- Our commitment to privacy
Your privacy is a top priority for us.
When dealing with your personal and/or sensitive information, we observe our obligations under the Privacy Act 1988 (Cth) (Privacy Act), and we comply with the Australian Privacy Principles, as well as data protection legislation, and other relevant State and Territory legislation.
- The types of information we collect
2.1 Personal Information
The types of personal information we collect regarding you include:
(a) contact details (name, address, telephone numbers, email, etc.);
(b) employment history and occupation;
(c) educational qualifications;
(d) complaint details;
(e) donation history; and
(f) credit card and/or bank account details.
2.2 Sensitive Information
The types of sensitive information we collect include, but are not limited to, the following types of information (regarding you):
(a) racial or ethnic origin;
(b) selected professional association memberships;
(c) health information; and
(d) any idiosyncratic information we obtain from you or others.
- Why we collect private information about you
Australasian Sleep Association (ACN 138 032 014) (ASA) is a not-for-profit and charitable organisation, which exists to provide a range of services and support for promoting the treatment and control of health and medical conditions, disorders and ailments arising directly from sleep health.
This means that we embark on a number of activities and projects, including the following:
(a) holding annual conferences;
(b) holding seminars and professional development events;
(c) awarding grants and prizes; and
(d) authoring journal articles.
We charge membership subscriptions and other fees to allow people to access our education services, professional development and collegial support services.
We collect information about prospective members in order to allow us to communicate with them, introduce them to our organisation, and inform them of the work that we do, so that we can continue to provide services to members and the public.
When charging subscriptions and other fees, we process payments, provide receipts, and maintain accurate details of payments made. All of these functions require us to collect your information.
In order to fund our services and projects, we are actively involved in fundraising and promoting our organisation to potential donors.
We collect information about people so as to allow us to communicate with potential donors, introduce them to our organisation, inform them of the work we do and encourage donations so we can continue to embark on our community services and projects.
We fundraise in order to deliver and improve the services we provide. Our fundraising includes processing donations, providing receipts, maintaining accurate details of our donors’ history and sending you information about our organisation. All of these functions require us to collect your information.
3.4 Government Grants
Further, we may receive Government funding in order to pursue our community services and projects. As part of some of our Government-funded activities, we may be required to regularly report to Government regarding the demographics of the people who use our services.
We collect information during some services and projects to fulfil this requirement.
In order to comply with the reporting requirements for these Government grants, we obtain your specific consent before disclosing any information, and give you the opportunity to decline and/or withdraw your consent.
Sometimes, our members will be given free subscriptions to journals published by third parties. In order to allow members to be given these subscriptions, we will sometimes disclose members’ contact details to the publishers of those journals.
When reasonably practical, we will obtain your consent before disclosing your details, and provide you with the option to opt out of any communications from those third parties. If they are based overseas, we will comply with our obligations as set out in clause 8.
3.6 Health Information
The safety and wellbeing of the people who use our services is paramount. For that reason, we will sometimes have to collect health-related information about you in order to deal with any health-related emergencies that arise while using our services.
3.7 Conference Organisers
We partner with professional conference organisers, and other third-party service providers, when providing conferences and other events to you.
Sometimes we provide your information to these third-party service providers in order to allow them to communicate with you regarding conferences you are attending, and future events which may interest you.
When reasonably practical, we will obtain your consent before disclosing your information to third party service providers, and provide you with a mechanism to opt out of communications. If they are based overseas, we will comply with our obligations as set out in clause 8.
3.8 Other Uses
We might also collect your information for the following purposes:
(a) for the immediate reason for which you have provided it to us (for example, to enable us to process a request, payment, registration, subscription, etc.);
(b) to maintain contact with you about our work, to report to you about our work, or to encourage you to learn about what we do;
(c) any other purpose directly related to our work and for which you have provided consent (where it is reasonably required by law); and
(d) any purpose which is reasonably related to or necessary for our purposes.
3.9 Government Identifiers
We will not collect Commonwealth Identifiers from you, and we will not use this information to identify you.
3.10 Direct Marketing
We will not use your information for direct marketing, except where we have obtained your consent. We will always provide you with an easy option to opt out of direct marketing regarding our products and services.
