Privacy Summary Statement
4 January 2016
The Australian Industry Group (Ai Group) is bound to the Australian Privacy Principles (APPs) and the conditions protecting your personal information as set out in the Privacy Act 1988 and amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012. This Privacy Summary Statement (PSS) provides a snapshot of how Ai Group (and its related parties) implement and observe the APPs. References in this PSS to ‘you' are references to the individual reading it or submitting personal information to us. References to ‘Ai Group’ include each of our related parties in context. The small citations next to the relevant paragraphs headed ‘APP' refer to the APP in the amended Act.
About Ai Group
Ai Group is a not for profit organisation of employers incorporated under the provisions of the Fair Work (Registered Organisations) Act 2009. We provide primarily information services to our broad business membership across Australia. With membership of Ai Group comes the opportunity to access both membership entitlements and other services provided by us (sometimes through government funded programs) and our related parties, as well as any partners or affiliates contractually bound to provide services to our membership.
While these general principles apply across all our businesses including our related parties listed below, there may be specific instances when your engagement with us and the nature of that engagement necessitates specific responses to the APPs. In that case, you will be given appropriate notice for your information.
Our Related Parties
- Australian Industry Group Training Services Pty Ltd is a wholly owned subsidiary, operating solely as a trustee of a discretionary trust ( the Australian Industry Group Training Services Trust) that provides apprenticeship and traineeship services ( the GTC services), accredited VET training (the RTO services) and related policy and commercial services.
- Ai Group Legal Pty Ltd is another wholly owned subsidiary operating as the trustee of a unit trust which provides expert workplace relations and employment law legal services.
- Australian Industry Group Graduate Employment Pty Ltd is another trustee of a unit trust, that supplies graduate recruitment and employment services to industry.
- Confectionery BTW Pty Ltd is a wholly owned trustee for a special purpose unit trust for the confectionery industry.
Summary of Policy Principles
This summary sets out the basic tenets of our protection principles which we employ across our businesses.
To assist in understanding how our policy works for you, this summary includes both specific membership issues as well as those applicable to the general public (visitors to and users of our websites, contractors, suppliers, stakeholders and customers).
APP 2. If you want to communicate with us on a particular matter you may ask to remain anonymous or use a pseudonym provided that if we are collecting your personal information like your real name because we:
- need to verify membership with Ai Group and your authority to act on behalf of a member;
- need it to properly provide whatever service or advice you are seeking from us and it is impracticable for us to do that using a pseudonym or anonymity ;
- to verify or assist you with passwords or other security matters or other technical services like internet access; or
- we are required or authorised by law or a court or tribunal to identify you.
For our membership, we are contractually committed to protect your business confidentiality and we implement a number of governance measures to help protect the privacy of the individuals representing the member when dealing with us. For that reason we need to know that the information or advice we provide is going to the right person within the member entity. Accordingly, it will be only in isolated cases (e.g. when we are doing industry wide surveys) that your personal information can be obscured by anonymity or pseudonymity.
APP 3. Ai Group provides and offers services that may include those arising from a government funded program. In that case we may be bound contractually to the government agency presenting that program that only permits us to collect personal information that is reasonably necessary or directly related to that agency's functions or activities. In all other cases, we only collect the personal information that we need to do what you want us to do (subject to any lawful requirements that compel us to collect more).
For our membership and the individuals representing our members, we collect the personal information that is reasonably necessary for us to efficiently professionally and relevantly provide you with our membership services and to give you the ease of access and opportunities to use the other suite of services we may have available from time to time.
We try and collect your personal information directly from you rather than through others but this is sometimes impracticable or unreasonable. If we have collected your personal data from another source then we will tell you where we got it from and why.
Many of our members and clients are incorporated entities. For them, we have solicited personal information about relevant employees who represent them in their dealings with us. The member itself has arranged for the individuals concerned to consent to us collecting that data for the purpose of providing the member with the relevant services. The member (through their authorised representative or officer) can change those individual details at any time. Alternatively, the individuals may extend the general membership consent to include some specific service areas outside the broad membership scope. In that case notifying us of the changes you require or opting in or out of certain special interest service areas can be effected by the unsubscribe button or contacting us at firstname.lastname@example.org.
