The FBIA is committed to protecting your privacy. This Statement discloses the practices by which FBIA intends to protect the quality and integrity of your personally identifiable information.
We understand how important the privacy of your personal information is to you, as such, FBIA provides the following guidelines defining how we shall deal with your personal information.
FBIA will only collect personal information that is necessary for providing those services offered on our website. We shall advise you at all times the purpose of our collection and ensure that your personal information is collected by lawful and fair means and by your express consent.
When submitting information on our site, we will collect details including your name and email address so that newsletters can be delivered to you. The information we collect is essential for us to be able to identify accurately the member requesting the newsletter service so that we may be able to respond to your request.
Information collected will be held in the strictest confidence.
- Use and Disclosure
If we hold your personal information for a particular purpose this is the primary purpose and we cannot use it for any other reason (a secondary purpose) unless:
- you have consented to that use or disclosure; or
- you would have reasonably expected it to be used for that secondary purpose.
We will always try and get your consent wherever practicable. We also try not to deal in sensitive information like health or criminal records or matters of that kind unless it’s necessary for the service we provide or we are compelled to do so for legal reasons. If we do have to collect your sensitive information then your written informed consent will be obtained before it’s disclosed.
- Data Quality
Reasonable steps will be taken to ensure that personal information which is collected, used and disclosed is relevant, accurate, complete and up to date for the purposes for which it is to be utilised.
- Data Security
In house safeguards will monitor and maintain personal information to protect against unauthorised access, misuse, alteration, destruction and loss. Furthermore, all information that the FBIA no longer requires will be destroyed or permanently de-identified to ensure continued protection of your personally identifiable information.
FBIA publicly exhibits its personal information practices and management policies. As well as making these guidelines available the FBIA will take reasonable steps to bring to your attention what information it holds, for what purposes and how it collected, uses and discloses that information, where required.
- Access and Correction
Where information is held by the FBIA regarding an individual, access will be provided upon request in a form reasonably suitable to the information held, except to the extent that;
(a) The request for access by the individual is frivolous or vexatious; or
(b) Providing access would unreasonably impact on the privacy of others; or
(c) Providing access would be unlawful; or
(d) Providing access would prejudice commercial negotiations between the individual and FBIA.
If access is denied to an individual then written reasons will be provided outlining why access has been denied.
Where an individual establishes that the information held about them by the FBIA is not accurate, complete or up to date, the FBIA will take reasonable steps to correct that information. The individual will advise the FBIA what the inaccuracies are by emailing us at firstname.lastname@example.org .
The FBIA will provide full access to all personal information you have given to us upon a formal request in writing. If you do not wish to have personal information used for a particular purpose we will not do this.
If you would like to review or make necessary corrections or remove personal information you do not wish us to retain please e-mail us at email@example.com to do so.
The FBIA does not use government identifiers (e.g. Medicare numbers, Tax File Numbers, etc) for the purpose of identification of individuals in our membership or client base.
Whenever it is lawful and practicable, individuals will have the option of not identifying themselves when entering into transactions with FBIA.
- Cross border disclosures
FBIA will not transfer personal data outside of Australia unless:
(a) the individual concerned consents to the transfer; or
(b) the FBIA has a reasonable belief that the overseas recipient is subject to similar privacy laws to Australia
(c) the transfer is necessary for the performance of a contract between the individual concerned and the FBIA
(d) the transfer is for the benefit of the individual concerned and it is not practicable to obtain the individual’s consent as to the subject matter of the information transferred.
- Web Communicator Referrals
The FBIA collects information regarding Web Communicator Referrals to enable provision of relevant content and the development of the site.
- Cookies and Browsing
Information we collect via our website contributes to the development of the site by allowing statistical analysis of users. This collection of statistical data is carried out anonymously with no attempt to identify users or monitor their specific browsing activities.
As such, in order to help us improve our customer service, we utilise cookies in order to statistically track our web sites performance. We collect anonymous information from users of our web site including monitoring the domains from which people visit and measuring visitor activity.
We will only use your disclosed personal information or information generated by cookies that you have provided to us when we have given you notification of the intended use or disclosure and you have not objected to that use or disclosure or you have specifically and knowingly provided that information to us. The FBIA will not share your personal information with individuals or organisations outside of the FBIA.
- Notifiable breaches
Part 111C of the Act deals with notifiable breaches of the Act. The FBIA has already instigated some internal controls and processes to address the identification and notification rules that will apply to us as an entity subject to the Act. While specific guidelines have yet to be issued in respect of compliance with this Part 111C, the intention is for the FBIA to ensure that in both cases where it controls the PI and where the control is vested in a third party (e.g. servers or data storage are based overseas) eligible data breaches are promptly managed in accordance with following general requirements of the Act:
- ‘eligible data breaches’ will be notified to the Information Commissioner and to relevant individuals in connection with the PI affected.
- notification is mandatory where serious harm to any of the individuals is likely. The threshold tests which trigger the notice obligations are based on an objective test of what a reasonable person would conclude.
- An ‘eligible data breach’ occurs when, in respect of personal information, credit reporting information, credit eligibility information or tax file number information, the following conditions are satisfied:
- there is unauthorised access to, or unauthorised disclosure of, the information, or where the information is lost, unauthorised access to, or unauthorised disclosure of, the information, is likely to occur; and
- a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to which the information relates (in the case of lost information assuming that unauthorised access or unauthorised disclosure were to occur).
- There are some important exceptions to notification:
- where remediation is taken that has reduced the risk of serious harm.
- Where legal enforcement obligations or secrecy provisions apply
- If a notifiable breach occurs which is not subject to an exception or exemption, then we must issue the notification of breach to the individuals affected. Where the actual identity of a single individual is not the issue (i.e. where a group of individuals or a class of persons in a data holding centre may have been subject to a breach) then the statement will be published on our website and in any other format required by the OAIC without identifying the individuals themselves.