- How we collect your information
We may collect information from you either directly, or from third parties. Where we collect information from you directly, we will take all practical and reasonable steps to notify you of the collection of your information under the principles of this Policy.
Information we collect from third parties may be by formal or informal means. Where we collect information from third parties, and it is not personal information that is contained in a Commonwealth record, we will take reasonable steps to destroy or de-identify the information as required by law, or to otherwise notify you of the collection of the information.
We collect personal and/or sensitive information about members, supporters, donors, volunteers, employees, contractors, visitors to our events. We collect your information in the following ways:
(a) face to face contact;
(b) electronically, including through our website forms and online surveys;
(c) via social media messages or conversations;
(d) during telephone calls;
(e) in voice or image recordings;
(f) while delivering and administering services at our events; and
(g) from forms, coupons and other correspondence (both in writing and electronically).
- How we use your information
5.1 How we use your information
We only use your information for:
(a) the reason we collect it as set out above; or
(b) in the case of personal information, for any purpose which is reasonably related to or necessary for the purpose for which it was collected; or
(c) in the case of sensitive information, for any purpose which is directly related to and/or necessary for the purpose for which it was collected; or
(d) as otherwise permitted by law.
Your information may be disclosed to affiliates or third parties in order to further the purpose for which it was collected.
The types of organisations to which we may disclose your personal and/or sensitive information include:
(a) potential sponsors;
(b) government departments;
(c) other entities with which we have a commercial relationship, for business and marketing purposes;
(d) our professional advisors;
(e) publishers of journals to which members receive subscriptions;
(f) if you are a candidate for employment, a reference to assess your application; and
(g) our contractors or service providers.
If you do not want your personal and/or sensitive information disclosed to another organisation, then please let us know, either at the time we collect the information, or any later time, and we will ensure that the disclosure either ceases or does not occur.
Sometimes we may be legally required to disclose your information, for example, to government departments.
We may also sometimes share non-personal, non-sensitive and de-identified information with research organisations.
We take reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations when handling your personal and/or sensitive information.
- Accessing and correcting your personal and/or sensitive information
You can access your information by asking us. Occasionally, we may need to refuse your request to access information (for example, where granting you access would infringe someone else’s privacy).
When you request access, we will ask you to provide some form of identification so that we can ensure that you are the person or the guardian of the person to whom the information relates. In some cases, we may also ask you to pay a reasonable fee to cover the cost of access.
We will take all reasonable steps to ensure that any personal and/or sensitive information that we collect about you is accurate, up-to-date and complete.
If you have a question about this Policy or want to access or correct your personal and/or sensitive information, then you can contact our membership manager. Our membership manager’s details are as follows:
Email: [email protected]
Phone: 02 9920 1968
We will aim to respond to you within twenty-eight (28) days of receiving your request. However, in some cases, particularly if the request is complex, our response may take longer.
If we are not able to help with your request, you will receive a written explanation as to why.
- Complaints about a breach of your privacy
If you are concerned about how we have collected or managed your personal and/or sensitive information, then we request that you contact us at the address included in clause 6 of this Policy, setting out the relevant information relating to your complaint. In order to allow us to properly address your complaint, we suggest that the information include the following:
(a) the nature of your involvement with the ASA;
(b) details of your complaint;
(c) whether your complaint relates to a particular individual within the ASA;
(d) how the complaint has affected you;
(e) how you came to be aware of the complaint; and
(f) the action that you prefer to address the complaint.
After we receive all the information we need from you, please allow us approximately twenty-eight (28) days for us to address your complaint.
If you are not satisfied with how we have handled your complaint, you can then refer the matter to an independent mediator, agreed upon by both you and us. If the matter is still not resolved after mediation, then you can contact the Office of the Australian Information Commissioner (OAIC) by emailing [email protected].
The OAIC is a government body independent of us. It has the power to investigate complaints about possible interference with your privacy.
- Disclosing your personal and/or sensitive information overseas
Occasionally, we may use overseas facilities or contractors to process or back-up information or to otherwise assist with our service provision. This includes the situation where the publishers of journals to which members are granted subscriptions are located overseas.
As a result, we may disclose your personal and/or sensitive information to our overseas facilities or contractors for these purposes.
However, any disclosure of your personal and/or sensitive information overseas does not change our commitment to safeguarding your privacy.
