Definition of Personal Information
In alignment with the Privacy Act, “Personal Information” is defined as:
- ’Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- Whether the information or opinion is true or not; and
- Whether the information or opinion is recorded in a material form or not.’
The following are all examples of Personal Information:
- ‘Sensitive information’ (includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation or criminal record, provided the information or opinion otherwise meets the definition of personal information)
- ‘Health information’ (which is also ‘sensitive information’
- ‘Credit information’
- ‘Employee record’ information, and
- ‘Tax file number information’.
Collection of Personal Information
OCSC only collects Personal Information where necessary to conduct our research and associated project activities. The nature of the Personal Information which is held by us will vary depending on the nature of the interaction between you and the OCSC. OCSC may collect information in a variety of ways including (but not limited to) by phone, text, electronic/forms completed and provided to us via our websites or by email, fax, social media activities and newsletters.
OCSC will only collect Personal Information which identifies you when we, you or one of our research partners expressly provides it as part of our research activities (for which you will have provided consent). If we do collect identifiable data, it may include names, mail and email addresses, phone numbers. As you would reasonably expect, we may also collect data for providing you with updates through our services. We may also collect website and mobile apps statistics (which includes pages accessed and search terms used) but this information is not identifiable.
Use and Disclosure of Personal Information
OCSC uses Personal Information only to fulfil and undertake research projects and other activities and to provide certain services and advice.
You acknowledge that we may use your Personal Information to provide you with updated information on new projects, to alert you to events that we may organise or to conduct surveys or engage in other marketing purposes for which you would expect us in reasonable circumstances to communicate with you.
You acknowledge that OCSC’s obligation to disclose Personal Information may involve disclosure to entities located outside Australia (for example in relation to one of our research projects such as a foreign nation state). Where OCSC is required or authorised to disclose your Personal Information, you consent to the disclosure of your Personal Information to selected foreign entities. We may also disclose Personal Information to overseas recipients when storing Personal Information with “cloud” service providers which may be situated outside Australia. Therefore, accepting this policy, you are also accepting the terms and conditions of third parties where the OCSC stores Personal Information.
Security of Information
Access and Correction of Personal Information
Under the APPs and the Privacy Act, an individual has the right to obtain access to any Personal Information which OCSC holds about them and to advise of any perceived inaccuracy. There are some exceptions to this right set out in the Act. To make a request to access or update any Personal Information OCSC holds about you, please contact the OCSC Director on email@example.com.
As OCSC relies on the accuracy of the information you provide us, please notify us of any changes to your personal information details. We will require you to verify your identity and specify what information you require updating.
Enquiries and Complaints
If you would like further information about the way OCSC manages the Personal Information it holds, or wish to complain that you believe that OCSC has breached the APPs, please contact the OCSC Director on firstname.lastname@example.org.
OCSC and its Project Partners will make every effort to respond within a reasonable time. If you are not satisfied with the way a complaint is handled by either OCSC or its Project Partners, you are entitled to have your complaint reviewed under the Privacy Act. Please refer to the Office of the Australian Information Commissioner’s (OAIC) website at www.oaic.gov.au. The contact details for the OAIC is email@example.com.
Mandatory Data Breach Notification
OCSC and its Project Partners are committed to doing all that they can to protect data and personal information. As the internet is inherently insecure no matter how many protection measures are taken, should there be a data breach, OCSC and/or its Project Partners may, in compliance with the law, notify the relevant parties as soon as practicable.
In the case of what is known under the law as an ‘eligible data breach’, OCSC and/or its Project Partners may notify the relevant parties of what has occurred, what information is involved, what the implications may be, what can be done and what OCSC and/or its Project Partners will do in the specific circumstances.