1. COLLECTION OF INFORMATION
1.1 Information collected
Carindale Vet Surgery collects personal information from manual order pads and web site forms related to ordering our products and services. The information collected includes: Names, Addresses, contact numbers, Email Address. Web Orders may collect credit card details for processing through our secure web site. Any such credit card details are not stored by Carindale Vet Surgery.
Carindale Vet Surgery uses the information it collects for the following purposes:
- To process and deliver the ordered products / services
- To notify customers of future products / service provided by Carindale Vet Surgery
1.2 Method of Collection
Carindale Vet Surgery collects personal information through the following methods:
- Carindale Vet Surgery Official Order Form
- Web Based Order Forms
- Web Based Feedback Forms
Carindale Vet Surgery will not notify you of this collection method directly. We do however ensure that information regarding the collection of information is available on our web site and on request.
1.4 Collect from you only
All information collected by Carindale Vet Surgery is done using the methods indicated in section 1.2 above. This information is provided by you as part of our ordering process. Where it is reasonable or practical to do so, we shall endeavour to only collect Information about you from you using the methods described above.
2. USE AND DISCLOSURE
We shall only disclose Personal Information in accordance with the terms of this Policy. However we do disclose Personal Information to Employees and Contractors as specified in this Policy.
2.2 Secondary Purpose
We shall not use or disclose any Information about you for a Secondary Purpose unless:
- both of the following apply:
- the Secondary Purpose is related to the Primary Purpose and if the Information is Sensitive Information, the secondary purpose is directly related to the Primary Purpose; and
- you would reasonably expect us to use or disclose the Information for the Secondary Purpose; or
- you have consented to the use or disclosure; or
- the Information is not Sensitive Information and the use of the Information is for the Secondary Purpose of direct marketing:
- it is impractical for us to seek your consent for that particular use;
- we have chosen not to charge you to give effect to your request not to receive direct marketing communications;
- you have not made a request to us not to receive direct marketing communications;
- in each direct marketing communication with you we have drawn your attention or prominently displayed a notice that you may express a wish not to receive any further direct marketing communications; and
- each written direct marketing communication from us to you specifies our business address and telephone number and the number at which we can be contacted directly; or
- we reasonably believe that the use or disclosure is necessary to lessen or prevent:
- serious or imminent threat to an individual’s life, health or safety; or
- a serious threat to public health or public safety;
- we have reason to suspect that unlawful activity is being engaged in and we use or disclose the Personal Information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
- the use or disclosure of the Information is required or authorised by or under law;
- we reasonably believe that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of the police or other enforcement body:
- the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
- the enforcement of laws relating to the confiscation of the proceeds of crime;
- protection of public revenues;
- the prevention, detection, investigation or remedy of seriously improper conduct or prescribed conduct;
- the preparation for or conduct of proceedings before and court or tribunal or implementation of the orders of the court tribunal.
2.3 Third Party Disclosure
Carindale Vet Surgery declares that it does not give, sell, lease or rent customer information in any form to third parties except in the course of those specified in section 2.1. Information collected is for the sole use of Carindale Vet Surgery. Carindale Vet Surgery takes all reasonable steps to ensure that the Information that we collect is protected from distribution.
3. DATA QUALITY
We will take all reasonable steps to ensure that the Information that we collect, use or disclose is accurate, complete and up to date.
4. DATA SECURITY
We will take reasonable steps at the time that we collect, use or disclose Information to secure the Information we hold from misuse and loss, unauthorised access, modification or disclosure.
4.2 Steps we will Take
To protect the Information we shall:
- adopt measures to prevent unauthorised entry to our premises, systems to detect unauthorised access and secure containers for storing paper based Personal Information;
- will adopt measures to protect our computer systems and networks for storing, processing and transmitting Personal Information and from unauthorised access, modification and disclosure;
- we shall protect communications via data transmission including emails and voice transmission from interception and preventing unauthorised intrusion into our computer networks;
- we shall adopt procedural and personnel measures for limiting access to Personal Information except by authorised staff approved for the Purposes and controls to minimise security risks to our information technology systems;
and such other Security measures as we consider reasonable.
