Introduction
Australian Plays Transform (APT) is committed to protecting the privacy of personal information which the company collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
Purpose
The purpose of this document is to provide a framework for APT in dealing with privacy considerations.
Policy
APT collects and administers a range of personal information for the purposes of providing services, information and programs in relation to playwriting; to fundraise for and market the company’s activities; and evaluation and reporting. The company is committed to protecting the privacy of personal information it collects, holds and administers.
APT recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand, and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and also reflected in our Privacy Policy, which is consistent with the Privacy Act 1988 (Cth) (‘Privacy Act’)in force at the date of this document.
APT has adopted the following principles as minimum standards in relation to handling personal information, for the avoidance of doubt, to the extent of any inconsistency between this framework and PWA’s Privacy Policy, the Privacy Act should be preferred.
Responsibilities
APT’s Board is responsible for developing, adopting and reviewing this policy.
APTs General Manager is responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.
Processes
Collection
APT will:
- Only collect information that is necessary for the performance and primary function of APT.
- Notify stakeholders about why we collect the information and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Collect personal information from the person themselves wherever possible.
- If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
- Collect Sensitive information only with the person’s consent. (Sensitive information includes information about, race, gender, experience of disability).
- Determine, where unsolicited information is received, whether the personal information could have been collected in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information).
Use and Disclosure
APT will:
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose.
- For other uses, APT will obtain consent from the affected person.
- In relation to a secondary purpose, use or disclose the personal information only where:
- a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
- the person has consented; or
- certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety.
- In relation to personal information which has been collected from a person, use the personal information for communications, where that person would reasonably expect it to be used for this purpose, and APT has provided an opt out and the opt out has not been taken up.
- In relation to personal information which has been collected other than from the person themselves, only use the personal information for communications if the person whose personal information has been collected has consented (and they have not taken up the opt-out).
- State whether the information is sent overseas and further will ensure that any overseas providers of services are as compliant with the Privacy Act as far as is practicable.
- Provide all individuals access to personal information (except where it is a threat to life or health or it is authorized by law to refuse) and, if a person is able to establish that the personal information is not accurate, then APT must take steps to correct it.
- Where for a legal or other reason we are not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties.
- Make no charge for making a request for personal information, correcting the information or associating a statement regarding accuracy with the personal information.
Storage by APT
- APT will implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure.
- Before APT discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant.
- APT will have systems which provide sufficient security.
- Ensure that APT’s data is up to date, accurate and complete.
Destruction and de-identification of data by APT
- APT will destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned computers.
- Change information to a pseudonym or treat it anonymously if required by the person whose information APT holds and will not use any government related identifiers unless they are reasonably necessary for our functions.
Data Quality
APT will:
- Take reasonable steps to ensure the information it collects is accurate, complete, up to date, and relevant to the functions we perform.
Data Security and Retention
APT will:
- Only destroy records that are not required to be kept.
- Destroy sensitive personal data 5 years after it has been acquired.
- Retain contact details opted into for communications and fundraising purposes.
Access and Correction
APT will:
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
Anonymity
- Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.
Making information available to other organisations
APT can:
- Release information to third parties where it is requested by the person concerned.
PLAYWRITING AUSTRALIA’S PRIVACY POLICY
Your privacy is important
This statement outlines Playwriting Australia’s (PWA) policy on how PWA uses and manages personal information provided to or collected by it.
PWA is bound by the Australian Privacy Principles contained in the Privacy Act 1988 (Privacy Act).
PWA may, from time to time, review and update this Privacy Policy.
What kind of personal information does PWA collect and how does PWA collect it?
The type of information PWA collects and holds includes (but is not limited to) personal information, including sensitive information, about:
- Personal contact details.
- If provided, how an individual identifies in terms of gender, community, ethnicity or experience of disability.
- Donations made to the company.
- Professional history.
- Tax File Number Declarations by employees.
Personal Information you provide
PWA may collect personal information held about an individual by way of formal submissions to PWA programs, directly from an individual via the company’s website, email, telephone or survey. You do have the right to seek to deal with us anonymously or using a pseudonym, but in many circumstances it will not be practicable for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people
In some circumstances PWA may be provided with personal information about an individual from a third party, for example a collaborating partner on a partnership project. In these circumstances, the person providing this information must ensure that that other person consents to us collecting and using their personal information in accordance with this Policy.
In relation to employee records and Tax File Number Declarations
PWA does not record, collect, use or disclose Tax File Number (TFN) information unless this is permitted under taxation, personal assistance or superannuation law. PWA restricts access to records containing TFN information to those staff who need to handle it-for example to process wages and salaries.
