We align with both the Australian Privacy Principles (APPs) and New Zealand Information Privacy Principles (NZ IPPs), ensuring we respect and protect individual privacy rights in both countries through compliant handling of personal information.
We manage personal information in an open and transparent way. This includes having a clearly defined privacy policy that outlines how we collect, use, disclose, and store personal information.
Wherever practicable, we give individuals the option of not identifying themselves, or using a pseudonym, when dealing with us.
We only collect personal information that is reasonably necessary for our functions or activities. We do so by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned.
If we receive personal information that we did not solicit, we determine whether we could have lawfully collected that information. If not, we destroy or de-identify it, as appropriate.
At or before the time of collection, or as soon thereafter as practicable, we notify individuals about the collection of their personal information, including the purposes of collection, the types of organisations to which we may disclose the information, and any relevant consequences if the information is not provided.
We only use or disclose personal information for the purpose for which it was collected, unless the individual consents to other uses or disclosures, or certain exceptions apply as provided by the Privacy Act.
We comply with the APPs’ specific provisions regarding direct marketing, ensuring individuals can opt-out of receiving direct marketing communications from us.
Before disclosing personal information to overseas recipients, we take reasonable steps to ensure that the overseas recipients do not breach the APPs in relation to the information.
We do not use government-related identifiers as our own identifiers of individuals and only use or disclose them as required by law or specified in the APPs.
We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. Similarly, we ensure that the personal information we use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete, and relevant.
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure. We also have procedures in place to destroy or de-identify personal information when it is no longer needed for any lawful purpose.
We provide individuals with access to their personal information and allow them to request the correction of their personal information to ensure it is accurate, up-to-date, complete, relevant, and not misleading.
We prioritise data sovereignty by ensuring all our data is locally hosted within Australia. This practice enhances data security and speeds, while also ensuring compliance with Australian data protection regulations.