Gilligan Group Privacy Policy

 

Gilligan Group Pty Ltd ACN 602 512 514, ABN 84 602 512 514 and its staff (“We” or “Us” or “Our”, as appropriate) respect Our customers’ and others’ privacy and comply with the Privacy Act 1998 (Cth) (the “Act”), which requires Us to provide this Privacy Policy to Our customers and others about whom We hold personal information, on request.  Our customers are provided with this policy as a matter of course.  This document sets out Our policies for management of personal information.  This policy may be superseded at any time in the future. A copy of the then current Privacy Policy can be obtained from www.gilligangroup.com.au/privacy-policy

 

PART 1—CONSIDERATION OF PERSONAL INFORMATION PRIVACY

 

Australian Privacy Principle 1 — Open and Transparent Management of Personal Information

1.1           We manage personal information, i.e. “information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion”, which is a very wide definition, in an open and transparent way.

Compliance with the Australian Privacy Principles etc.

1.2           We take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to Our functions and activities that:

(a) ensure that We comply with the Australian Privacy Principles (“APPs”) and any APP code that may apply to Us; and
(b) enable Us to deal with inquiries or complaints from individuals about Our compliance with the APPs or any APP code.

APP Privacy policy

1.3           We have a clearly expressed and up to date policy (“APP Privacy Policy”) about the management of personal information by Us, namely this document
1.4           Our APP Privacy Policy contains the following information:

(a) The kinds of personal information that We may collect from Our customers and others and hold, namely:

(i) name;
(ii) company’s name (if appropriate);
(iii) address (home, postal, work, email);
(iv) telephone numbers (home, work, mobile, fax); and
(v) the device’s IP or Mac address that accesses our service, including, if available, the visitor’s:

(A) country, region, city and area or post code;
(B) GPS longitude and latitude;
(C) time zone and language;
(D) internet service provider or carrier; and
(E) connection type;

(vi) platform and device used;
(vii) browser name and version used;
(viii) visitor’s operating system;
(ix) pages viewed by the visitor;
(x) the visitor’s search terms used; and
(xi) any other information which they provide when seeking Our services or which We obtain from third parties during the provision of Our services.

(b) How We collect and hold personal information, namely personal information:

(i) collected:

(A) directly from Our customers and other parties through using Our services; and/or
(B) from other parties to transactions involving Our customers and their representatives;

(ii) stored either in hard-copy documents, on electronic media, or in Our software or systems, on our secure servers located within and outside Australia; and
(iii) secured by having processes in place that include encryption of all data when it is transferred to Our service providers and limitations on access to personal information within Our organisation.

(c) The purposes for which We collect, hold, use, and disclose personal information, namely

(i) identifying and corresponding with Our customers and other parties generally to enable Us to conduct Our business, provide and market Our services, and to meet Our legal and other obligations in respect to the provision of services;
(ii) matters implicit in our management including, but not limited to:

(A) service monitoring, planning, evaluation and;
(B) the type of device that has connected to the service (e.g. IPhone, Android, Blackberry, IPad); and
(C) the time that you have logged on to the service;

(iii) marketing various other products and services, including use in:

(A) email campaigns;
(B) Google AdWords; and
(C) Google remarketing;

(iv) any more specific purpose given at the time of the collection; and
(v) generally anything necessary and expedient to achieve the above.

(d) How an individual may access personal information about the individual that is held by Us and seek the correction of such information, namely by contacting Us at:

Gilligan Group Pty Ltd ACN 602 512 514, ABN 84 602 512 514
29 Victory Terrace, East Perth, Western Australia 6004
Tel: +61 (0) 416 854 264
E-Mail: accounts@gilligangroup.com.au
Web: http://www.gilligangroup.com.au/
Privacy Officer: Skye Gilligan

(e) How an individual may complain about a breach of the APPs, or a registered APP code (if any) that binds Us, and how We will deal with such a complaint, namely:

(i) an individual may make a complaint by contacting Us via the contact details provided at clause 1.4(d); and
(ii) we deal with complaints by investigating the complaint and taking the appropriate action.