4.3 Destruction of Information
We will take reasonable steps to destroy or permanently de-identify Personal Information if it is no longer needed for any Purpose, in a secure manner.
5.1 Provide Policy
We will make available to any person who requests it, a copy of this policy.
5.2 Specify Purposes
This policy will specify what sort of Personal Information we hold, the Purposes for which we hold the Personal Information and how we collect, hold, use or disclose that Information.
5.3 Contacting Us
You may contact us to request the Information specified in 5.2 above and to correct that Information (in accordance with clause 6) at our contact details which are specified in the Schedule.
6. ACCESS AND CORRECTION
6.1 Access to Information
We shall provide you with access to the Information held by us in relation to you except to the extent that:
- in the case of Personal Information other than Health Information, providing access would pose a serious and imminent threat to the life or health of any individual; or
- in the case of Health Information, providing access would pose a serious threat to the life or health of any individual; or
- Providing access would have an unreasonable impact upon the privacy of other individuals; or
- The request for access is frivolous or vexatious; or
- the Information relates to existing or anticipated legal proceedings between us and you and the Information would not be accessible by the process of discovery in those legal proceedings; or
- providing access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or
- providing access would be unlawful; or
- denying access is reasonable or authorised by or under law; or
- providing access would be likely to prejudice an investigation of possible unlawful activity; or
- providing access would be likely to prejudice:
- the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of prescribed law; or
- the enforcement of laws relating to the confiscation of the proceeds of crime; or
- the protection of the public revenue; or
- the prevention, detection, investigation o remedy of seriously improper conduct or prescribed conduct; or
- the preparation for or conduct of proceedings before any court or tribunal or implementation of its orders; by or on behalf of the police or an enforcement body; or
- an enforcement body performing a lawful security function asks us not to provide access to the Information on the basis that providing access would be likely to cause damage to the security of Australia.
6.2 Request for Access
To request access to the Information held by us about you, you must complete the Request Form annexed to this Policy and we shall contact you within 14 days either provide you with that Personal Information, or notifying you when we shall provide you with the Personal Information which in any event should not be more than 30 days after you have lodged your Request Form or we will advise you that you that we will not be providing you with access and the reasons that we shall not providing you with access.
6.3 Commercially Sensitive Information
Where providing access to the Personal Information would reveal evaluative information generated by us in connection with a commercially sensitive decision making process we will give you an explanation for the commercially sensitive decision rather than direct access to the Information.
6.4 Use of Intermediaries
Where because of any of the reasons described in 6.1 above we are not required to provide you with access to the Information then, we will if it is reasonable to do so, give consideration to whether the use of mutually agreed intermediaries would allow sufficient access to meet our needs and the needs of the Individual.
We reserve the right to charge an individual for providing access to their Personal Information. Those fees and charges will not be excessive, and will be determined by us from time to time and we shall notify you of those costs prior to providing you access to the Information. We may require those costs to be paid prior to providing you with access.
6.6 Correction of Information
If you establish that the Information we hold about you is not accurate, complete or up to date we shall take reasonable steps to correct the Information so that it is accurate, complete and up to date.
If we are not satisfied that the Information is not accurate, complete or up to date, we shall at your request keep with your Personal Information a statement noting your claim that the Information is not accurate, complete or up to date.
6.7 Refusal to Correct
If at any time we refuse or deny access to Information to you or refuse to correct Personal Information we shall provide you with reasons for such denial or refusal.
7.1 Use of Identifiers
We shall not use or disclose an Identifier assigned to an individual unless:
- it is necessary for us to fulfil our obligations to the Commonwealth;
- any of the reasons described in paragraph 2.1 (e) to 2.1 (h) above apply to the use or disclosure of the Identifier; or
- is otherwise lawful for us to do so.
7.2 Identifying You
We shall not adopt as a means to identify you, your Identifier except to the extent we are authorised to do so by law.
Unless there is a good practical or legal reason to require identification, we shall allow you to transact with us anonymously to the extent that it is practical for us to do so.
