1. Open and transparent management of personal information
1.1 We will take reasonable steps as to implement practices, procedures and systems to comply with the Act; including dealing with inquiries or complaints from You about Our compliance with the Australian Privacy Principles. Please see Section 15 below for procedures for making inquiries, requests or complaints.
2. Anonymity and pseudonymity
2.1 In our dealings with individuals, they will have the option of not identifying themselves, or of using a pseudonym, when dealing with Us in relation to a particular matter, unless Paragraph 2.2 applies.
2.2 Paragraph 2.1 does not apply where:
3. Collection of solicited personal information
3.2 If at any time We meet the definition of an “organisation” under the Privacy Act 1988, We will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of Our functions or activities. Please see Section 14 below for the definition of the terms “organisation” and “sensitive information”.
3.3 We will not collect sensitive information about You unless:
3.4 This Paragraph applies in relation to sensitive information about You if:
3.5 We will collect personal information only by lawful and fair means.
3.6 Preferably, We will collect personal information about You only from You. If You expressly authorise Us to collect Your personal information from another source, but We can collect the same information from You, we will prefer to obtain that information from You except where it is reasonably necessary to collect it from the third party or where You have directed Us to do that. In an urgent or emergency situation, We may have no alternative other than to source Your personal information, such as contact details, from a third party.
3.7 This Section No.3 applies to the collection of personal information that is solicited by Us. For online payments, this information usually includes purchaser payment data. If payments to us are processed via third parties, we may not normally see or collect payment data other than what is presented in the third party’s statements or reports to us.
4. Dealing with unsolicited personal information
We must, within a reasonable period after receiving the information, determine whether or not We could have collected the information under policy No.3.
4.2 We may use or disclose the personal information for the purposes of making the determination under Paragraph 4.1.
4.3 If We determine that We could not have collected the personal information, We must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified, except where the Act permits Us to retain the information.
4.4 If We do not destroy or de-identify the information under Paragraph 4.3, Policies 5 to 13 will apply in relation to the information in the same way as information collected under Section 3.
5. Notification of the collection of personal information
5.1 At the time that We collect Your personal information, wherever reasonably practicable, We will:
5.2 The relevant matters are:
6. Use or disclosure of personal information
6.1 If We hold Your personal information because it was collected for one purpose (the primary purpose), We will not use or disclose it for another purpose (the secondary purpose) unless:
Note: Section 8 applies to the disclosure of personal information to a person who is not located in Australia.
6.2 The Act permits us to use or disclose Your personal information for secondary purposes in certain circumstances. For example, we may do so if it is reasonable for us to assume you would consent to that use or disclosure.
6.3 In some circumstances, the Act requires us to de-identify Your personal information before using or disclosing it for a secondary purpose.
6.4 If We use or disclose personal information in accordance with Paragraph 6.2, We will record the use or disclosure.
6.5 If We acquire Your personal information from a related body corporate; we will treat it as personal information we have collected ourselves.
6.6 This Section 6 does not apply to the use or disclosure by Us, if we are an organisation within the meaning of the Privacy Act, of:
7. Direct marketing
7.1 If We hold Your personal information, We must not use or disclose the information for the purpose of direct marketing, except as permitted by Paragraph 7.2.
7.2 Despite Paragraph 7.1, We may use or disclose Your personal information (other than sensitive information) for the purpose of direct marketing if:
7.3 Despite Paragraph 7.1, if We are an organisation within the meaning of the Act, We may use or disclose Your personal information (other than sensitive information) for the purpose of direct marketing if:
7.4 Despite Paragraph 7.1, if We are an organisation We may use or disclose Your sensitive information for the purpose of direct marketing if You have consented to the use or disclosure of the information for that purpose.
7.5 Despite Paragraph 7.1, if We are an organisation within the meaning of the Act, We may use or disclose Your personal information for the purpose of direct marketing if We are a contracted service provider for a Commonwealth contract; and
7.6 If We are an organisation within the meaning of the Act and We use or disclose personal information about You:
7.7 If You make a request under Paragraph 7.6, We will not charge You for the making of, or giving effect to, the request and:
7.8 This Section No.7 does not apply to the extent that any of the following apply:
8. Cross-border disclosure of personal information
8.1 Before We disclose personal information about You to a person (the overseas recipient):
We must take whatever steps are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Principle 1) in relation to the information.