APP 4. Sometimes we receive personal information that we have not asked for directly from the individual concerned (unsolicited). When that happens we will determine whether that information could have been collected directly by us. If we could not have collected it directly, and the information is not part of a Commonwealth record ( e.g. a document or record held by a government agency), then we are required to destroy it or de-identify it as soon as practicable (provided that would be lawful and reasonable to do in the circumstances).
APP 5. However, if we determine that it was reasonable to have collected it directly then we will give you a notice or take steps to make you aware that we have so received it (sometimes called ‘collection notice’) and in particular :
- Who we are and how you can contact us
- If it is likely that you are not aware we have your personal information, the circumstances by which we came to collect it, and what that personal information is comprised of
- If the collection was a requirement or authorised by law, then we will identify the law and the circumstances which gave rise to us collecting it
- The purposes for which we collected and use it
- The consequences (if any) for you if we do not collect it
- Who we usually would disclose that information to and why
- How you can access it for verification alteration or removal and how and to whom you can complain if you are unhappy with the way we have handled your personal information.
For our membership, this is available in the T&Cs of our membership agreement, on-line in the Members only pages, and from your local Membership Account Executive. For other clients including individuals you may obtain detailed information from the Ai Group contact with whom you are dealing or from any Branch office of Ai Group on request.
In addition, we have to tell you if it is likely that this information will be disclosed to an overseas recipient, and if so which countries may be involved if that is practicable or at least make you aware of the fact. More about overseas recipients later in this summary.
APP 6. If we hold your personal information for a particular purpose this is the primary purpose and we cannot use it for any other reason (a secondary purpose) unless:
- you have consented to that use or disclosure; or
- you would have reasonably expected it to be used for that secondary purpose.
We will always try and get your consent wherever practicable. We also try not to deal in sensitive information like health or criminal records or matters of that kind unless it's necessary for the service we provide or we are compelled to do so for legal reasons. If we do have to collect your sensitive information then your written informed consent will be obtained before it's disclosed.
If we collect personal information from one of our related parties or they collect it from us, then the primary purpose of the collector' is considered to be the primary purpose for the related party. In this respect, as outlined in this summary and more fully in the Policy, our related parties may provide specific expert services in connection with or directly related to our membership services or they may provide those services directly to one of our clients or customers because it's a necessary part of the relationship we have with the client, members or others.
However, we cannot share your personal information with our related parties if the purpose involves direct marketing unless you have requested or consented to it.
APP 7. It is important that you be aware that the Act and particularly the APPs prohibit the use or disclosure of personal information for the purpose of direct marketing unless:
- We have collected the data directly from you and you would reasonably expect us to use or disclose it for that purpose. In that case we will always provide you with an easy way of requesting us not to bother you again with any marketing material . This is in the form of a telephone call, an email, or sometimes an electronic opt out/unsubscribe facility, provided we can verify the caller. We will immediately take steps to remove you from our marketing communications.
- We collected it from you (but you would never reasonably expect to receive marketing material from us or for your data to be disclosed for that purpose)
we collected it from someone else
in either case you have consented to the use or disclosure or it's impracticable to get your consent.
(In either of these instances we will offer you the same easy means of removing yourself from that marketing list and we will include a prominent statement in every such communication that you can request to be so removed.)
- In the case where we are a contracted service provider to a government agency under a Commonwealth contract and we have collected the personal information for the purpose of meeting our obligations under that contract and the use of your personal information is in fact necessary to so meet that obligation.
In all cases where we use or disclose personal information (whether for membership or otherwise) for the purposes of our own direct marketing or to facilitate another organisation's direct marketing, you can always request that you be removed from the marketing list and or ask us not to disclose your data to the other organisation(s) for that purpose and also require us to tell you where we got the information from. There is no charge for you to action this right.
(Note that the Spam Act and the Do Not Call Register Act both continue to apply regardless of the APPs.)