(f) Whether We are likely to disclose personal information to overseas recipients, namely We do not disclose personal information to overseas recipients, except to the extent that:

(i) We may at times use contractors or employees abroad, in which case they will be subject to this policy;
(ii) the information is stored on secure servers abroad, and which information is encrypted; and
(iii) We may use overseas third parties for web and event tracking analysis.

(g) If We are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy, namely the servers referred to in clause 1.4(f) We believe are:

(i) USA;
(ii) United Kingdom and
(iii) Ireland

Availability of APP privacy policy etc.

1.5           We take such steps as are reasonable in the circumstances to make Our APP Privacy Policy available:

(a) free of charge; and
(b) in such form as is appropriate.

Note: We make Our APP privacy policy available on Our website at www.gilligangroup.com.au/privacy/.

1.6           If a person or body requests a copy of Our APP Privacy Policy in a particular form, We take such steps as are reasonable in the circumstances to give the person or body a copy in that form.

 

Australian Privacy Principle 2 — Anonymity and Pseudonymity

2.1           Individuals do not have the option of not identifying themselves, or of using a pseudonym, when dealing with Us in relation to a particular matter, except to the extent that they trade under a business name.

 

PART 2—COLLECTION OF PERSONAL INFORMATION

 

Australian Privacy Principle 3 — Collection of Solicited Personal Information

Personal Information other than Sensitive Information

3.1/3.2  We do not collect personal information (other than sensitive information) unless the information is reasonably necessary for, or directly related to, one or more of Our services, functions, or activities.  For example, We collect the names, addresses, dates of birth, and places of birth of customers and other persons from those persons directly and ASIC and other public and private databases for use in Our legal documentation and for identification, authentication, and authorisation in order to perform Our services.

Sensitive Information

3.3/3.4  We do not collect sensitive information about an individual, i.e.:

(a) information or an opinion about an individual’s: racial or ethnic origin; or political opinions; or membership of a political association; or religious beliefs or affiliations; or philosophical beliefs; or membership of a professional or trade association; or membership of a trade union; or sexual orientation or practices; or criminal record, that is also personal information; or
(b) health information; or
(c) genetic information that is not otherwise health information; or
(d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) biometric templates,
unless:
(f) the individual consents to the collection of the information and the information is reasonably necessary for one or more of Our services, functions, or activities; or
(g) the collection of the information is required or authorised by or under an Australian law or a court/tribunal order; or
(h) it is unreasonable or impracticable to obtain the individual’s consent to the collection, use, or disclosure, and We reasonably believe that the collection, use, or disclosure is necessary to lessen or prevent a serious threat to the life, health, or safety of any individual, or to public health or safety; or
(i) We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Our functions or activities has been, is being, or may be engaged in; and We reasonably believe that the collection, use, or disclosure is necessary in order for Us to take appropriate action in relation to the matter; or
(j) We reasonably believe that the collection, use, or disclosure is reasonably necessary to assist any body or person to locate a person who has been reported as missing; and the collection, use, or disclosure complies with any rules made by the Privacy Commissioner in that regard; or
(k) the collection, use, or disclosure is reasonably necessary for:

(i) the establishment, exercise, or defence of a legal or equitable claim; or
(ii) the purposes of a confidential alternative dispute resolution process;
… or

(l) a permitted general situation exists or a permitted health situation exists in relation to the collection of the information by Us.

    Note: For permitted general situation, see section 16A of the Act. For permitted health situation, see section 16B of the Act.

    Means of Collection

    3.5           We collect personal information only by lawful and fair means.
    3.6           We collect personal information about an individual only from the individual unless it is unreasonable or impracticable to do so.

    Solicited Personal Information

    3.7           This principle applies to the collection of personal information that is solicited by Us.

    Australian Privacy Principle 4 — Dealing with Unsolicited Personal Information

    4.1           If:

    (a) We receive personal information; and
    (b) We did not solicit the information,
    … We will, within a reasonable period after receiving the information, decide whether or not We could have collected the personal information under APP 3.