Note: In certain circumstances, an act done, or a practice engaged in, by the overseas recipient is taken, under section 16C of the Privacy Act, to have been done, or engaged in, by Us and to be a breach of the Australian Privacy Principles.
8.2 Paragraph 8.1 does not apply to the disclosure of Your personal information by Us to the overseas recipient if:
9. Adoption, use or disclosure of government-related identifiers
9.1 We will not adopt a government-related identifier issued to You, such as Your Medicare number, as Our identifier for You unless that action is expressly authorised by law.
10. Quality of personal information
10.1 We will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that We collect is accurate, up-to-date and complete.
10.2 We will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that We use or disclose is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.
10.3 We request that You assist Us to keep Your personal information accurate and up to date by alerting us of any errors or other problems in a timely manner. Please refer to Section 15 below for instructions on how to contact Us.
11. Security of personal information
11.1 If We hold personal information, We will take such steps as are reasonable in the circumstances to protect the information:
12. Access to personal information
12.1 If We hold Your personal information, We will, on Your request, give You access to the information.
12.2 If We refuse:
We will take such steps (if any) as are reasonable in the circumstances to give You access in a way that meets Your needs and Ours.
12.3 Without limiting Paragraph 12.1, access to Your personal information may be given through a mutually agreed intermediary.
12.4 If We charge You to access Your personal information, the charge will not be excessive and will not apply to making of the request. Currently, Our policy is to request You to pay a reasonable administration fee where Your request will involve more than a negligible amount of time, effort or expense to retrieve and provide you with Your requested personal information. Any fees that we request are proportional to the amount of time, effort and expense involved in meeting Your request, and are intended to do no more than defray the relevant costs.
12.5 If We refuse to give You access to personal information, or to give access in the manner requested by You, We will give You a written explanation of:
12.6 We can refuse to give You access to Your personal information on grounds of commercial sensitivity where that reason is permitted by the Act.
13. Correction of personal information
13.3 If We refuse to notify another entity of a correction of personal information as requested by You, We will give You an explanation of:
13.5 If a request is made as described in paragraphs 13.1 or 13.4, We:
13.6 You can communicate with Us regarding any correction that you seek to Your personal information via the methods set out in Section 15 below.
14.1 Definition of personal information
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
14.2 Definition of sensitive information
Sensitive information means:
14.3 Definition of “Organisation”
(a) an individual; or
(b) a body corporate; or
(c) a partnership; or
(d) any other unincorporated association; or
(e) a trust;
that is not a small business operator, a registered political party, an agency, a State or Territory authority or a prescribed instrumentality of a State or Territory.
Note: Regulations may prescribe an instrumentality by reference to one or more classes of instrumentality. See subsection 13(3) of the Legislative Instruments Act 2003.
Example: Regulations may prescribe an instrumentality of a State or Territory that is an incorporated company, society or association and therefore not a State or Territory authority.
A legal person can have a number of different capacities in which the person does things. In each of those capacities, the person is taken to be a different organisation.
Example: In addition to his or her personal capacity, an individual may be the trustee of one or more trusts. In his or her personal capacity, he or she is one organisation. As trustee of each trust, he or she is a different organisation
14.4 Definitions of “permitted general situation” and “permitted health situation”
The “permitted general situations” are the seven situations defined by s.16A of the Act, namely:
The “permitted health situations” are defined in s.16B of the Act and are:
15.1 If You have any inquiry, complaint, or request for access to Your personal information to make to Us, please direct it to:
Birchlane Pty Ltd (ACN 073 588 708) trading as AXIS PACKAGING, Unit 1, 3 Corporate Tce,
Pakenham VIC 3810.
15.2 We prefer communications by e-mail. Please send Your e-mail to: firstname.lastname@example.org