(Revised May 2018)
PURPOSE AND PREAMBLE
This policy applies to the Australian Nursing and Midwifery Federation (SA Branch), the Australian Nursing Federation (South Australian Branch), the Australian Nursing and Midwifery Education Centre (ANMEC) and Union Legal SA Pty Ltd as trustee (within this policy referred to collectively as “the Group”).
In the course of its everyday activities, the Group may collect and use personal information from, or on behalf of, members and students, and in some circumstances former members and students in order to provide:
- professional and industrial services related to the professions of nursing and midwifery (including but not limited to assistants in nursing, personal care workers);
- education to nurses, midwives and other persons eligible for membership and other occupations that may access qualifications or courses developed by ANMEC; and
- legal services to members and eligible family members
Personal information is also collected from subscribers to the Group’s publications.
This Policy also sets out the broad controls which the Group has adopted to govern the way it uses personal information, the circumstances in which it might disclose personal information to third parties, how members and students can access their personal information held by the Group and what they can do if they are not satisfied with the Group’s treatment of their personal information.
This policy applies to any persons in respect of whom the Group currently holds, or may in the future collect, personal information.
“Personal Information” – information or opinion, whether true or not, regarding an individual whose identity is apparent or can reasonably be ascertained from the information or opinion
“Sensitive Information” – is personal information or opinion about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or personal health.
How this Policy applies:
This Policy applies to personal information the Group collects from you in the course of any interaction or communication including:
- via one of our websites;
- via social media;
- via telephone;
- via email;
- via fax;
- in person; and/or
- in writing.
This Policy also applies to personal information the Group collects from any other third party, about you.
The kinds of information the ANMFSA may collect:
From time to time you may voluntarily supply your personal information to the Group. The Group will record your e-mail address if you send us a message or otherwise use a communication that identifies your email address, subscribe to an email newsletter, or complete a form if this information is requested.
When you provide your personal information, it allows us, for example, assist you with industrial relations and employment queries, inform you about industrial, professional, social and political campaigns and accept your application for membership or enrolment as a student. You may also supply personal information to the Group through other means, including responding to a survey, filling in a meeting attendance sheet, taking part in a competition, completing a membership form, discussing your issues with a delegate, signing up to a campaign, completing an enrolment form for a course we conduct. The Group only collects and retains personal information that is necessary for the Group to perform its functions and/or activities.
Depending upon the circumstances you may provide to the Group, and the Group may collect, information such as, but not limited to:
- your name;
- your contact details;
- your social media details (e.g. blogs, twitter, Facebook, LinkedIn);
- your gender;
- your marital/relationship status;
- your age;
- your employment details;
- your educational qualifications; and
- your inquiry or complaint details.
Some personal information collected is considered sensitive information and includes:
- your political opinions;
- your political party membership (if any);
- your union membership (if any);
- your racial or ethnic origin;
- your sexual orientation;
- any disabilities, illnesses or injuries you may have; and/or
- any other health information.
The Privacy Act allows the Group to collect sensitive information which relates solely to the Group’s members and students or people who have regular contact with the Group where the sensitive information relates to the Group’s activities. We will only collect sensitive information where we have received your consent to your personal information being collected, used, disclosed and stored by the Group in accordance with this Policy.
Where you provide information to the Group in relation to a job application the personal information you provide will only be collected, held, used and disclosed for the purposes of considering your potential employment with the Group. Where you provide the details of referees, you confirm that you have informed the referees that you are providing their contact information to the Group and they have consented to the Group contacting them and discussing the personal information you have provided in relation to the job application.
Where you provide information to the Group in relation to a training application, the personal information you provide will only be collected, held, used and disclosed for the purposes of considering your potential enrolment in a training course of the Group including, where relevant, provisions to other parties in supporting your entitlements to access funding for such training by those third party organisations. Successful enrolment may require the collection of personal and sensitive information so as to provide training services and as required by relevant legislation and regulations governing a Registered Training Organisation.
We will collect personal information directly from you unless:
- you have consented to the Group’s collection of your personal information from third parties; or
- when we are legally required to do so; or
- it is unreasonable or impractical to do so.
Where we have collected personal information about you either directly or by other means as set out above, we will notify you at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose.
You can choose to interact with us anonymously or by using a pseudonym where it is lawful and practicable. For example, you may wish to participate in a blog or enquire about a particular campaign anonymously or under a pseudonym. Your decision to interact anonymously or by using a pseudonym may affect the level of services we can offer you. It is important to note that the Group’s industrial and professional services are available only to members. Some educational services are also only provided to members or discounted fees are made available to members.
Failure to identify yourself as a financial member by name and/or by membership identifier may lead to you being refused access to some or all of the services provided by the Group. For example, we may not be able to assist you with a specific industrial enquiry or investigate a privacy complaint on an anonymous or pseudonymous basis. We will inform you if this is the case and let you know the options available to you.
If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
The purposes, for which personal information is collected, held, used and disclosed:
The Group collects, holds, uses and discloses your personal information to:
- assist you with industrial relations and employment queries;
- provide you with representation to a range of legal and administrative authorities and tribunals;
- inform you about industrial, social and political campaigns;
- inform you about your rights at work;
- inform you about changes to legislation;
- refer you to a legal practitioner, accountant or other professional;
- improve our service delivery;
- manage our relationship with you;
- conduct surveys and research;
- provide educational services and professional development;
- conduct Union elections;
- assist with training enquiries and enrol you in education and training courses; and/or
- comply with relevant authorities in relation to reporting on students activities during training courses we conduct.