    4.2           We may use or disclose the personal information for the purposes of making the decision under subclause 4.1.
    4.3           If:

    (a) We decide that We could not have collected the personal information; and
    (b) the personal information is not contained in a Commonwealth record,
    … We will, as soon as practicable, but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.

    4.4           If subclause 4.3 does not apply in relation to the personal information, APPs 5 to 13 apply in relation to the information as if We had collected the information under APP 3.

     

    Australian Privacy Principle 5 — Notification of the Collection of Personal Information

    5.1           At or before the time, or, if that is not practicable, as soon as practicable after, We collect personal information about an individual, We will take such steps as are reasonable in the circumstances to:

    (a) notify the individual of such matters referred to in subclause 5.2 as are reasonable in the circumstances; or
    (b) otherwise ensure that the individual is aware of any such matters.

    5.2           The matters for the purposes of subclause 5.1 are as follows:

    (a) Our identity and contact details, namely the contact details provided at clause 1.4(d).
    (b) If:

    (i) We collect the personal information from someone other than the individual; or
    (ii) the individual may not be aware that We have collected the personal information,
    (iii) … the fact that We so collect, or have collected, the information and the circumstances of that collection, namely:
    (iv) when the information was collected;
    (v) from whom the personal information was collected, unless if doing so would be an interference with the privacy of that individual (for example, the use or disclosure breaches APP 6 because that individual would not reasonably expect their personal information to be disclosed in an APP 5 notice and no other exception in APP 6 applies) (see APP 6); and
    (vi) the method of collection, for example, whether that personal information was collected through use of a hidden radio-frequency identification tag (RFID tags), software (such as cookies), or biometric technology (such as voice or facial recognition).

    (c) If the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order, the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection).
    (d) The purposes for which We collect the personal information, namely the purposes referred to at clause 1.4(c).
    (e) The main consequences for the individual if all or some of the personal information is not collected by Us, namely:

    (i) Our customers may not be eligible to use Our service; or
    (ii) We may not be able to properly investigate or resolve Our customers’ issues.

    Note: This is not an extensive list of consequences that may result if personal information is not collected, but just some examples of possible consequences.

    (f) Any other APP entity, body, or person, or the types of any other APP entities, bodies, or persons, to which We usually disclose personal information of the kind collected by Us, namely the organisations (or the types of organisations) to which We usually disclose personal information are:

    (i) our customers;
    (ii) companies engaged by Us for the purposes outlined in clause 1.4(c);
    (iii) Our own lawyers, accountants, and auditors, including quality auditors and advisers if necessary, for them to provide their services or conduct their business;
    (iv) contractors that provide information technology services and the like, if necessary for them to provide their services to Our business, and
    (v) other persons or organisations that need to be given personal information in order for Us to provide Our services and conduct Our business properly.

    (g) That Our APP privacy policy contains information about how the individual may access the personal information about the individual that is held by Us and seek the correction of such information, namely via the contact details provided at clause 1.4(d).
    (h) That Our APP privacy policy contains information about how the individual may complain about a breach of the APPs, or a registered APP code (if any) that binds Us, and how We will deal with such a complaint, namely via the contact details provided at clause 1.4(d).
    (i) Whether we are likely to disclose the personal information to overseas recipients, namely We do not disclose personal information to overseas recipients, except to the extent that:

    (i) the information is stored on servers or data centres abroad, and then the information is usually encrypted; and
    (ii) We may use overseas third parties for web and event tracking analysis.

    (j) If We are likely to disclose the personal information to overseas recipients, the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them, namely the servers and data centres referred to in clause 5.2(i), which We believe are the countries referred to in clause 1.4(g).

     

    PART 3—DEALING WITH PERSONAL INFORMATION

     

    Australian Privacy Principle 6 — Use or Disclosure of Personal Information

    Use or Disclosure

    6.1           If We hold personal information about an individual that was collected for a particular purpose (the primary purpose), We do not use or disclose the information for another purpose (the secondary purpose) unless:

    (a) the individual has consented to the use or disclosure of the information; or
    (b) subclauses 6.2 or 6.3 apply in relation to the use or disclosure of the information.

