Policy and Purpose
HILT CRC is committed to complying with the National Privacy Principles set out in the Privacy Act 1988 (Cth) (Privacy Act) by:
a) setting out the principles applying to the handling of personal information collected, used, stored and disclosed by HILT CRC; and
b) outlining HILT CRC’s adoption of the requirements of Australian Privacy Principles (APP) (schedule to the Privacy Act) and the European Union General Data Protection Regulation (GDPR).
- HILT CRC’s CEO and Board has oversight of this policy.
- The Chief Operating Officer will fulfil the role of the privacy officer under the Australian Privacy Principles (as applied by this policy) and the data protection officer under the General Data Protection Regulations (EU).
- Any Board member, employee, contractor, volunteer, visitor or student who collects, uses, stores or transmits personal information for, or on behalf of, HILT CRC must comply with this policy.
3. TYPES OF PERSONAL INFORMATION COLLECTED
The personal information which HILT CRC collects and holds will depend on the nature of your interaction with us but generally includes:
- Your name.
- Contact details (such as your phone number, address and email address) and general information about your business operations.
- It may also include credit card details if you are attending a paid event, including dietary requirements.
- Information from your résumé if we require these details for an event or for responding to a job application. We will ordinarily identify at the time of collecting your personal information which elements we require to facilitate your interaction with HILT CRC.
4. METHOD OF COLLECTION OF PERSONAL INFORMATION
HILT CRC will only collect personal information that is necessary for our purposes, and we will endeavour to only collect personal information if you choose to provide it yourself, for example in person, over the telephone, by post or email, via the HILT CRC website or by completing online or hard copy forms. However, there may be occasions when HILT CRC collects your personal information from someone else, such as when we engage a third party to assist us with a program or event with other partners or consultants.
HILT CRC may at times need to collect personal information for activities not specifically outlined in this policy, and where reasonable, the purpose for which we collect personal information will be made clear at the time of collection.
HILT CRC also automatically collects certain information when you visit the HILT CRC website. Such information includes your browser type, server address, operating system type, your IP address, how and when you use the HILT CRC website and previous websites visited.
HILT CRC uses this information on an anonymous basis and does not use it to personally identify you unless required to do so by law.
You do not have to provide your personal information to HILT CRC but, if you do not provide the information requested, HILT CRC may not be able to provide you with its products and services.
5. PURPOSES FOR HOLDING AND USING PERSONAL INFORMATION
HILT CRC uses the personal information that it collects for the purposes for which it was provided
to HILT CRC to carry out its business purposes (which are detailed generally on HILT CRC’s website (www.hiltcrc.com.au), provide information to our partners, marketing or / conduct our research, to fulfil its legal obligations, other related purposes or as permitted or required by law.
Where HILT CRC documents request personal information, HILT CRC will state the general purposes for its use and to whom it may be disclosed, and the main consequences, if any, if the information is not provided. HILT CRC’s general purposes may include:
- Providing products and services that you have requested and responding to your enquiries.
- Administering HILT CRC’s programs and dealing with stakeholders.
- Conducting specific projects in which you have chosen to participate.
- Administering competitions and events.
- Including your details in publicly available databases on the HILT CRC website.
- Student details including name, contact details, social media addresses, photographs, tax file numbers and other government related identifiers, grades and awards, prior studies, placements and information resulting from HILT CRC’s processes involving a student (e.g. investigation for academic misconduct, academic appeals).
- Individuals related to, or associated with, students (e.g. emergency contacts, medical practitioners), including name and contact details.
Prospective student details including name, contact details, grades and awards, prior studies and information resulting from HILT CRC’s processes involving the prospective student (e.g. recognition of prior learning).
- Direct marketing: HILT CRC may collect and use personal information (other than sensitive information) provided by an individual or accessed through HILT CRC’s website including by using tools such as cookies and pixels and use this information for marketing. HILT CRC will only use sensitive information for direct marketing with the consent of the individual to whom the information relates.
HILT CRC will provide individuals with a simple means to ‘opt out’ of receiving direct marketing or other communications. If an individual opts out of receiving direct marketing communications from HILT CRC, these communications will cease within a reasonable time of the request. This does not apply to information that we are legally required to send such as complying with legal requirements.
6. YOUR DATA PROTECTION RIGHTS?
We would like to make sure you are fully aware of all of your data protection rights.
You are entitled to the following:
- The right to access – you have the right to request from HILT CRC copies of your personal data. We may charge you a small fee for this service.
- The right to rectification – you have the right to request that HILT CRC correct any information you believe is inaccurate. You also have the right to request HILT CRC to complete information you believe is incomplete.
- The right to erase – you have the right to request that HILT CRC erase your personal data, under certain conditions.
- The right to restrict processing – you have the right to request that HILT CRC restrict the processing of your personal data, under certain conditions.
- The right to object to processing – you have the right to object to HILT CRC processing of your personal data, under certain conditions.
- The right to data portability – you have the right to request that HILT CRC transfer the data that we have collected to another organisation, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us via email, phone or post using the below contact details.
Whenever possible, HILT CRC will provide reasons for denial of access or a refusal to correct personal information or comply with any of the above listed rights.
7. DISCLOSURE OF PERSONAL INFORMATION
Generally, HILT CRC will obtain consent before it discloses any personal information other than as specified in this policy. Such consent may be given expressly, or it may be implied by conduct.
