We recognise the importance of protecting the privacy rights of individuals in relation to their personal information. This document tells you how we collect and manage personal information. We respect your rights to privacy under the Privacy Act 1988 (Commonwealth) (Privacy Act) and we comply with all of the requirements of the Privacy Act’s in respect of the collection, management and disclosure of your personal information.
What is your personal information?
Collection, use, holding and disclosure of personal information by COTA ACT
COTA ACT may generally collect the following types of personal information about you:
- mailing or street address;
- email address;
- telephone number;
- age or birth date;
- details of the services you have acquired from us or which you have enquired about, together with any additional information necessary to deliver those services and to respond to your enquiries; and
- any additional information relating to you that you provide to us through our website or to our representatives.
We may also collect sensitive information about you if it is necessary for us to provide our services to you or if you volunteer with COTA ACT. Sensitive information includes health information (such as any medical conditions you may have, details of any medical treatment you may be receiving and your wishes about future medical treatment), racial or ethnic origin, criminal record, political opinions and membership of any political, professional or trade association or union.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in various ways, including:
- through your access and use of our website;
- during conversations between you and our representatives; or
- from any documents that you provide to us.
We may also collect personal information from third parties including:
- any medical professional who is providing medical or health services to you;
- if you become a member of COTA ACT, a third party acting on our behalf will collect membership-related information from you; or
- from third parties such as credit reporting bodies, law enforcement agencies and other government departments and agencies, such as Centrelink or MediCare.
We collect personal information about you so that we can provide our services to you or otherwise engage with you. We collect, hold, use and disclose your personal information for the following purposes:
- to provide advice, assistance and our other services to you and to send communications requested by you;
- to answer enquiries and provide information or advice about existing and new services;
- if you become a member of COTA ACT, to administer your membership;
- if you wish to volunteer with COTA ACT, to contact you about volunteering opportunities and to manage your volunteering activities;
- if you are attending a COTA ACT event, to manage your attendance at our event and to obtain payment from you for any attendance or entrance fees that may be payable;
- if you participate in a focus group, research project or other program run by COTA ACT, to manage your participation and contact you in relation to that participation (including to obtain your feedback);
- to assess the performance of our website and to improve the operation of the website;
- for the administrative, planning, product or service development, quality control and research purposes of us and our related parties, contractors or service providers;
- to provide your updated personal information to our related parties, contractors or service providers;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.
Who do we disclose your information to?
We may disclose your personal information to:
- our employees, related parties, contractors or service providers for the purposes of providing and administering our services, for the operation of our website or our business and otherwise for fulfilling requests made by you, and
- third parties as may be required in order for us to provide our services to you, including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
- any organisation for any authorised purpose with your express consent.
We may combine or share any information that we collect from you with information collected by any of our related parties (within Australia).
Direct marketing materials
We may send you e-newsletters, marketing communications and information about our events and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our IT service providers for some of the purposes listed above. We take reasonable steps to ensure that we do not breach the privacy obligations relating to your personal information.
Security and data quality
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form. Any personal information in hardcopy format is stored in locked filing cabinets. Personal information in electronic form is stored on password-protected computer servers. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later).
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it. We will treat your complaint confidentially, investigate your complaint promptly and aim to ensure that we contact you to endeavour to ensure that your complaint is resolved within a reasonable time (and in any event within the time required by the Privacy Act, if applicable). Our complaints handling process applies to our handling of your privacy-related complaint.
Our complaints handling policy recognises that the following grounds can be the basis for a complaint:
- breach of client confidentiality or privacy;
- poor quality service;
- invasion of personal rights;
- conflict through misunderstanding or miscommunication; and
- problem with action or information produced by us.
Our complaint handling procedure applies to complaints that are made either verbally or in writing. We will generally handle complaints in the following manner:
- Clients submit a complaint either verbally or in writing.
- Clients can make complaints anonymously if they wish.
We commence action to resolve a complaint within 7 days of the complaint.
The assistance of qualified interpreters is provided if necessary.
Complaints are addressed without impacting on the client’s right to further and future assistance from COTA ACT
Please contact our Privacy Officer at:
Post: J Mobbs, Hughes Community Building, 2 Wisdom Street, Hughes ACT 2605
Tel: 02 6282 3777