ASC is bound by the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth) (Privacy Act) when dealing with personal information about individuals. The APPs set out minimum standards about how ASC can collect, use and manage your personal information.
This Policy details in general terms how ASC collects, stores, uses and discloses personal information about individuals, and the rights that individuals have to access and correct the information ASC holds about them. Employee records that are exempt from the operation of the APPs under the Privacy Act are not subject to this Policy.
In this Policy:
- ‘ASC‘, ‘we‘, ‘our‘ and ‘us‘ means ASC Pty Ltd and its related bodies corporate and their officers and employees; and
- personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Collection of Personal Information
ASC only collects personal information that is necessary for ASC’s business functions or activities. This includes:
- procuring goods and/or services from you and/or your organisation as a service provider to ASC;
- engaging in commercial dealings with you and/or your organisation;
- answering your enquiries and providing you with information you may have requested; and
- complying with legislative requirements.
The types of personal information ASC collects from you will depend on the nature of ASC’s dealings with you, but generally includes (without limitation) names, addresses, contact details (such as telephone number, facsimile number and email address), and other information that may assist ASC in conducting its business, meeting its legal obligations and addressing your queries.
ASC may also collect various types of sensitive information which are reasonably necessary for ASC’s business functions or activities, either with your consent or where permitted to do so under the Privacy Act or by law. Sensitive information is a particular category of personal information, and may include information about a person’s racial or ethnic origin, political opinions and associations, religious beliefs and affiliations, philosophical beliefs, membership of professional trade associations, membership of trade unions, criminal record and health information. In ASC’s case, certain exemptions under the Equal Opportunity Act 1984 (SA) and the Equal Opportunity Act 1984 (WA) permit the collection of sensitive information for employment and employment application purposes.
All personal information collected by ASC will be collected by lawful and fair means, and not in an unreasonably intrusive way. In most cases, ASC will collect your personal information directly from you. ASC collects personal information about you when you use the ASC website, make an enquiry with ASC or enter into a contractual relationship with ASC. ASC may, also collect personal information about you from third parties (for example, in connection with security clearance procedures).
If you do not provide all of the personal information requested by ASC, then ASC may not be able to answer your queries, provide you with the requested information, products or services or engage in commercial dealings with you.
Where it is practicable and lawful to do so, ASC will enable you to interact with it anonymously or pseudonymously.
Use and Disclosure
ASC only uses personal information for the primary purpose of its collection (being the particular purpose or reason why the information was collected by ASC). ASC collects and holds personal information about you for the purpose of:
- providing you and your company with goods and or services;
- answering your enquiries and providing you with information you may have requested; and
- providing you (or your company) with information that ASC considers relevant.
ASC may disclose your personal information to:
- ASC’s related bodies corporate;
- other companies or individuals that assist ASC in providing services or that perform functions on ASC’s behalf, including (but not limited to) agents, consultants and solicitors;
- the Australian Security Intelligence Organisation, Australian Police Force, Australian Federal Police and other organisations that have a role in Australian security clearance procedures; and
- anyone else to whom you authorise ASC to disclose your personal information.
ASC will not provide your personal information to any party for the purpose of that party using your personal information to market, offer or sell their products to you.
Apart from using your personal information for the primary purpose described above, ASC may also use your personal information for a related secondary purpose (or a directly related secondary purpose, in the case of your sensitive information) where you consent to that use, where ASC considers you would reasonably expect ASC to use or disclose it for that secondary purpose, or where otherwise permitted to do so under the Privacy Act.
In limited circumstances under the Privacy Act, ASC may disclose personal information where:
- the use or disclosure of that information is required or authorised by or under an Australian law or a court/tribunal order;
- ASC reasonably believes the use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body
- ASC reasonably believes the use or disclosure is necessary in taking action about a suspected unlawful activity (or serious misconduct) relating to ASC’s functions or activities; or
- to lessen or prevent a serious threat to life, health or safety.
Access to Information
ASC takes reasonable steps to ensure that the personal information it collects and holds is accurate, complete and up-to-date. Further, ASC will also take reasonable steps to ensure that personal information it uses or discloses is accurate, complete, up to date and relevant.
You may request access to the personal information ASC holds about you. Generally, ASC will provide you with access, unless it considers that it is permitted under the Privacy Act (or another relevant Australian law, or a court or tribunal order) to withhold that personal information. If access is refused, ASC will provide you with written reasons for that refusal.
All requests for access to personal information are to be made in writing addressed to ASC’s Privacy Officer at the address shown below. ASC may charge a fee for actioning your request for access to your personal information (but any such fee will be reasonable).