We take reasonable steps to:
(a) ensure that overseas service providers are subject to privacy laws which impose obligations which are substantially similar to those contained in the Privacy Act;
(b) ensure that overseas providers comply with any other privacy laws that operate in their jurisdiction; and
(c) ensure the security of personal and sensitive information that is disclosed overseas, and to protect it against loss, misuse or unauthorised access, destruction, use, modification or disclosure.
- Securing your information
We take reasonable steps to ensure the security of personal and sensitive information we hold about you, and to protect it against loss, misuse or unauthorised access, destruction, use, modification or disclosure.
We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers database only to be accessible by those authorised with special access rights to such systems, and who are required to keep the information confidential.
Only authorised personnel are permitted to access the personal and sensitive information that we hold about you.
It is our policy to:
(a) permanently de-identify personal and/or sensitive information where there is no longer a legal or business need for the information to be identified; and
(b) destroy personal and/or sensitive information once there is no longer a legal or business need for us to retain it.
It is your right to be dealt with anonymously, provided that it is lawful and practicable.
We will try to accommodate a request for anonymity wherever possible. However, we note that in some circumstances, this may prevent us from practically and effectively communicating with you or providing services to you. If this is the case, we will notify you.
- Health information
As part of our services, we may collect health information on you (such as medical history, to determine eligibility to participate in certain initiatives).
When collecting health information from you, we will obtain your consent to such collection and explain how the information will be used and disclosed.
If health information is collected from a third party (such as from your doctor), then we will inform you that this information has been collected, and we will explain how this information will be used and disclosed.
We will not use health information beyond the consent provided by you, unless your further consent is obtained, or in accordance with one of the exceptions under the Privacy Act, or in accordance with another applicable law.
If we use your health information for research or statistical purposes, it will be de- identified if practicable to do so.
When you visit our website, a record of your visit may be logged. The following data may be supplied by your browser:
(a) Your IP address and/or domain name;
(b) Your operating system (type of browser and platform);
(c) The date, time and length of your visit to the website; and
(d) The resources you accessed and the documents you downloaded.
This information may be used to compile statistical information about the use of our website. It is not used for any other purpose. If you do not want ‘cookies’ to be used, then please adjust your browser settings to disable them.
Although we may collect information through our website, and through ‘cookies’, generally you can visit the ASA website without revealing your name and without providing us with any information about yourself.
12.2 Links to other websites
Our website may contain links to third party websites, and third party websites may also have links to our website.
Our Policy does not apply to external links or other websites.
The operators of other websites may collect your personal and/or sensitive information.
We encourage you to read the privacy policies of any website you link to from our website.
This Policy must be read in conjunction with, and is subject to, the laws relating to privacy and the responsibilities of employers and employees in the jurisdictions in which ASA operates.
To the extent that the laws of other jurisdictions apply to the collection, use, disclosure, storage, management or destruction of personal information, any additional policies and terms created may also apply.
14.1 Personal Data (European Union Users)
If you are a user of our products and services in the European Union, our processing of your personal information must be in accordance with the EU General Data Protection Regulation (GDPR). Under the GDPR, in addition to any other right you have under this Policy, you have a right to:
(a) request an explanation of the personal information that we have about you and how we use that personal information;
(b) request the deletion of your personal information that we hold under certain circumstances;
(c) object to our processing of your personal information, including for marketing purposes based on profiling and/or automated decision making; and
(d) request a copy of the personal information we have collected about you, and access it in a structured, commonly used and machine-readable format for the purposes of transferring it to another party.
14.2 Grounds for processing
In accordance with the GDPR, we process personal information under the following legal grounds:
(a) the processing of personal information is necessary for the performance of our contract with you for the provision of our goods and services;
(b) the processing is necessary to comply with our legal obligations including disclosing personal information to relevant law enforcement agencies;
(c) the processing is necessary for our legitimate interests. This will include processing for the purpose outlined in this Policy, for direct marketing purposes and to enforce our contract with you; and/or
(d) you have consented to the processing. You may revoke your consent at any time but if you revoke your consent it may limit the products and services that we are able to provide or that you may have access to.
This policy was last modified on 11 December 2020
Australasian Sleep Association
Level 1, 5 George St, North Strathfield NSW 2137
Phone: 02 9920 1968
E-mail: [email protected]