    Note: APP 8 sets out requirements for the disclosure of personal information to a person who is not in Australia or an external Territory.

    6.2           This subclause applies in relation to the use or disclosure of personal information about an individual if:

    (a) the individual would reasonably expect Us to use or disclose the information for the secondary purpose and the secondary purpose is:

    (i) if the information is sensitive information—directly related to the primary purpose; or
    (ii) if the information is not sensitive information—related to the primary purpose; or

    (b) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
    (c) a permitted general situation exists in relation to the use or disclosure of the information by Us; or
    (d) We are an organisation and a permitted health situation exists in relation to the use or disclosure of the information by Us; or
    (e) We reasonably believe that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

    6.4           We take such steps as are reasonable in the circumstances to ensure that the information is de-identified before We disclose it in accordance with subclauses 6.1 or 6.2.

    Written Note of Use or Disclosure

    6.5           If We use or disclose personal information in accordance with paragraph 6.2(e), We make a written note of the use or disclosure.

    Related Bodies Corporate

    6.6           If We collect personal information from a related body corporate, this principle applies as if Our primary purpose for the collection of the information were the primary purpose for which the related body corporate collected the information.

    Exceptions

    6.7           This principle does not apply to the use or disclosure by Us of:

    (a) personal information for the purpose of direct marketing; or
    (b) government related identifiers.

     

    Australian Privacy Principle 7 — Direct Marketing

    Direct Marketing

    7.1           If We hold personal information about an individual, We do not use or disclose the information for the purpose of direct marketing except as permitted by subclauses 7.2, 7.3, 7.4, and 7.5.

    Exceptions—Personal Information other than Sensitive Information

    7.2           We may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:

    (a) We collected the information from the individual;
    (b) the individual would reasonably expect Us to use or disclose the information for that purpose;
    (c) We provide a simple means by which the individual may easily request not to receive direct marketing communications from Us; and
    (d) the individual has not made such a request to Us.
    We assume that Our customers are happy for Us to contact them unless they advise Us to the contrary.
    By accepting Our terms of use, Our customers agree to be contacted by direct marketing and for Us to provide information to third party contractors which We may engage to help Us market to Our customers.

    7.3           We may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing if:

    (a) We collected the information from:

    (i) the individual and the individual would not reasonably expect Us to use or disclose the information for that purpose; or
    (ii) someone other than the individual; and

    (b) either:

    (i) the individual has consented to the use or disclosure of the information for that purpose; or
    (ii) it is impracticable to obtain that consent; and

    (c) We provide a simple means by which the individual may easily request not to receive direct marketing communications from Us; and
    (d) in each direct marketing communication with the individual:

    (i) We include a prominent statement that the individual may make such a request; or
    (ii) We otherwise draw the individual’s attention to the fact that the individual may make such a request; and

    (e) the individual has not made such a request to Us.

    Exception — Sensitive Information

    7.4           We may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.

    Exception—Contracted Service Providers

    7.5           We may use or disclose personal information for the purpose of direct marketing if:

    (a) We are a contracted service provider for a Commonwealth contract;
    (b) We collected the information for the purpose of meeting (directly or indirectly) an obligation under the Commonwealth contract; and
    (c) the use or disclosure is necessary to meet (directly or indirectly) such an obligation.

    Individual may Request not to Receive Direct Marketing Communications, etc.

    7.6           If We use or disclose personal information about an individual:

    (a) for the purpose of direct marketing by Us; or
    (b) for the purpose of facilitating direct marketing by other organisations;
    … the individual may:
    (c) if paragraph (a) applies—request not to receive direct marketing communications from Us;
    (d) if paragraph (b) applies—request Us not to use or disclose the information for the purpose referred to in that paragraph; and
    (e) request Us to provide the source of the information.

