Purpose
This Privacy Policy Statement is prepared in accordance with the
National Privacy Principles ('NPPs') contained within the
Commonwealth Privacy Act 1988 ('Act'). The NPPs set out minimum
standards for the way in which organisations deal with individuals'
personal information. Under the Act, personal information includes
information from which an individual's identity is apparent or is
reasonably ascertainable.
Privacy Commitment
Rail CRC/RIA are committed to the protection of individuals'
personal information in accordance with the NPPs. This Privacy
Policy Statement ('Privacy Policy') explains how the CRC collects,
stores, uses and discloses personal information, and the rights of
individuals to gain access to information held about them by the
Rail CRC/RIA.
Collection of Personal Information
The Rail CRC/RIA only collects personal information which is
necessary in connection with its business purposes. The purposes
for which the CRC collects personal information include:
- responding to issues addressed by an individual to the CRC;
- facilitating the conduct of business transactions and operations
between the CRC and the individual;
- providing a newsletter subscription service to individuals; and
- ensuring that our website at www.railcrc.com.au remains relevant to
individuals.
The specific types of personal information collected and used by
the CRC varies according to the purpose for collection. However, in
general this information includes:
- individuals' names, addresses, contact details (eg telephone
number, facsimile number and email address);
- information about transactions or dealings between individuals and
the CRC; and
- individuals' areas of interest.
The CRC collects most of the personal information it requires
directly from the relevant individual by way of written forms
completed by the individual. The CRC may also collect information
from individuals by telephone, in person, by its representatives,
or by written correspondence from time to time. In certain
circumstances, the CRC may also collect personal information about
an individual from third parties.
It is important that the CRC collects the information it requires
about an individual in order to provide services which remain
relevant.
Where an individual provides the CRC with personal information
about another individual, they must first ensure that the other
individual is aware of:
- the disclosure of their information to the CRC and the purposes for
which the information is collected by the CRC; and
- the individual's ability to request access to the personal
information held about them by the CRC, and to advise the CRC if
they think the information is inaccurate, incomplete or
out-of-date.
The CRC does not actively collect sensitive personal information
about individuals. However, if sensitive information is collected,
the CRC will first obtain the consent of the relevant individual,
or otherwise ensure that the collection is in accordance with the
NPPs.
Use and Disclosure of Personal Information
Rail CRC/RIA may use and disclose an individual's personal
information for the primary purpose for which the information was
collected (see Collection of Personal Information), reasonably
expected secondary purposes, where the individual has consented,
and otherwise in accordance with the NPPs, including:
- to provide goods or services to the individual, including a
newsletter subscription service;
- to provide information to members of the CRC;
- where required or authorised by law;
- to provide information to agents, contractors and service providers
engaged by the CRC to deliver goods and services or otherwise act
on behalf of the CRC, or to provide goods and services to the CRC,
the identity of which may change from time to time;
- to investigate and resolve complaints concerning the provision of
services by the CRC or others associated with the CRC; and
- to provide individuals with updates and other information from time
to time about the CRC's goods, services and activities. Individuals
may notify the CRC by written notice addressed to the CRC Privacy
Officer at any time if they do not wish to receive this
information.
The CRC will only transfer personal information outside of
Australia in accordance with the NPPs including:
- with the individual's consent;
- where the CRC is under a contractual obligation (with the
individual or another party) to do so, or there is some other
benefit to the individual; or
- where the CRC is satisfied that the recipient of the information
will uphold principles for the fair handling of personal
information, and will not deal with the personal information in a
manner inconsistent with the NPPs and this Privacy Policy.
Data Quality, Storage and Security
The CRC strives to ensure that all personal information held in its
records is accurate, complete and up-to-date.
Personal information is held in a combination of electronic and
hard copy records stored securely at the CRC's facilities. Hard
copy information is stored in secure office facilities at the CRC's
premises. Electronic information is protected by password security
and other data protection measures.
Access to personal information is restricted in accordance with the
CRC's procedures to those personnel whose job functions require
access to such information.
Access and Correction
Individuals may obtain access to the information held about them by
the CRC by written request to the CRC's Privacy Officer as detailed
below.
In accordance with the NPPs, the CRC may deny access to requests
for access to information in certain circumstances, including
where:
- providing access would have an unreasonable impact upon the privacy
of another individual;
- in the CRC's opinion, the request is frivolous or vexatious;
- providing access to the information would be unlawful, or the law
permits the CRC to deny access; or
- the information relates to existing or anticipated legal
proceedings, or would prejudice the CRC's commercial negotiations
with an individual.
The CRC will correct any personal information which it becomes
aware is inaccurate, incomplete or out of date.
Changes to Privacy Policy
The CRC may review and update this Privacy Policy from time to time
to reflect changes in the law, the CRC's business practices and
procedures, and the community's changing privacy expectations.
Changes to the Privacy Policy will not be notified to individuals,
but the latest version of this Privacy Policy will be available
from the CRC's Privacy Officer at any time.
Point of Contact
To request access to personal information held in the CRC's
records, to make a privacy related complaint, to obtain more
information about the CRC's Privacy Policy or to enquire about
privacy matters generally, please contact the CRC's Privacy Officer
as follows:
The Privacy Officer
Rail Innovation Australia Pty Ltd/ CRC for Railway Engineering and
Technologies
Building 70, Central Queensland University
Bruce Highway
North Rockhampton Qld 4702
Australia
Facsimile: 07 4923 2161
Email:
railcrcwebmaster@cqu.edu.au