PWA retains TFN information, copies of tax file number declarations and withholding declarations, for a period of 5 years as currently required by the Australian Tax Office (Income Tax Assessment Act 1936, Taxation Administration Act 1953). After this time these records are securely destroyed and are not retrievable.
Job applicants, staff members and contractors
In relation to personal information of job applicants, staff members and contractors, PWA’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor, as the case may be.
The purposes for which PWA may use personal information of job applicants, staff members and contractors includes:
- for insurance purposes;
- for employment agreement purposes;
- for payment purposes;
- to satisfy PWA’s legal obligations.
Where PWA receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
Volunteers
PWA also obtains personal information about volunteers personally who assist the company in its functions or conduct associated activities, so as to enable PWA and the volunteers to work together.
How will PWA use the personal information you provide?
PWA will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and that you would reasonably expect, or to which you have consented.
By providing us with your personal information, you consent to receiving communications directly from us to let you know about activities or programs that that may be of interest to you by post, e-mail, telephone call or sms. If you do not want to receive these communications from us, you can opt-out at any time using the opt-out mechanism provided or by contacting the General Manager.
Marketing and fundraising
PWA treats marketing and seeking donations for the future growth and development of PWA as important. PWA is committed to protecting and
maintaining the privacy, accuracy and security of all supporter information, including the financial level of their support.
Who might Playwriting Australia disclose personal information to?
Third parties that we may disclose personal information to include:
- government and regulatory authorities, where we are required or authorised by law to do so by law; and
- contractors who provide services to us, including mailing services, marketing functions, or technology, data or website services.
If we disclose information to a third party, we require that the third party protects your information to the same extent that we do.
We will not disclose personal information for any reason other than those set out above without sufficient consent, unless disclosure is to prevent a threat to life or serious illness or is required by law or for the investigation of suspected unlawful activity.
If at any point we decide to use your information in a manner different from that stated at the time it was collected, you will be notified. You will have a choice as to whether your information is used in this different manner.
Sending information overseas and Storage:
APT will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
However, APT may store your personal information in paper-based form or electronically in our systems or in a database maintained by a cloud hosting service provider or other third party database storage or server provider which may be located outside Australia. It is not practicable to identify the countries in which cloud hosting service providers are likely to be located.
Hard copy information is generally stored in our offices, which are secured to prevent entry by unauthorised people. We will take steps to ensure that your stored personal information will be afforded the level of protection required of us under and in accordance with this Privacy Policy.
Management and security of personal information
APT’s staff are required to respect the confidentiality of personal information and the privacy of individuals.
APT has in place steps to protect the personal information the company holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
Online Donations
While the online facility enabling financial donations to APT via our website is secure and encrypted, transmissions over the Internet are never 100% secure or error-free. Information is not otherwise stored or retained, expect as set out in this Policy.
Updating personal information
APT endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by the companyby contacting the General Manager at any time.
Under the Privacy Act, an individual may have a right to obtain access to any personal information which APT holds about them and to advise APT of any perceived inaccuracy. To make a request to access any information APT holds about you, please contact the General Manager in writing.
APT may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, APT may charge a fee to retrieve and copy any material.If the information sought is extensive, APT will advise the likely cost in advance, but it will not exceed our reasonable costs of assessing your request and providing access.
How long will APT keep my information?
Information is destroyed or permanently de-identified when it is no longer required for any purpose for which it was collected, or when we are no longer required by law to retain it.
Notifiable Data Breaches
- The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) established the Notifiable Data Breaches (NDB) scheme in Australia.
- The NDB scheme creates an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The Australian Information Commissioner (Commissioner) must also be notified of eligible data breaches.
- In APT’s case, a Notifiable Data Breach may pertain to the unauthorised access to, misuse, loss or theft of Tax File Number Information of employees, staff and contractors.
Response Plan
APT will undertake an assessment when it becomes aware of a Data Breach and will ascertain whether the event is a Notifiable Data Breach. There will be a 3 step assessment process:
- Initiate: decide whether an assessment is necessary and identify which person or people will be responsible for completing it;
- Investigate: quickly gather relevant information about the suspected breach including, for example, what personal information is affected, who may have had access to the information and the likely impacts, and;
- Evaluate: make a decision, based on the investigation, about whether the identified breach is an eligible data breach.
If an assessment establishes there has been a serious data breach then APT will immediately notify affected individuals and the Commissioner.
APT will take immediate steps to contain the data breach to prevent further compromise of personal information.
APT will review the incident and establish what remedial action can be taken and what actions can be taken to prevent future breaches.
Enquiries and privacy complaints
If you would like further information about the way APT manages the personal information it holds, please contact the APT at hello@apt.org.au If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the General Manager who will first deal with you usually over the phone. If we then have not dealt satisfactorily with your concerns we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email: enquiries@oaic.gov.au
- tel: 1300 363 992
- fax: +61 2 9284 9666