach the CEO is to be notified immediately; and a reasonable and expeditious assessment must be carried out within 30 days of becoming aware of the possible breach as to whether the breach is in fact an eligible data breach.
Action must also be immediately taken to contain the breach, whether the breach is determined to be an eligible breach or not and review whether any action can be taken to prevent future breaches.
An eligible data breach occurs when the following criteria are met:
- there is unauthorised access to or disclosure of personal information held by DEAL;
- the breach is likely to result in serious harm to any of the individuals to whom the information relates; and
- DEAL had been unable to prevent the likely risk of serious harm with remedial action.
Where an eligible data breach has occurred, the following process must be followed in line with requirements of the Privacy Act:
- the Chairperson and Directors are to be notified immediately;
- the Office of the Australia Information Commissioner is to be notified immediately; and
- any parties who are at risk because of the breach of information are to be notified immediately.
If the assessment is inconclusive as to whether the breach is an eligible data breach, DEAL’s encourages the above process to be followed as part of risk mitigation.
If the assessment shows the breach was not an eligible data breach, no further action is required.
Cookies and Web Beacons
We may use web beacons on this Site from time to time. Web beacons or clear .gifsclear. gifs are small pieces of code placed on a web page to monitor the visitors’ behaviour and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
Links to Other Websites
Our Site may contain links to other websites of interest. We do not have any control over those websites. We are not responsible for or liable for the protection and privacy of any information which you provide whilst visiting such websites, and such websites are not governed by this Policy.
Your rights and controlling your personal information
Choice and consent: Providing us with your personal information is optional to you. You can choose not to provide personal information. When you provide us with your personal information, you consent to the terms in this Policy, and to us disclosing or receiving your personal information for these purposes.
Your provision of third party information: If you provide us with third party personal information then you warrant to us that you have the third party’s consent to provide this.
Access or correction of personal information: DEAL must take reasonable steps to ensure personal information it holds is accurate, up-to-date, complete, relevant and not misleading and has regard to the purpose for which it is held. Individuals have the right to request access to personal information DEAL holds about them or to correct it.
Your opinion and feedback: We may contact you to voluntarily respond to questionnaires, surveys or market research to seek your opinion and feedback. Providing this information is optional to you.
Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us at the email address listed in this Policy.
Unsubscribe: To unsubscribe from our e-mail database, or opt out of communications, please contact us.
Disposal of Personal Information
Where DEAL no longer requires personal information for any purpose for which the information may be used of disclosed under the Australian Privacy Principles (APP), DEAL must take reasonable steps to destroy the information or to ensure that it is de-identified. This requirement applies except where:
- The personal information is part of a Commonwealth record; or
- DEAL is required by law to retain the personal information.
The disposal of data when it is no longer required is managed in accordance with the following legislation depending on the nature of the information:
- Corporations Act 2001;
- Privacy Act 1988; and/or
- Fair Work Act 2009.
This Policy may be amended, including with changes, additions and deletions, from time to time in our sole discretion. Your continued use of our Site following any amendments indicates that you accept the amendments. You should check this Policy regularly, prior to providing personal information, to ensure you are aware of any changes, and only proceed to provide personal information if you accept the new Policy.
- Privacy Act 1988
- Information Act 2002 (NT)
- Corporations Act 2001
- Fair Work Act 2009