crcCARE Pty Ltd ACN 113 908 044
Updated February 2019
crcCARE understands that your privacy is important to you and is committed to complying with the Privacy Act and the Australian Privacy Principles in relation to all Personal Information and Sensitive Information that we collect from you. This policy describes our Privacy and Information handling practices.
- Sets out how crcCARE stores, uses and discloses personal information
- Relates to personal information collected by any means and by any technology
- Outlines how crcCARE makes the personal information it holds available for access to and correction by an individual.
If you have any questions about this policy, please direct them to the crcCARE Privacy Officer at firstname.lastname@example.org.
crcCARE welcomes the EU General Data Protection Regulation (GDPR) in streamlining data protection requirements across the EU and to the extent applicable, will comply with applicable GDPR regulations.
The types of personal information that we may collect and hold
In the normal course of business activities we will collect Personal Information from you.
The following are the types of your Personal Information that we may collect and hold:
- personal details such as name, postal and email addresses, date of birth, contact details, residency status, education qualifications, employment history, occupation and professional memberships of individuals, or any other type of information that can reasonably identify an individual, either directly or indirectly;
- If you subscribe to our website (www.crccare.com) or register your interest, we will collect Personal Information such as your name, postal and email address, date of birth, contact details.
- If you order any products from our website, we also collect payment details.
- In registering for an event or conference, you may provide Personal Information to us for the purpose of attending the event or conference. We use that information for that purpose and may provide information to you regarding our other services.
We may, on occasion, collect information from you that is considered to be Sensitive Information such as information relating to dietary requirements or other health-related information. Where this information is collected, it will only be used for the purposes specified within the provision of a conference (where you provide this information and consent to this use). crcCARE will not use Sensitive Information collected from you for any other purpose except with your express written consent.
How we collect Personal Information
We will only collect Personal Information by lawful and fair means. Personal Information may be collected directly from you or your authorised representative, or may be collected from a third party such as a licensee or representative authorised by us to provide services to you. You may supply your Personal Information to us when communicating with us in person, via social networks and other online channels.
We do not collect Personal and Sensitive information unless the information is reasonably necessary for our business functions or activities. We will obtain your consent before collecting any Sensitive Information.
The purposes for which the information is collected and held
We collect, hold and use your Personal Information so that we can provide our services to you.
Collection of your Personal Information allows us to provide you with information about our products or services. We may also make you aware of new and additional products, services and opportunities available to you.
We will use personal information only for the purposes that you consent to. This may include to:
- provide you with products and services during the usual course of our business activities;
- administer our business activities;
- manage, research and develop our products and services;
- provide you with information about our products and services;
- communicate with you by a variety of measures including, but not limited to, by telephone, email, sms or mail; and
- investigate any complaints.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
The way in which we use and disclose Personal Information
We will use or disclose your Personal Information only for the purposes for which it was collected. We will use or disclose your information for a secondary purpose only if you have consented or if you would reasonably expect us to do so or as required by law.
We may use your Personal Information for the purposes of our own direct marketing, however we will ensure you have an ability to opt out of future such communications.
We may disclose your personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.
If we experience a Data Breach
If crcCARE experiences a cybersecurity attack or a data breach, it will:
a) immediately initiate its Data Breach Response Plan;
b) take steps to protect your personal information from further disclosure;
c) notify you of the breach as soon as practicable; and
d) notify the Office of the Australian Information Commissioner where required by law.
General Data Protection Regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
We will also process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We will comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU
Except as otherwise provided in the GDPR, you have the following rights:
- to be informed how your personal information is being used;
- access your personal information (we will provide you with a free copy of it);
- to correct your personal information if it is inaccurate or incomplete;
- to delete your personal information (also known as “the right to be forgotten”);
- to restrict processing of your personal information;
- to retain and reuse your personal information for your own purposes;
- to object to your personal information being used; and
- to object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
Hosting and International Data Transfers
Information that we collect may from time to time be stored, processed in or transferred between parties or sites located in countries outside of Australia. These may include, but are not limited to Australia, China, India, Korea, United Kingdom, United States, Vietnam, New Zealand and member states of the European Union.
The hosting facilities for our website are situated in Newcastle, Australia. Data transfers will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.