    7.7           If an individual makes a request under subclause 7.6, We will not charge the individual for the making of, or to give effect to, the request and:

    (a) if the request is of a kind referred to in paragraph 7.6(c) or (d)—We will give effect to the request within a reasonable period after the request is made; and
    (b) if the request is of a kind referred to in paragraph 7.6(e)—We will, within a reasonable period after the request is made, notify the individual of the source unless it is impracticable or unreasonable to do so.

    Interaction with other Legislation

    7.8           This principle does not apply to the extent that any of the following apply:

    (a) the Do Not Call Register Act 2006 (Cth);
    (b) the Spam Act 2003 (Cth);
    (c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.

     

    Australian Privacy Principle 8 — Cross-Border Disclosure of Personal Information

    8.1           Before We disclose personal information about an individual to a person:

    (a) who is not in Australia or an external Territory; and
    (b) who is not Us or the individual,
    … We take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (other than APP 1) in relation to the information.
    Some of Our data is stored on servers and in data centres overseas.

    8.2           Subclause 8.1 does not apply to the disclosure of personal information about an individual by Us to the overseas recipient if:

    (a) We reasonably believe that:

    (i) the overseas recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information; and
    (ii) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme;
    … or

    (b) both of the following apply:

    (i) We expressly inform the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure; and
    (ii) after being so informed, the individual consents to the disclosure;
    … or

    (c) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
    (d) a permitted general situation exists in relation to the disclosure of the information by Us, other than a situation where the collection, use, or disclosure is reasonably necessary for:

    (i) the establishment, exercise, or defence of a legal or equitable claim; or
    (ii) the purposes of a confidential alternative dispute resolution process.

    Australian Privacy Principle 9 — Adoption, Use, or Disclosure of Government Related Identifiers

    Adoption of Government Related Identifiers

    9.1           We do not adopt a government related identifier of an individual as its own identifier of the individual unless:

    (a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or
    (b) subclause 9.3 applies in relation to the adoption.

    Use or Disclosure of Government Related Identifiers

    9.2           We do not use or disclose a government related identifier of an individual unless:

    (a) the use or disclosure of the identifier is reasonably necessary for Us to verify the identity of the individual for the purposes of Our activities or functions; or
    (b) the use or disclosure of the identifier is reasonably necessary for Us to fulfil Our obligations to an agency or a State or Territory authority; or
    (c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
    (d) a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Act) exists in relation to the use or disclosure of the identifier; or
    (e) We reasonably believe that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
    (f) subclause 9.3 applies in relation to the use or disclosure.

    Note 1: An act or practice of an agency may be treated as Our act or practice, see section 7A of the Act.
    Note 2: For permitted general situation, see section 16A of the Act.

    Regulations about Adoption, Use, or Disclosure

    9.3           This subclause applies in relation to the adoption, use, or disclosure by Us of a government related identifier of an individual if:

    (a) the identifier is prescribed by the regulations;
    (b) We are prescribed by the regulations, or are included in a class of organisations prescribed by the regulations; and
    (c) the adoption, use, or disclosure occurs in the circumstances prescribed by the regulations.

     

    PART 4—INTEGRITY OF PERSONAL INFORMATION

     

    Australian Privacy Principle 10 — Quality of Personal Information

    10.1         We take such steps as are reasonable in the circumstances to ensure that the personal information that We collect is accurate, up to date, and complete.

    10.2         We take such steps as are reasonable in the circumstances to ensure that the personal information that We use or disclose is, having regard to the purpose of the use or disclosure, accurate, up to date, complete, and relevant.

     

    Australian Privacy Principle 11 — Security of Personal Information

    11.1         If We hold personal information, We take such steps as are reasonable in the circumstances to protect the information:

    (a) from misuse, interference, and loss; and
    (b) from unauthorised access, modification, or disclosure.

    11.2         If:

    (a) We hold personal information about an individual;
    (b) We no longer need the information for any purpose for which the information may be used or disclosed by Us under this Schedule;
    (c) the information is not contained in a Commonwealth record; and
    (d) We are not required by or under an Australian law, or a court/tribunal order, to retain the information,
    … We take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.

