We respect your rights to privacy under the Privacy Act 1988 (Cth Act) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal and sensitive information.
We may collect the following types of personal information:
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:
We may also collect personal information from third parties including:
If you do not provide us with the personal information described above, some or all of the following may happen:
We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service. We collect, hold, use and disclose your personal information for the following purposes:
We may disclose your personal information to:
We may combine or share any information that we collect from you with information collected by any of our related bodies corporate (within Australia).
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you and, if so, the fees will be $10.00. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, we will add a note to the personal information stating that you disagree with it.
‘Sensitive information’ is a sub-set of ‘personal information’ and is given a higher level of protection under the National Privacy Principles (NPPs).
Sensitive information is defined in the Privacy Act to mean information or an opinion about an individual’s:
Sensitive information also includes health information and genetic information about an individual that is not otherwise health information.
Sensitive information is subject to a higher level of privacy protection than other personal information handled by organisations in the following ways:
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
It is important to us that your information is accurate, up to date, complete and relevant.
We therefore encourage you to contact us by written request if you believe this may not be the case and if you would like:
We endeavour to assist with your request within a reasonable time frame (and at the latest within 1 month of your request) unless it is unlawful to do so, if there are ongoing legal proceedings or if the request is deemed frivolous or vexatious.
We will treat your requests or complaints confidentially. Our representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We will aim to ensure that your complaint is resolved in a timely and appropriate manner.
You can obtain the information specified above or contact us using the following details below:
WA Ostomy Association Inc.
Post: PO Box 706, Mt Lawley, WA 6929
Tel: (08) 9272 1833
Email: [email protected]
In the event of a serious data breach involving personal information that is likely to result in serious risk of harm to an individual, we will promptly contain the breach and take remedial action including, where appropriate, an assessment of the suspected data breach. Where an eligible data breach has been identified we will,
a) notify all individuals of the breach; or if that is not practicable
b) notify only the individuals whose personal information is at risk of serious harm (together, Notified Users).
We will provide Notified Users the details of the data breach, the kinds of information concerned in the data breach, the best way to contact us and our recommended steps in response to the data breach.
As soon as practicable after we become aware of the breach we will report a statement of the breach to the Australian Information Commissioner through the online platform.
If we deem (a) or (b) above not to be practicable, we will publish a copy of the statement prepared for the Australian Information Commissioner on our website.
If the breach involves data covered under the European Union General Data Protection Regulation we will advise the relevant supervisory authority of the data breach without undue delay and at the latest within 72 hours of becoming aware of the breach (otherwise a written explanation will accompany the notice) unless the risk is unlikely to be a high risk to rights and freedoms of individuals. The effected individual will also be notified as soon as possible after the incident where the breach poses a high risk to those individuals (unless there is effective technical and organisational protection measure that will ensure the risk is unlikely to occur).
We will take all reasonable steps to protect the security of the personal information that we hold and store against misuse, interference and loss due to unauthorised access, modification or disclosure.
We will keep your information for no longer than is necessary for our business purposes.
Data that is no longer necessary or required to be kept will be securely destroyed, de-identified or permanently deleted in accordance with our practices and procedures.