Under the Privacy Act 1988 (“the Act”), xpand Foundation is required to comply with 10 National Privacy Principles (“NPPs”). These regulate how personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal. Personal information is defined in the Act as: • information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Collection of personal information (NPP 1 & 10)
To the extent required by the Act:
• We will not collect personal information about you unless that information is necessary for one or more of its functions
• We will collect personal information about you only by lawful and fair means and not in an unreasonably intrusive manner.
• When we collect personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us.
• We will collect your personal information directly from you where it is reasonable and practicable to do so.
• Where we collect information about you from a third party (for example if you authorise a parent, spouse or partner to register for a module on your behalf), We will still take reasonable steps to ensure that you are made aware of the details set out above.
Use and disclosure of personal information (NPP 2)
To the extent required by the Act, we will only use or disclose your personal information for a purpose (the “secondary purpose”) other than the purpose for which it was originally collected (the “primary purpose”) where:
• the secondary purpose is related to the primary purpose (or is directly related, in the case of sensitive information), and you would reasonably expect us to use or disclose your personal information for that secondary purpose; or
• you have consented to the use or disclosure of your personal information for the secondary purpose; or
• the use or disclosure is required or authorised by or under law; or the use or disclosure is otherwise permitted by the Act.
Security and quality of your personal information (NPP 3 & 4)
We are committed to ensuring that personal information is held securely. To the extent required by the Act, we will take reasonable steps to:
• ensure that any personal information we collect, uses and discloses is accurate, complete and up to date;
• protect the personal information that we hold from misuse, loss, unauthorised access, modification or disclosure: and
• destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Act.
You can help us to keep the personal information that it holds accurate, complete and up to date, by letting us know about any changes to your personal information, such as your name and address.
Access to and correction of your personal information (NPP 5 & 6)
You have the right to access the personal information that we hold about you, subject to any exceptions in the Act.
A charge may apply for providing such access. You may also request that personal information which we hold about you be corrected. Please contact us by email at the following address if you would like to access or correct personal information that we hold about you: firstname.lastname@example.org
Commonwealth Government identifiers (NPP 7)
We will issue our own identification numbers and will not use Commonwealth government identifiers (such as Medicare numbers) as our own identifier of individuals.
Anonymity (NPP 8)
We will provide you with the option of not identifying yourself when it is lawful and practicable to do so. For example, you may search our programs, gain background information about us and explore the public features of the website without making your identity known to us.
Transborder data flows (NPP 9)
If we transfer your personal information outside Australia (for example, to an approved study centre outside of Australia), xpand Foundation will comply with requirements of the Act that relate to transborder data flows.
Sensitive information (NPP10)
We will not collect sensitive information about you without your consent unless that collection is otherwise permitted by the Act.