Information presented herein has been compiled from sources considered to be dependable and is accurate and reliable to the best of the knowledge and belief of AFC International Pty Limited but is not guaranteed to be so. Nothing herein is to be construed as recommending any practice or any product in violation of any patent or in violation of any law or regulation. It is the user's responsibility to determine for themself the suitability of any material for a specific purpose and to adopt such safety precautions as may be necessary. AFC International Pty Limited makes to warranty as to the results to be obtained in using any material and, since conditions of use are not under our control, we must necessarily disclaim all liability with respect to the use of any material supplied by AFC International Pty Limited. AFC International P/L endeavours to ensure that all information contained on this site is complete and correct at the time of inclusion. However, the completeness and accuracy of the information cannot be guaranteed and persons relying on information contained on this site do so completely at their own risk. AFC International P/L disclaims all liability for any loss or damage arising out of or in connection with the use of or reliance on the information in this site. Links in this site may be to sites which are not controlled by AFC International P/L . AFC International P/L accepts no responsibility or liability in respect of the information or content of any linked sites.
1. Purpose of Policy
This policy sets out the practices to be followed by all persons performing work within AFC International P/L for appropriate collection, holding, use, correction, disclosure and transfer of "personal" or "sensitive" information. This policy must be read and followed by all staff employed by or performing services within AFC International P/L.
2. What is "personal" and "sensitive" information?
These terms are defined in the Privacy Amendment (Private Sector) Act 2000 ("Privacy Act").
(a) "Personal Information" is defined broadly to mean any information or opinions about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Personal information includes a person's name, address, phone number, email address and other information or opinion that identifies or may identify that person.
"Sensitive Information" means:
(a) information or an opinion about an individual's:
(i) racial or ethnic origin
(ii) political opinions
(iii) membership of a political association
(iv) religious beliefs or affiliations
(v) philosophical beliefs
(vi) membership of a trade union
(vii) sexual preferences or practices
(viii) criminal record; that is also personal information; or
(b) health information about an individual.
3. What are the National Privacy Principles?
These are principles, set out in Schedule 3 to the Privacy Act, which govern how companies, organisations and businesses must deal with "personal" and "sensitive" information. These principles apply from 28/09/2010, and apply to not only to information recorded on paper or in internet systems, but also to information collected and applied through the internet or transmitted electronically by email. In summary:
NPP 1 - Collection
Personal information may only be collected if it is necessary for a function or activity of an organisation, whether collected from the individual themselves or from a third party. Organisations collecting personal information need to make sure the person giving personal information is aware of the identity of the organisation, the purpose for which the personal information is collected, how they can access the personal information and any third parties to whom the personal information may be disclosed. Revision A:1 Date: 28th September 2010
NPP2 - Use and Disclosure
Organisations may not use or disclose personal information collected in accordance with NPP1 other than for the main purpose for which it was collected, unless : the other purpose for which such personal information is used or disclosed is related to the main purpose; or the individual has consented to the use or disclosure of the personal information for that other purpose. Therefore, as an example of the application of this NPP, such personal information may be used for direct marketing only in certain circumstances.
NPP3 - Data Quality
An organisation needs to take “reasonable steps” to ensure that the personal information it collects uses or discloses is accurate, complete and up to date.
NPP4 - Data Security
Organisations must take “reasonable steps” to protect personal information from misuse and loss and from unauthorised access, modification or disclosure.
NPP5 - Openness
Organisations must adopt, maintain and record publicly expressed policies on how they will manage personal information, and make that policy available to anyone who asks for it (hence the existence of this Policy document).
NPP6 - Access and Correction
Organisations holding personal information about an individual need to provide that person with access to the personal information on request (subject to a few limited exceptions).
NPP7 - Identifiers
An organisation must not adopt as its own identifier any identifier of an individual which has been assigned by an agency or a contracted service provider for a Commonwealth Agency. We note that ABN’s do not fall within this NPP so an ABN number may be used as an identifier without breach of the principles.
NPP8 - Anonymity
Wherever lawful and practicable, individuals must be given the option of not identifying themselves when entering into transactions with an organisation.
NPP9 - Transborder Dataflows
An organisation in Australia may only transfer personal information about an individual to someone in a foreign country if they meet one of the specific conditions set out in the principle – certain limits are placed on these actions.
NPP10 - Sensitive Information
Sensitive information must only be collected if some of the narrow conditions set out in the Act apply, such as:-the individual consenting to the collection; or the collection being required by law; or the collection being necessary to prevent or lessen a serious and imminent threat to the life or health of an individual. Revision A:1 Date: 28th September 2010