Privacy Amendment (Private Sector) Act 2000
In December 2000, the Commonwealth Government enacted privacy legislation, which commenced on 21 December 2001 and amended the Privacy Act (implementing the National Privacy Principles) to include provisions that regulate the way private sector organisations collect, use, disclose, keep secure and provide access to personal information.
In 2012, the Commonwealth Government passed another legislation, Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) to introduce, effective from 12 March 2014, 13 Australia Privacy Principles replace the National Privacy Principles and the Information Privacy Principles.
Yoga XTC acts to protect your personal information in accordance with the Australian Privacy Principles.
The information in this document details how we comply with the requirements of the Privacy Act in protecting the personal information we hold about you.
What is “personal information”?
Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Sensitive information, which is included in the definition of “personal information”, means or an opinion about an individual’s:
- racial or ethnic origin; or
- political opinions; or
- membership of a political association; or
- religious beliefs or affiliations; or
- philosophical beliefs; or
- membership of a professional or trade association; or
- membership of a trade union; or
- sexual preferences or practices; or
- criminal record;
- health information; or
- genetic information that is not otherwise health information.
What we collect
Personal information collected by Yoga XTC generally comprises name, address, date of birth, gender, marital status, occupation, identifier where client is referred by third parties, contact details (including telephone, facsimile and e- mail), and health information relevant to the provision of our services.
Why we collect information
Personal information is collected so that we may:
- Provide services to our clients as referred to us from Allied Health Professionals;
- To recommend the most efficient and safe training and nutrition programs to clients;
- To consider all interested persons, being employment candidates, for any employment opportunities that arise with Yoga XTC;
- Administer our client relationships;
- Monitor and evaluate our service delivery and client satisfaction;
- Assisting clients with queries
Use and Disclosure
Yoga XTC will only use and disclose information for the primary purpose it was collected, or for a secondary purpose when it can be demonstrated that it is relevant to the primary purpose.
Generally this will mean;
- you will have a reasonable expectation that Yoga XTC may use and/or disclose such information for the secondary purpose; or
- you, or if unable, your authorised or legal representative, has given consent; or
- such use and/or disclosure is required, authorised or permitted under law, or for lawful action, or for the prevention of unlawful activity; or
- a permitted health situation exists in relation to the secondary use or disclosure of the information by Yoga XTC;
- the use and/or disclosure is for statistical purposes; or
- the use and/or disclosure is necessary to lessen or prevent a serious and imminent threat to the life, health, safety or welfare of an individual or the public; or
- the disclosure to an immediate family member is necessary to provide appropriate health services to, or care of, the individual, or for compassionate reasons.
Yoga XTC may request the use of client images and/ or name for promotional purposes. Yoga XTC will only do this if the client has consented to this by signing a Consent to Use Pictures or Name. Completed consent forms will be stored in the client’s file.
What if you provide incomplete or inaccurate information?
We may not be able to provide you with the services you are seeking or where you are an employment candidate, we will not be able to assess your suitability for employment opportunities available within Yoga XTC.
How we collect information
Obtaining your consent
In most cases, Yoga XTC staff member obtains your consent to the purposes for which it intends to use and disclose your personal information.
If you do not give us consent, we may not be able to provide you with the services you want. This is because it may be impossible for us to adequately assess your needs in order to provide the services that you require.
Having provided consent, you are ableto withdraw it at any time. To withdraw consent, please contact the Yoga XTC office on +6138528 1001. Please note that withdrawing your consent may lead to Yoga XTC no longer being able to provide you with the service you enjoy given that, as mentioned above, it is impossible for us to appropriately provide services to you.
Information collected from someone else
In some cases, your personal information may be provided to us by agents, or by family members or friends. We will take reasonable steps to let you know that we have your personal information, unless it is obvious from the circumstances that you know or would expect us to have the information, such as an Allied Health professional who referred you to us. Reasonable steps may include asking the person who gave us your information to let you know that we have that information.
