Privacy Statement

Purpose

This Privacy Policy Statement is prepared in accordance with the National Privacy Principles ('NPPs') contained within the Commonwealth Privacy Act 1988 ('Act'). The NPPs set out minimum standards for the way in which organisations deal with individuals' personal information. Under the Act, personal information includes information from which an individual's identity is apparent or is reasonably ascertainable.

Privacy Commitment

CRC CARE is committed to the protection of individuals' personal information in accordance with the NPPs. The NPP outlines how the CRC collects, stores, uses and discloses personal information, and the rights of individuals to gain access to information held about them by CRC CARE.

Collection of Personal Information

CRC CARE only collects personal information which is necessary in connection with its business purposes. The purposes for which the CRC collects personal information include:

responding to issues addressed by an individual to the CRC;
facilitating the conduct of business transactions and operations between the CRC and the individual;
providing a newsletter subscription service to individuals; and
ensuring that our website at www.crccare.com remains relevant to individuals.

The specific types of personal information collected and used by the CRC varies according to the purpose for collection. However, in general this information includes:

individuals' names, addresses, contact details (eg telephone number, facsimile number and email address);
information about transactions or dealings between individuals and the CRC; and
individuals' areas of interest.

The CRC collects most of the personal information it requires directly from the relevant individual by way of written forms completed by the individual. The CRC may also collect information from individuals by telephone, in person, by its representatives, or by written correspondence from time to time. In certain circumstances, the CRC may also collect personal information about an individual from third parties.

It is important that the CRC collects the information it requires about an individual in order to provide services which remain relevant.

Where an individual provides the CRC with personal information about another individual, they must first ensure that the other individual is aware of:

the disclosure of their information to the CRC and the purposes for which the information is collected by the CRC; and
the individual's ability to request access to the personal information held about them by the CRC, and to advise the CRC if they think the information is inaccurate, incomplete or out-of-date.

The CRC does not actively collect sensitive personal information about individuals. However, if sensitive information is collected, the CRC will first obtain the consent of the relevant individual, or otherwise ensure that the collection is in accordance with the NPPs.

Use and Disclosure of Personal Information

CRC CARE may use and disclose an individual's personal information for the primary purpose for which the information was collected (see Collection of Personal Information), reasonably expected secondary purposes, where the individual has consented, and otherwise in accordance with the NPPs, including:

to provide goods or services to the individual, including a newsletter subscription service;
to provide information to members of the CRC;
where required or authorised by law;
to provide information to agents, contractors and service providers engaged by the CRC to deliver goods and services or otherwise act on behalf of the CRC, or to provide goods and services to the CRC, the identity of which may change from time to time;
to investigate and resolve complaints concerning the provision of services by the CRC or others associated with the CRC; and
to provide individuals with updates and other information from time to time about the CRC's goods, services and activities. Individuals may notify the CRC by written notice addressed to the CRC General Manager at any time if they do not wish to receive this information.

The CRC will only transfer personal information outside of Australia in accordance with the NPPs including:

with the individual's consent;
where the CRC is under a contractual obligation (with the individual or another party) to do so, or there is some other benefit to the individual; or
where the CRC is satisfied that the recipient of the information will uphold principles for the fair handling of personal information, and will not deal with the personal information in a manner inconsistent with the NPPs and this Privacy Policy.

Data Quality, Storage and Security

The CRC strives to ensure that all personal information held in its records is accurate, complete and up-to-date.

Personal information is held in a combination of electronic and hard copy records stored securely at the CRC's facilities. Hard copy information is stored in secure office facilities at the CRC's premises. Electronic information is protected by password security and other data protection measures.

Access to personal information is restricted in accordance with the CRC's procedures to those personnel whose job functions require access to such information.

Access and Correction

Individuals may obtain access to the information held about them by the CRC by written request to the CRC's General Manager as detailed below.

In accordance with the NPPs, the CRC may deny access to requests for access to information in certain circumstances, including where:

providing access would have an unreasonable impact upon the privacy of another individual;
in the CRC's opinion, the request is frivolous or vexatious;
providing access to the information would be unlawful, or the law permits the CRC to deny access; or
the information relates to existing or anticipated legal proceedings, or would prejudice the CRC's commercial negotiations with an individual.

The CRC will correct any personal information which it becomes aware is inaccurate, incomplete or out of date.