     

    PART 5—ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION

     

    Australian Privacy Principle 12 — Access to Personal Information

    Access

    12.1         If We hold personal information about an individual, We will, on request by the individual, give the individual access to the information.

    Exception to Access — Agency

    12.2         We are not an agency and accordingly clause 12.2 is not applicable to Us.

    Exception to Access — Organisation

    12.3         Despite subclause 12.1, We are not required to give the individual access to the personal information to the extent that:

    (a) We reasonably believe that giving access would pose a serious threat to the life, health, or safety of any individual, or to public health or public safety; or
    (b) giving access would have an unreasonable impact on the privacy of other individuals; or
    (c) the request for access is frivolous or vexatious; or
    (d) the information relates to existing or anticipated legal proceedings between Us and the individual, and would not be accessible by the process of discovery in those proceedings; or
    (e) giving access would reveal Our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
    (f) giving access would be unlawful; or
    (g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or
    (h) both of the following apply:

    (i) We have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to Our functions or activities, has been, is being, or may be engaged in; and
    (ii) giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
    … or

    (i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
    (j) giving access would reveal evaluative information generated by Us in connection with a commercially sensitive decision-making process.

      Dealing with Requests for Access

      12.4         We will:

      (a) respond to the request for access to the personal information within a reasonable period after the request is made; and
      (b) give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so.

      Other Means of Access

      12.5         If We refuse:

      (a) to give access to the personal information because of subclause 12.2 or 12.3; or
      (b) to give access in the manner requested by the individual,
      … We will take such steps as are reasonable in the circumstances to give access in a way that meets Our needs and those of the individual.

      12.6         Without limiting subclause 12.5, access may be given through the use of a mutually agreed intermediary.

      Access Charges

      12.7         We are not an agency and accordingly clause 12.7 is not applicable to Us.

      12.8         If We charge the individual for giving access to the personal information, the charge will not be excessive and will not apply to the making of the request.

      Refusal to Give Access

      12.9         If We refuse to give access to the personal information because of subclause 12.2 or 12.3, or to give access in the manner requested by the individual, We will give the individual a written notice that sets out:

      (a) the reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so;
      (b) the mechanisms available to complain about the refusal; and
      (c) any other matter prescribed by the regulations.

      12.10      If We refuse to give access to the personal information because of paragraph 12.3(j), the reasons for the refusal may include an explanation for the commercially sensitive decision.

       

      Australian Privacy Principle 13 — Correction of Personal Information

      Correction

      13.1         If:

      (a) We hold personal information about an individual; and
      (b) either:

      (i) We are satisfied that, having regard to a purpose for which the information is held, the information is inaccurate, out of date, incomplete, irrelevant, or misleading; or
      (ii) the individual requests Us to correct the information,
      … We will take such steps as are reasonable in the circumstances to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up to date, complete, relevant, and not misleading.

      13.2         If:

      (a) We correct personal information about an individual that We previously disclosed to another APP entity; and
      (b) the individual requests Us to notify the other APP entity of the correction,
      … We will take such steps as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.

      Refusal to Correct Information

      13.3         If We refuse to correct the personal information as requested by the individual, We will give the individual a written notice that sets out:

      (a) the reasons for the refusal except to the extent that it would be unreasonable to do so;
      (b) the mechanisms available to complain about the refusal; and
      (c) any other matter prescribed by the regulations.

      Request to Associate a Statement

      13.4         If:

      (a) We refuse to correct the personal information as requested by the individual; and
      (b) the individual requests Us to associate with the information a statement that the information is inaccurate, out of date, incomplete, irrelevant, or misleading,
      … We will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.

      Dealing with Requests

      13.5         If a request is made under subclause 13.1 or 13.4, We:

      (a) will respond to the request within a reasonable period after the request is made; and
      (b) will not charge the individual for the making of the request, for correcting the personal information, or for associating the statement with the personal information (as the case may be).

       

      See www.privacy.gov.au for more information on Privacy Issues