How we hold personal information
All information collected by Yoga XTC are stored on our network where access is limited to employees or contractors who are involved in the management, provision and monitoring of services we provide to you. If you are an employment candidate, your information will only be stored on Yoga XTC’s system and accessed by Yoga XTC’s recruitment officer, the relevant co- ordinator for the role you applied for and management personnel.
Who we may communicate with
In order to provide services to clients, we need to communicate with:
- your referee (to confirm details about you) and other service providers who engage Yoga XTC to provide services to you;
- if required or authorised to do so, regulatory bodies and government agencies;
- health practitioners (to verify or clarify, if necessary, any health information provided to Yoga XTC);
- Allied Health care professionals where their specialized skills are required to provide services to you;
- Other organisations who in conjunction with us provide services to you.
With respect to assessing employment candidates, we may need to:
- communicate with your referees (to confirm details about you) when you apply for an employment position with Yoga XTC;
- communicate with health practitioners (to verify or clarify, if necessary, any health information provided to Yoga XTC);
In all circumstances where personal information may become known to our contractors, agents and outsourced service providers, there are confidentiality arrangements in place. Contractors, agents and outsourced service providers are not able to use or disclose personal information for any purposes other than our own.
Yoga XTC takes its obligations to protect customer information very seriously and we make every effort to deal only with parties who share and demonstrate the same attitude.
Disclosure required by law
We may be required to disclose customer information by law.
Disclosure as a result of your actions
There may be circumstances in which we consider you, by your actions, to have released us from our duty of confidentiality or to have consented to the disclosure of information about you without actually saying so (for example, if you discuss your circumstances publicly to the media,in such a way as to leave us with little alternative but to respond publicly).
Anonymity and Pseudonymity
We are happy to respond to queries made anonymously or by pseudonym as we do not collect personal information of individuals unless it is reasonably necessary for one or more of our functions or activities.
General enquiries with respect to the services we provide can generally be made anonymously or by pseudonym without the need for you to disclose any personal information. We do not record telephone conversations unless we advise you before you proceed with your enquiry and at which point you can request to remain anonymous. We do not keep copies of general enquiry voice messages left on our answering machines or store information provided on our online forms by prospective clients. We may de-identify such information and use the same for statistical analysis as to the demand for the various services that we provide.
When, however, you engage Yoga XTC to provide services to you, we will not be able to assess your circumstances or deliver the services that you desire without collecting personal information from you.
Personal information quality
Online Collection of information via website activity
For statistical purposes we collect information on web site activity (such as the number of users who visit our web sites, the date and time of visits, the number of pages viewed, navigation patterns, what country and what systems users have used to access the site and, when entering our web site from another web site, the address of that web site) through the use of ‘cookies’. This information on its own does not identify an individual but it does provide Yoga XTC with statistics that can be used to analyse and improve their web sites.
A ‘cookie’ is a packet of information that allows the server (the computer that houses the web site) to identify and interact more effectively with your computer.
When you use one of our web sites, we send you a cookie that gives you a unique identification number. A different identification number is sent each time you use one of our web sites. Cookies do not identify individual users, although they do identify a user’s browser type and your Internet Service Provider (ISP).
You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our web sites.
To evaluate the effectiveness of our web site advertising, we may use third parties to collect statistical data. No personal datails collected on these occasions.
We may monitor and record telephone calls for training and security purposes.
Our goal is to ensure that the personal information we hold is accurate, complete and up-to-date. Please contact us if any of the details you have provided change. Please also contact us if you believe that the information we have about you is not accurate, complete or up-to-date.
We may take steps to update personal information, for example, an address, by collecting personal information from publicly available sources, for example, telephone directories or electoral rolls. Identification number is sent each time you use one of our web sites. Cookies do not identify individual users, although they do identify a user’s browser type and your Internet Service Provider (ISP).
