In Australia, the key privacy legislation applying to Brightidea is the Privacy Act 1988 (Cth). The Privacy Act applies to most private sector organizations operating in Australia and sets a national standard for the collection, use and disclosure, quality and security of “Personal Information”. In particular, the Privacy Act establishes the Australian Privacy Principles (APPs) (effective from 12 March 2014) that sets out these key obligations.
The APPs regulate the collection, use and disclosure of personal information, and also allow individuals to access their personal information and have it corrected if it is incorrect. There are also separate APPs that deal with the use and disclosure of personal information for the purpose of direct marketing (APP 7) and cross-border disclosure of personal information (APP 8). Further information regarding the APPs are set out on the Australian Government website www.oaic.gov.au.
Our policy is compliant with the Australian Privacy Act and the Australian Privacy Principles.
The most significant of the APPs are summarized below:
- APP 1 (open and transparent management of personal information) provides that entities must take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs and publish their privacy policy;
- APP 5 (notification of collecting personal information) requires entities to ensure that at before, at the time of, or as soon as practicable after, an entity collects personal information from an individual the entity must take such steps as are reasonable in the circumstances to notify the individual of the collection of the personal information;
- APP 7 (direct marketing) restricts the use or disclosure of personal information for direct marketing unless an exception applies; and
- APP 8 (cross-border disclosure of personal information) requires that before an entity discloses personal information about an individual to a person or entity overseas, the entity must take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Personal Information is defined as any information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
This information can include customer name and contact information including postal address, email address and telephone number, billing information, and transaction information for any products that may have been purchased.
We adhere to the Australian Privacy Principles for all personal information that we collect from our customers (i.e., the companies that utilize and pay for our service) and from any other individuals that we may receive or collect personal information from. In particular:
- We only collect personal information of the individuals who have registered or signed up for our services. Where we collect unsolicited information, we deal with this according to the APPs and our Privacy Policy;
- We only use personal information for the purposes set out in our Privacy Policy and we only disclose such personal information to third party vendors to whom customers link from our service; and
Where it is reasonably practicable, we will give our customers access to their personal information, delete the personal information if requested, and retain it only as necessary to provide our services to our customers.
Comments