If you satisfy ASC that any personal information it holds about you is inaccurate, incomplete, out-of-date, irrelevant or misleading, ASC will take reasonable steps to amend that information and its records accordingly. Please let us know if any of your personal details change.
As a defence industry organisation, ASC maintains strict security over its physical premises and electronic systems. Access to ASC’s computer systems is limited by user identifiers, passwords and access restricted on a “need to know” basis. Access to all personal information within ASC’s possession and control is strictly controlled.
ASC takes reasonable steps to ensure that all personal information it holds is protected from loss, interference, misuse or unauthorised access, disclosure or modification. ASC also takes reasonable measures to ensure that any personal information (including any unsolicited information) is destroyed or permanently de-identified if no longer needed for any purpose for which it was lawfully collected by ASC.
ASC may disclose your personal information to an offshore recipient in foreign country (including foreign Governments or offshore defence or security organisations in connection with ASC’s business operations with those countries, or organisations in those countries).
ASC will take reasonable steps in the circumstances to ensure the offshore recipient does not breach the APPs in relation to your personal information, except where:
- ASC reasonably believes the offshore recipient is subject to privacy laws in that foreign country consistent with the APPs, and you have access to mechanisms in that country for the enforcement of those privacy laws for the protection of your information;
- ASC is legally permitted or required to make that offshore disclosure;
- ASC informs you that it will not take reasonable steps in the circumstances to ensure the offshore recipient does not breach the APPs, and you consent to the disclosure; or
- the Privacy Act otherwise permits the offshore disclosure.
ASC may also store and process personal information at offshore locations, including cloud database or computing facilities provided by third parties. By providing your personal information to ASC, you consent to your personal information being disclosed offshore for this purpose.
Where ASC does disclose personal information outside Australia, the countries in which those offshore recipients are likely to be located are the United States of America, France, Sweden and Spain.
Notification of data breaches
Notwithstanding the measures undertaken to protect privacy, ASC acknowledges the possibility of data breaches occurring. A data breach is:
- an unauthorised access to personal information;
- an unauthorised disclosure of personal information; or
- a loss of personal information (likely to result in unauthorised access or disclosure).
Where ASC discovers or has reasonable grounds to suspect that a data breach has occurred, ASC’s Privacy Officer will take appropriate action to address the issue, including:
- prompt investigation of (including the extent of) any suspected data breach;
- containment of any actual breach and conduct of a preliminary assessment of the breach;
- evaluation of the risks associated with the breach, having regard to the nature of the personal information involved (including sensitivity and volume), the cause and extent of the breach and other matters affecting the likelihood of serious harm to the affected individuals arising;
- notification of the data breach (where ASC considers necessary) to the Office of the Australian Information Commissioner and affected individuals containing the information prescribed under the Privacy Act, where serious harm is likely to occur, and no remedial action can be taken to remove that risk; and
- prevention or mitigation of future breaches.
ASC does not adopt as its own identifier of an individual a Commonwealth or State government identifier (e.g. Tax File Number (TFN) or driver’s licence number). Other identifiers such as Australian Business Numbers (ABNs) may be used by ASC for ordinary commercial purposes and for ASC’s compliance with taxation laws such as Goods and Services Tax (GST) (but only for GST purposes).
ASC cannot guarantee the privacy or security of personal information provided via the ASC website, during the transmission process. Once that personal information is received, ASC then takes take reasonable steps to protect your personal information as outlined in this Policy.
ASC’s website may contain links to other websites. ASC is not responsible for the privacy practices or the use and protection of your personal information on those sites.
Further Information about Privacy Law
More information about Privacy Act and the Australian Privacy Principles is available from the Office of the Australian Information Commissioner at www.oiac.gov.au.
ASC may amend this Policy from time to time to reflect changes in the law, or its business functions or activities. A current version of the Policy will at all times be posted on ASC’s website at www.asc.com.au.
Alternatively, a copy may be requested from ASC’s Privacy Officer at the details below.
All queries about ASC’s dealings with your personal information, its compliance with the Privacy Act or any complaints about an alleged breach by ASC of the Australian Privacy Principles must be made in writing to ASC’s Privacy Officer at the contact details set out below. ASC aims to respond to any such queries (or complaints) at first instance within 30 days of the date of receipt of the query (or complaint).
ASC’s Privacy Officer can be contacted at:
ASC Pty Ltd
694 Mersey Road
OSBORNE SA 5017
or on (08) 8348 7000 or by e-mail at email@example.com.