9. TRANSBORDER DATA FLOWS
We shall not transfer Information to someone or to another organisation in a foreign country unless:
- we reasonably believe that the Third Party Recipient is subject to a law, a binding scheme or a contract which effectively upholds principles for the fair handling of the Information that are substantially similar to the National Privacy Principles; or
- you consent to the transfer;
- the transfer is necessary to perform a contract between you and us or the implementation of pre-contractual measures taken in response to your request; or
- the transfer is necessary for the conclusion or performance of a contract concluded in the interests between ourselves and a third party; or
- all of the following apply:
- the transfer is for your benefit;
- it is impractical to obtain your consent to that transfer;
- if it were practical to obtain your consent, you would be likely to give it; or
- we have taken reasonable steps to ensure that the Information which we intend to transfer will not be held, used or disclosed by the Third Party Recipient inconsistently with the National Privacy Principles.
10. COMPLAINT HANDLING PROCESS
If you believe that we have used or disclosed your Personal Information in a manner which is contrary to this Policy or otherwise breaches the Act, then you should contact us by telephoning our contact as specified in the Schedule to this Policy. If we are able to answer your queries by telephone then we shall endeavour to do so. If we are unable to resolve the matter with you by phone we will provide you with a complaint form to enable you to notify us in writing of the details of your complaint.
10.2 Our Response
Within 30 days of receipt of your complaint form we shall notify you in writing as to what action we propose to take in relation to your complaint and shall provide you with details of what further action you can take if you are not satisfied with our response.
11. SENSITIVE INFORMATION
11.1 Collection of Sensitive Information
We shall not collect Sensitive Information unless:
- you have consented;
- the collection is required by law;
- the collection is necessary to prevent or lessen serious or imminent threat to the life or health of any individual where you:
- are physically or legally incapable of giving consent to the collection; or
- physically cannot communicate consent to the collection; or
- the collection is necessary for the establishment, exercise or defence of legal action.
“Act” means the Privacy Amendment (Private Sector) Act 2000;
“Contractors” means those parties described as such in the Schedule;
“Identifier” means a number assigned by the Commonwealth of Australia or a department or agency on its behalf to an individual to identify uniquely that individual for the purposes of the Commonwealth’s operations. However an individual’s name or Australian Business Number as defined in the A New Tax System (Australian Business Number) Act 1999 is not an Identifier;
“Information” means Personal Information collected about an individual and includes Health Information and Sensitive Information;
“Internal Recipients” means those parties described as such in the Schedule;
“National Privacy Principles” means the National Privacy Principles specified in the Act;
“Non Profit Organisations” means a non profit organisation that has any racial, ethnic, political, religious, philosophical, professional, trade, or trade union aims;
“Organisation” means the Organisation described as such in the Schedule;
“Personal Information” means Information or opinion whether true or not and whether recorded in a material form or not about an individual whose identity is apparent or can reasonably be ascertained from the Information or opinion, and includes the Personal Information described in the Schedule;
“Purposes” means the primary and secondary purposes described in the Schedule;
“Recipients” means the Third Party Recipients and the Internal Recipients as described in the Schedule;
“Responsible” means in the context of clause 3.2, a person who is responsible for an individual and includes:
- A parent of the individual; or
- A child or sibling of the individual and at least 18 years of age; or
- A spouse or de facto spouse of the individual; or
- A relative of the individual at least 18 years of age and a member of the individual’s house hold;
- A guardian of the individual;
- Exercising an enduring power of attorney granted by the individual that is exercisable in relation to decisions about the individual’s health;
- A person who has an intimate personal relationship with the individual;
- A person nominated by the individual to be contacted in case of emergency.
“Security” means the security used to protect the Information from unauthorised access and disclosure and shall include the security measures described in the Schedule and Secure will have the same meaning;
“Sensitive Information” means Information or opinion about any individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health Information about an individual;
“Source” means the source of the Information which where it is practical and reasonable to do so shall be from the person about whom the Information is collected and otherwise from the parties described in the Schedule;
“Third Party Recipients” means those parties described as such in the Schedule;
“Us” means the Organisation and “We” shall have the same meaning;
“You” means the individual about whom we are collecting Information.