Using your information for direct marketing and other communications:
You may consent to our use and disclosure of your personal information for the purposes of direct marketing which may include providing you with information about events, news, products or services which may be of interest to you.
If you do not want us to use your personal information for direct marketing purposes, you may elect not to receive direct marketing at the time of providing your personal information.
Unsubscribing and opting out:
If you no longer wish to receive direct marketing or other communications, you may request at any time to cancel your consent to such communications as follows:
- If subscribing to an email newsletter you may “unsubscribe” at any time from the newsletter mailing list;
- The Group may, from time to time, send you text messages about issues of importance such as events or campaigns. You may “opt out” by texting STOP in reply to a text message from the Group; or
- You may contact us at any time by mail or email directed to our Privacy Officer.
The Group’s websites collect two types of information. The first type is anonymous information.
The web server makes a record of your visit and logs the following information for statistical purposes:
- the user’s server address;
- the user’s top level domain name (e.g. com, .gov, .net, .au, etc.);
- the date and time of the visit to the site;
- the pages accessed and documents downloaded;
- the previous site visited; and
- the type of browser used.
No attempt will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider’s logs.
Disclosure of personal information:
The Group respects the privacy of personal information and will take reasonable steps to keep it strictly confidential and only use or disclose the personal information about an individual for the purpose for which the information is collected. Personal information is not used or disclosed for a secondary (related) purpose, except in accordance with the APP’s.
The Group will disclose personal information to third parties if it is necessary for the primary purposes of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected by the individual. Where such disclosure is necessary, the Group will require that the third party undertake to treat the personal information in accordance with the APP’s.
The Group may also use or disclose personal information about an individual for a secondary purpose if it has obtained the individual’s consent (either express or implied).
The Group will not otherwise disclose personal information unless the individual has given consent or that disclosure is required by law.
No personal information is disclosed to third parties for the purposes of direct marketing. Personal information (such as name and address), is used, from time to time, for the purpose of forwarding information in the form of journals, newsletters and circulars, unless an individual requests that their personal information is not used for that purpose.
The Group will take all reasonable steps to ensure that all personal information held is secure from unauthorised access or disclosure. However, the Group does not guarantee that personal information cannot be accessed by an unauthorised person (eg. a hacker) or that unauthorised disclosures will not occur.
Nonetheless, the Group has various security measures designed to protect against the loss, misuse and/or alteration of the information under its control. These security measures include:
- Firewalls, user identifiers and passwords – to prevent the hacking of our database and ensure access only by authorised personnel. This includes situations where information may be stored on servers managed by third parties;
- Clauses in employee agreements requiring confidentiality;
- Appropriate security access to the Group’s facility at Ridleyton;
- the use of passwords for access to database information and the use of security levels within the database to ensure that staff, members and students only access the information required to perform their duties/activities;
- Security bins for the disposal of written information; and
- Secure storage areas for personal and student files.
Security arrangements are monitored and reviewed regularly and all staff made aware of organisational systems for the processing, storing and transmitting of personal information and the protective security policies associated with this.
An eligible data breach occurs if:
- There is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by Group; and
- The access, disclosure or loss is likely to result in serious harm to any individuals to whom the information relates.
In the case of an eligible data breach as described above, the Group will notify affected individuals that the breach is likely to result in serious harm. In addition, the Group will make a mandatory notification to the Privacy Commissioner.
The Group will not adopt as our own identifier a government related identifier of an individual, such as a tax file number or Medicare card number and will only use or disclose a government related identifier where the use or disclosure:
- is reasonably necessary for the Group to verify your identity for the purposes of our activities or functions;
- is reasonably necessary for the Group to fulfil its obligations to an agency or a State or Territory authority;
- is required or authorised by or under an Australian law
- is required in order to comply with requirements and regulations to conduct activities as a Registered Training Organisation; or
- is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Accessing personal information:
A person may request to access personal information about them held by the Group. Such a request must be in writing to the Privacy Officer. The Group will grant a person access to their personal information as soon as practicable, subject to the circumstances of the request.
The Group will inform individuals when personal information is provided to an organisation providing services to the Group when required by the APPs to do so. Providers of services to the Group have undertaken to treat all personal information provided to them by the Group consistent with the provisions of the Privacy Act and the APPs.
A request to access personal information will be rejected if:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of another person;
- providing access would pose a serious and imminent threat to the life or health of any person;
- providing access would prejudice the Group’s legal rights; or
- there are other legal grounds to deny the request.
The Group may seek to recover reasonable costs associated with providing such access. If, for any reason, access is refused, written reasons for the refusal will be provided.
Correcting personal information:
The Group will take reasonable steps to ensure the accuracy and completeness of the personal information we hold. However, if a person believes that the personal information held about them is inaccurate or out of date, then they should contact the Group in writing.
Variations to the Policy:
This Policy may be varied from time to time and an updated version will be posted on the Group’s websites. Please check our websites regularly to ensure that you have the most recent version of the Policy.
PRIVACY OFFICER CONTACT DETAILS
The Privacy Officer
Australian Nursing and Midwifery Federation (SA Branch)
PO Box 861
REGENCY PARK BC SA 5942