Our Suppliers and Contractors are situated in Australia, China, India, Korea, United Kingdom, United States, Vietnam, New Zealand and member states of the European Union. Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following: the use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website; the use of binding corporate rules, a copy of which you can obtain from our Data Protection Officer.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
The steps we take to protect and keep secure the Personal Information we hold
We take reasonable steps to protect the Personal Information we hold against interference, loss, unauthorised access, use, modification or disclosure, and other misuse.
The steps we take include:
- maintenance of computer technology, people and process based security measures for example firewalls, network security configurations, use of passwords and other appropriate measures where information is held in electronic form;
- regular updates to security systems and configurations to protect our systems from malicious activity;
- restriction of access to data to only those staff that need access to carry out our business activities;
- training and ensuring that all our employees are required, as a condition of employment, to treat Personal Information held by us as confidential.
However, you should be aware that if you submit information to us electronically the internet is not a secure environment. We take reasonable steps to provide a secure channel for receiving information but cannot absolutely protect Personal Information before it reaches us.
When the Personal Information that we collect is no longer required, we will destroy, delete it in a secure manner, or ensure that the information is de-identified in accordance with our information destruction and de-identification policy, unless we are required by law to retain a copy of the Personal Information or the information is contained in a Commonwealth record.
Access and correction of Personal Information held by us
You have the right to seek access to any of your Personal Information held by us unless there is a valid reason under the Privacy Act for us to withhold the information.
If your personal details change, or you believe the information we hold about you is incorrect, incomplete or out-of-date, please contact us so that we can correct our records.
Requests for access or correction to Personal Information should be made under the Privacy Act and addressed to The crcCARE Privacy Officer. All requests for access or correction to Personal Information will be responded to in writing within a reasonable period of time. As part of this process we will verify the identity of the individual requesting the information prior to providing access or making any changes. If access or correction to your Personal Information is refused we will provide reasons for our refusal.
Mechanisms for complaint
We have procedures in place to deal with your inquiries or complaints.
If you have any questions about our policy or any complaint regarding the treatment of your privacy by us, please contact us at the respective addresses below.
The Privacy Officer
Attention: Privacy Officer, CRC CARE
Premises: Building X, University of South Australia, Mawson Lakes SOUTH AUSTRALIA 5095
Postal address: crcCARE, P.O. Box 486, Salisbury South SOUTH AUSTRALIA 5106
Phone: +61 8 8302 5038
We will endeavour to respond to you within a reasonable time. If you are still not satisfied with the way your complaint is handled by us, you are entitled to have your complaint reviewed under the Privacy Act.
Updates to this Policy
We reserve the right to amend this Policy from time to time. Any revisions to the Policy will be posted on this website.
We use Google Analytics to measure and analyse its internet usage to ensure the site meets business objectives with advertisers and users. Individual privacy is protected but we gain insights on how to make the site more useful for advertisers as well as our users.
Data collected from this analysis include:
- the number of page views (or page impressions) that occur on our sites;
- the number of unique visitors;
- how long these unique visitors (on average) spend on our sites;
- common entry and exit points to our sites;
- files downloaded from the site; and
- forms filled in on the site.
If you wish to disable the cookies on this website you will need to follow the steps required for your preferred browser (e.g. In Internet Explorer 10 and 11 this can be found in the Privacy tab under Internet Options).
Specific to crcCARE
For specific details regarding delegate lists, disclosure of personal information to sponsors and video and photography, please read below.
We will produce delegate lists (by name and organisation) of all consenting delegates to download from the website and the conference site. The delegate lists will contain delegate’s name, job title, organisation, location (state or country).
Registrants may withhold consent for inclusion of their details on the list by opting out via the online registration form at the time of registration.
Disclosure of personal information to sponsors
We will provide the option to disclose some of the information that is collected in via the online registration form such as name, job title, organisation and its location, and email addresses to sponsors for marketing purposes. We will not otherwise, without your consent, use or disclose your personal information for any purpose unless it would reasonably be expected that such purpose is related to the offer, provision and improvement of the conference or where such purpose is permitted or required by law.
Video and photography
Images of conference delegates may be recorded by a photographer and film crew when they record various conference activities, such as sessions, exhibition and social functions. Footage and images recorded are owned by crcCARE and may be used for publication in hardcopy and/or online to promote future conferences. If you do not want your image used for this purpose, please notify the CRC CARE Privacy Officer by phone on +61 2 4985 4941 or send an email to email@example.com.