APP 8. We endeavour to bring cost effective and timely service to our membership and clients and this necessarily involves us in reviewing our providers and the providers’ service deliverables regularly. So, while most of our data is presently residing in datacentres in Australia, there may be times when your data, due to the nature of the transaction you seek with us, is available to overseas recipients for software solutions, help desk support or for simply storage purposes through contracted service providers or facilities we use that include cloud options.
We will take all reasonable steps to find out if any of our telecommunications providers or their contractors and other service providers use cloud or any service that may involve our data (which could include your personal information) being disclosed to overseas recipients, where they are located and why they may get access if the data is more than simply routed through an offshore provider. These are required by APP 8.1. But the reality and practicalities of modern technologies means that in most cases this is going to be impracticable as the breadth of service and the subcontracting within specialist fields of service puts Ai Group far from the actual datacentre provider.
So it is imperative that you be aware that by using our telecommunication facilities and specifically internet access, you will be consenting to the possibility of the data we collect for the service transaction or relationship being disclosed overseas and to unknown destinations and in that case you will have consented to APP8.1 not applying. This covers those cases where we are simply undertaking normal business activity.
Obviously if we learn of a risky destination and our providers advise us of either changes they will adopt or they want us to adopt to ensure that we maintain our high standards of security or that our data may have been put at risk, then we will take all reasonable actions to prevent the continuing possible infringement of our confidentiality and your privacy. Nevertheless, we cannot guarantee or assure you that there is no risk or that we will be able to take any remedial action.
On the other hand, if the very service or transaction you are requiring from us involves you necessarily providing us with your personal data that needs to be sent overseas, (e.g. in a trade or international service) then we will be acting as your agent in the transfer and you will need to be comfortable with the destination of, and the people who will have access to, that information. Where we can help we will certainly direct you to government sites that may provide some assistance in this respect so that you may make an informed decision about your disclosure overseas but in any case, APP8.1 will expressly not apply to Ai Group. Your consent will be part of the request for us to take the action on your behalf. If you are concerned about the potential for that personal information to be misused overseas and withdraw your consent, then we will be unable to complete the service or activity on your behalf.
APP 9. Ai Group does not use government identifiers (e.g. Medicare numbers, Tax File Numbers etc) for the purpose of identification of individuals in our membership or client base.
APP10. We use strict protocols to guard the integrity and quality of and access to the personal information we collect or hold. We review our service providers’ contracts to ensure as far as practicable that they have implemented the security measures appropriate to reasonably protect us and you from misuse, interference and loss and particularly from unauthorised access amendment or disclosure. In particular, credit card and financial information is held under strict security until able to be deleted or destroyed: unless you tell us to do so, we do not retain such information for future transactions.
We have implemented procedures that facilitate the destruction or de-identification of personal information when it is no longer necessary for the purposes for which it was collected (unless it is needed for legal reasons).
APPs 11-13. Accessing your personal information for verification amendment or removal can be effected in any of the ways mentioned above including emailing the database management (email@example.com) or a membership executive if appropriate, telephoning any of our offices, writing to the Privacy Officer at Ai Group, or when you are on line (if you are an authorised representative of a member).
There is no charge for this service and we promise to action your request as promptly as possible (subject only to the usual qualifications like legal compulsion or compliance obligations).
Finally, if you have a complaint or a concern or an enquiry, then contact us first. If we cannot help or resolve your issue, then we can offer a number of dispute resolution processes or you can apply directly to the OAIC for assistance or action. OAIC is the Office of the Australian Information Commissioner - refer to www.oaic.gov.au.
The Australian Industry Group
51 Walker Street North Sydney NSW Australia 2060
The Privacy Officer
PO Box 7622, Melbourne Victoria Australia 8004
Telephone: (+61) 1300 55 66 77
go to the contacts list on our website : www.aigroup.com.au/contact.
1 Aside from those listed in this statement, Ai Group also owns Confectionery BTW Pty Ltd which is a special purpose entity to hold intellectual property on behalf of Ai Group’s confectionary industry members.