Links to other websites
Our web sites may contain links to other web sites. Whilst such links are provided for your convenience, you should be aware that the information handling practices of the linked web sites might not be the same as ours.
Personal information security
We are committed to keeping secure the personal information you provide to us. We take all reasonable precautions to protect the personal information we hold about you from misuse and loss and from unauthorised access, modification or disclosure.
We have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them.
Our security measures include, but are not limited to:
- practising a clean desk policy in all premises occupied by Yoga XTC and providing secure storage for physical records; and
- employing physical and electronic means such as alarms and guards (as required) to protect against unauthorised access to buildings.
Where information we hold is identified as no longer needed for any purpose we ensure it is effectively and securely destroyed,for example, by shredding in the case of paper records or by degaussing (demagnetism of the medium using alternating electric currents) and other means in the case of electronic records and equipment.
- educating our staff as to their obligations with regard to your personal information;
- requiring our staff to use passwords and/or smartcards when accessing our systems.
Access to personal information
Changes to our privacy and information handling practices
Yoga XTC may make changes to its privacy and information handling practices from time to time for any reason. We will publish those changes on our web sites and, if there are important changes or a lot of minor changes, by updating this document.
This document is dated 19 May 2015.
To opt–out of receiving marketing information altogether, you can:-
- ‘tick the box’ on the relevant form when you apply for a product or service; or
- call us on +61 (3) 8528 1001
You can request us to provide you with access to the personal information we hold about you or amend personal information we hold on you.
How to gain access
Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled over the telephone.
With regards to request for access to more substantial amounts of personal information, such as details of what is recorded in your loan file, we will require you to complete and sign the attached ‘Request for Access to Personal Information under the Australian Privacy Principles’ form, and either email it to the office manager at firstname.lastname@example.org, or hand it in to Yoga XTC offices at 54 Wilson Street, South Yarra.
Responding to an access request
We will respond to your access request as soon as possible. We will endeavour to comply with your request within 14 days of its receipt but, if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within 30 days. It will help us provide access if you can tell us what you are looking for. Your identity will be confirmed (including by verifying your signature) before access is provided.
An access charge may apply
An access charge may apply, but not to the request itself. The charge is for the time we spend on locating, collating and explaining the information you request (generally based on a rate of $60 per hour or part thereof) plus any photocopying costs and out of pocket expenses (such as freight and travelling costs).
Requests may be denied or limited
If particular circumstances apply, we are permitted by the Privacy Act to deny your request for access, or limit the access we provide. We will let you know why your request is denied or limited. Some instances where we may deny access will be:
- where giving access will reveal evaluative information generated within Yoga XTC in connection with a commercially sensitive decision –making decision;
- denying access is required or authorised by or under an Australian law or a court/tribunal order;
- giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
- the information relates to existing or anticipated legal proceeding between Yoga XTC and you;
Contact us about our privacy and information handling practices
If you have any questions or would like further information about our privacy and information handling practices, please contact us by:
- email at email@example.com
- ring us on (613) 8528 1001 or
- writing to the following address: Yoga XTC, 54 Wilson Street South Yarra VIC 3141
Making a privacy complaint
We recognise that even in the best run organisations things can go wrong. Should you have a privacy complaint, please tell us because it gives us the opportunity to fix the problem. We offer a free internal complaint resolution scheme to all of our customers. Our personal and small business customers also have free access to an external dispute resolution scheme.
To assist us in helping you, we ask you to follow a simple three-step process:
- Gather all supporting documents about the matter of complaint, think about the questions you want answered and decide on what you want us to do.
- Contact us at Yoga XTC, where your situation will be reviewed and if possible resolved straight away. A quick chat is all that’s required to resolve most issues.
- If at this stage the matter has not been resolved to your satisfaction, please contact our office using the above contact points. We will provide you with the name and contact details of the officer who will investigate your complaint, answer your questions and do all they can to regain your confidence.
If you are still not satisfied, we will tell you about the external dispute resolution avenues available to you.