Depending on the product or service, your personal information may be disclosed to:
a) HILT CRC’s related entities and representatives for the purpose of HILT CRC business only.
b) External service providers (on a confidential basis and such service providers will be limited in their use of the information to the purpose of HILT CRC’s business only). Service providers can include and are not limited to information technology providers and marketing service providers located in Australia or overseas.
c) Specialist advisers to HILT CRC who have been engaged to provide HILT CRC with legal, administrative, financial, insurance, research, marketing or other services; and
d) Any other person authorised, implicitly or expressly, when the personal information is provided to or collected by HILT CRC.
e) HILT CRC may also publish its disclosure practices in relation to specific products or services that it provides.
a) the use or disclosure is necessary to:
- satisfy a contract to which you are a party;
- comply with a legal obligation;
- save somebody’s life; or
- perform a task in the public interest or to carry out some official function;
b) you have consented to the use or disclosure, or the disclosure is to you; or
c) we have a legitimate interest to use or disclosure your personal data.
8. SECURITY OF PERSONAL INFORMATION
HILT CRC takes reasonable steps to protect personal information it holds from misuse, loss and interference and from unauthorised access, modification or disclosure. Accordingly, personal information will be stored by HILT CRC in hard copy records and/or on our electronic database. Regardless of the storage medium, all personal information is securely maintained at HILT CRC’s facilities and electronic information is protected by various data protection measures not limited to password security.
HILT CRC utilises skilled providers to minimise cyber security risks. The key security framework aligns with the Australian Cyber Security Centre Essential Eight Maturity Model which are a series of security/ access controls designed to minimise the risk of malware execution, identify theft and data exfiltration.
HILT CRC will not keep personal information for longer than needed for the purpose for which we collected it. Accordingly, we will keep your personal data for 10 years maximum. Once this time period has expired, we will delete your data by destroying any physical and electronic records.
9. SENSITIVE INFORMATION
HILT CRC does not generally collect any sensitive information as that term is used in the privacy legislation (including information relating to racial or ethnic origin, membership of political bodies, religion or trade unions, sexual preferences or activities, criminal record, state of health or medical history).
HILT CRC will only collect sensitive information where required by law or with consent. If HILT CRC holds any sensitive personal information, that information will only be used and disclosed by HILT CRC for the purpose for which it was provided.
If HILT CRC asks for sensitive information, HILT CRC will explain the reason for this.
10. ACCESS TO PERSONAL INFORMATION
A person may request access to personal information that HILT CRC holds about them by contacting HILT CRC using the contact details below.
HILT CRC will process such requests within a reasonable time and may charge a fee for providing access to cover the costs of verifying the application and retrieving the information requested. If HILT CRC denies an access request, it will provide reasons for doing so.
11. TRANSBORDER DATA FLOWS
HILT CRC will only transfer your personal information outside of Australia in accordance with the APPs, for example, if you consent to such a transfer, or if the law otherwise requires or allows HILT CRC to do so. Whilst, our data storage will generally reside in Australia, we may be required to transfer or back-up your personal information outside of Australia as part of our online secure data storage arrangements. Whilst we have provided examples, note that it is not practicable to currently provide you with the names of all the possible countries to which this applies.
12. CORRCETION OF PERSONAL INFORMATION
HILT CRC will take reasonable steps to ensure the personal information it holds is accurate, complete and up to date.
HILT CRC should be promptly notified if there are any changes to an individual’s personal information by contacting HILT CRC using the contact details below.
13. HOW TO MAKE A COMPLAINT
If you wish to make a complaint about a breach of this policy or the Australian Privacy Principles set out in the Privacy Act 1988 (Cth), you can contact HILT CRC using the contact details below. You will need to provide enough details regarding your complaint as well as any supporting evidence and information.
HILT CRC will refer your complaint to its Privacy Officer who will investigate the issue and determine the steps that HILT CRC will undertake to resolve your complaint. HILT CRC will contact you if it requires any further information from you and will notify you in writing of the outcome of the investigation. If you are not satisfied with HILT CRC’s determination, you can contact HILT CRC to discuss your concerns or contact the Australian Privacy Commissioner via www.oaic.gov.au
14. DATA BREACH
Accordingly, you should maintain good internet security practices. Where we have given you (or where you have chosen) a password which enables you to access our services or parts of our site, you are responsible for keeping this password confidential. You should not share your password with anyone. If you think that any of your accounts have been compromised you should change your account credentials with us, and in particular, make sure any compromised account does not allow access to your account with us. The information you share in public areas may be viewed by other users. We’ll never email you to ask for your password or other account login information. If you receive such an email, please send it to us so we can investigate.
In the unlikely event that we have reasonable grounds to believe an eligible data breach has occurred (in accordance with the Privacy Act), we will promptly notify the Office of the Australian Information Commissioner and any individual at risk of serious harm. In such circumstances, we will follow our internal Data Breach Response Plan which will facilitate a swift response to the breach and ensure that all our legal obligations are met.
15. CHANGES TO THIS POLICY
HILT CRC may amend this policy from time to time, and the amended policy will be published on HILT CRC’s website. Please review HILT CRC’s website periodically for changes to this policy. Your continued use of HILT CRC’s website or services or provision of further personal information to HILT CRC once this policy has been amended constitutes your acceptance of the amended policy.
16. CONTACT HILT CRC
Chief Operating Officer