Sinapius Vineyard understands the importance the community places on confidentiality of individuals’ personal and/or sensitive information. This extends to the collection and management of information held in our records regarding individuals.
The Privacy Amendment (Private Sector) Act 2000, effective 21 December 2001, sets out guidelines that regulate how private sector organisations should treat personal and/or sensitive information they collect, use, handle or store. What do the National Privacy Principles do?
The NPPs set minimum standards for:
- collection, use and disclosure of personal information which could identify a person
- quality, security and storage of that information
- giving an individual access to their information
- transferring information offshore, and
- special categories of information such as ‘sensitive’ information and ‘health’ information.
What’s personal information?
- Information or an opinion about an individual whose identity is apparent or can be ascertained from that information or opinion.
- This includes names, addresses, telephone numbers, age and email address.
What’s sensitive information?
This includes information about:
- racial or ethnic origin
- political opinion or association
- trade union or professional association membership
- religious beliefs or philosophical beliefs
- sexual preferences
- criminal record
- health information.
What are the National Privacy Principles?
The National Privacy Principles establish 10 principles to which an organisation must comply in regard to personal and sensitive information.
- Collecting information
- Using and disclosing information
- Data quality
- Data security
- Access and correction
- Transborder data flow
- Sensitive information
1. Collecting information
Personal and sensitive information is only collected as is reasonably necessary to enable Sinapius to maintain its activities and deliver services to the community.
Personal information about an individual should only be collected with the individual’s consent. Collection will be undertaken by a method which is fair, lawful and not unreasonably intrusive. Individuals from whom personal information is collected are to be made aware of:
- Sinapius contact details
- the primary purpose for which the information is collected
- any possible secondary purpose for which the information may be used
- the names of the organisations or types of organisations to which we disclose information of any nature (if any)
- the ability of individuals to access the information held on themselves.
2. Using and disclosing information
Information will only be used or disclosed for the primary purpose for which it was collected. In some instances, information provided by individuals may be used to keep them better informed about Sinapius activities and services, such as by way of a newsletter. Individuals have the right to opt out of receiving such additional mailings.
Personal information about an individual will not be used or disclosed for a secondary purpose unless:
- the purpose is closely related to the primary purpose and the individual would reasonably expect the information to be used in that way; or
- the information is health information and its use is necessary for records or statistical analysis relevant to public health; or
- the individual has consented (recognising the competence to consent); or
- Design Tasmania has a legal obligation to disclose personal information which overrides the provisions of the primary legislation.
- Design Tasmania will not sell or exchange or release personal information about an individual for commercial gain.
3. Data quality
Reasonable steps will be taken to ensure information collected and used is complete, accurate and up-to-date.
4. Security of information
- Reasonable steps will be taken to protect personal information from misuse, loss, unauthorised use, modification or disclosure.
- Personal information will be destroyed or permanently de-identified when it’s no longer needed for the purpose for which it was collected.
- Sinapius’ website uses secure technology for online transactions to protect credit card information.
- Our websites contain links to other websites. Design Tasmania does not accept responsibility for the privacy practices or the content of linked websites.
5. Openness of information
- Reasonable steps will be taken to allow any person, on request, to ascertain generally what sort of personal information is held, for what purpose, how it was collected, stored and used.
6. Accessibility of information
Information held on individuals is accessible to them on request (except where frivolous and vexatious) and will generally be available free of charge. Reasonable steps will be taken to ensure the information provided is accurate and up-to-date.
Identifiers used will be unique to Sinapius.
To the extent possible, individuals will be given the option of not identifying themselves when dealing with Sinapius.
9. Transborder data flow
Sinapius will not sell, exchange or release personal information.
10. Sensitive information
Sinapius doesn’t collect sensitive information about individuals unless:
- we have the consent of the individual; or
- the information is collected in the course of Sinapius activities where the individual is in regular contact in relation to those activities and the individual understands that the information will not be disclosed without consent; or
- the information is necessary for research relevant to public health, compilation or analysis of public health statistics, or the management or monitoring of a health service and that purpose cannot be served by collection of non-identified information and it’s impracticable to seek the individual’s consent.
- Personal and/or sensitive information will be collected and maintained on confidential databases maintained by Sinapius in support of its activities and service provision.
- Staff and volunteers who may have access to personal and/or sensitive information in the course of their duties will respect its confidentiality and not disclose the information to any non Sinapius third party.
- Breaches of confidentiality by staff will be dealt with in accordance with the conditions of appointment to the staff of Sinapius.
Cookies are small text files (with no executable code) stored by a browser on the user’s machine. This site makes use of a third-party Google Analytics cookie to track anonymous traffic data, for the purposes of evaluating and improving the site. We also use various first-party cookies for managing secure access areas, multi-step forms, polls and some other functions.
Grievance procedure relating to the Privacy Act
- Complaint registered by an individual. This must be in writing.
- Complaint given to the Privacy Manager for assessment and investigation in consultation with the General Manager.
- Written response sent to individual within 7 days of complaint being received.
- If our response is found to be unacceptable to the individual, we may suggest conciliation or arbitration on the matter.
- If the individual makes a formal complaint to the Privacy Commissioner, the Chief Executive Officer is to be the respondent on behalf of Sinapius.
This policy was last modified on 13/12/15
Sinapius, 4232 Bridport Road, PIPERS BROOK TASMANIA 7254. email firstname.lastname@example.org