What is the Privacy Policy?
Privacy Policy
Date of Last Update: 19 July 2021
Responsibilities
DEA’s Board is responsible for developing, adopting and reviewing this policy.
DEA’s Executive Director is responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.
Collection
DEA will:
- Only collect information that is necessary for the performance and primary function of DEA.
- Collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
- Notify stakeholders about why we collect the information and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Collect personal information from the person themselves wherever possible.
- Collect Sensitive information only with the person’s consent or if required by law. (Sensitive information includes health information and information about religious beliefs, ethnicity, gender and others).
- If DEA collects information during the course of its activities, the following conditions must be satisfied:
- the information relates solely to DEA members, Friends of DEA or to individuals who have regular contact with it in connection with its activities;
- at or before the time of collecting the information, DEA informs the individual whom the information concerns that it will not disclose the information without the individual’s consent; and
- the collection must be necessary for the establishment, exercise or defence of a legal or equitable claim.
- Determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).
Use and Disclosure
DEA will:
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses, DEA will obtain consent from the affected person.
-
In relation to a secondary purpose, use or disclose the personal information only where:
- a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
- the person has consented; or
- certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
- In relation to personal information which has been collected from a person, DEA may use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and DEA has provided an opt out and the opt out has not been taken up.
- Provide all individuals access to personal information except where it is a threat to life or health or it is authorized by law to refuse and, if a person is able to establish that the personal information is not accurate, then DEA must take steps to correct it.
- If DEA has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, the organisation may make such disclosures.
Storage
DEA will implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure. Personal information is stored electronically on a secure database.
Members’ personal information is retained for as long as their membership is active. Friends of DEA’s personal information is retained for as long as they remain a “Friend”.
Lapsed members who have not renewed will be reclassified as an ex-member after nine months and will be de-identified after two years. Their de-identified data will remain on a secure DEA database. De-identified data contains name, state, year membership commenced, and year membership ceased only. This data will be deleted at the affected person’s request.
Data handling
Access to personal information is provided only to authorized DEA personnel for the primary purpose of DEA activities. This information may not be accessed for any secondary purpose without the express consent of the individual. Access to personal information is only granted once the DEA authorized person has confirmed in writing that they have read and understood the DEA privacy policy.
A log will be kept of all people who have access to the database, including when access was granted and when it ceased.
Data Quality
DEA will take reasonable steps to ensure the information DEA collects is accurate, complete, up to date, and relevant to the functions we perform.
Access and Correction
DEA will ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
Anonymity
DEA will not process members or contacts anonymously or under a pseudonym as it is impractical for us to do so. This is an allowable exception to Australian Privacy Principles legislation.
Openness
DEA will:
- Ensure stakeholders are aware of DEA’s Privacy Policy and its purposes.
- Make this information freely available in relevant publications and on the organisation’s website.
- On request by a person, DEA must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
Feedback
If you have any questions, please do not hesitate to contact us at [email protected]