SRR, in its capacity as an Australian Government agency, is legally bound by the Privacy Act and the APPs, specifically outlined in Schedule 1 of the Act. The policy is crafted in straightforward language for ease of understanding. SRR commits to regularly updating this policy to reflect changes in its information handling practices, with updates being communicated via its website and internal email channels.
Information Handling by SRR
SRR’s operations involve the collection, use, disclosure, and storage of personal information, in line with its responsibilities under various Australian legislations, including the Australian Information Commissioner Act 2010, Privacy Act, Freedom of Information Act 1982, My Health Records Act 2012, and the Competition and Consumer Act 2010. These responsibilities encompass handling privacy and FOI complaints, regulatory actions, advisory services, stakeholder consultations, maintenance of registers, responding to information requests, public communications, and lawful information sharing.
SRR also collects sensitive information as defined by the Privacy Act, which includes a range of personal details such as racial or ethnic origin, political opinions, religious or philosophical beliefs, and more. This collection is necessary for specific functions like handling complaints.
SRR primarily collects personal information directly from individuals through various interactions, including complaints, information requests, job applications, and surveys. Additionally, SRR may gather personal information indirectly from public sources or third parties under certain circumstances.
Anonymity and Website Interaction
Individuals have the option to interact with SRR anonymously or under a pseudonym where feasible. SRR’s website employs tools like Dynatrace, Vision6, and TryBooking for analytics and event management, collecting data in a manner that typically does not identify individuals.
Use and Disclosure of Information
SRR uses personal information primarily for the purposes it was collected for, such as executing its functions and duties. The policy outlines the circumstances under which SRR may use or disclose personal and sensitive information for secondary purposes, including legal requirements and public interest considerations.
Data Quality, Storage, and Security
SRR is committed to maintaining the accuracy and integrity of the personal information it holds. It employs various security measures to protect this information, both in digital and physical formats, and adheres to strict guidelines for the destruction or de-identification of personal information no longer needed.
Access, Correction, and Complaints
Individuals have rights to access and request corrections to their personal information held by SRR. The policy provides guidance on how to make such requests and lodge complaints regarding SRR’s handling of personal information.