Purpose Risk Advisory Services Pty Ltd (RAS) is committed to protecting the privacy and handling personal, sensitive and special categories of information in an open and transparent way. This policy outlines how RAS uses and manages personal information that is provided to it and that it collects. It is also a guide to the RAS staff as to the standards to be applied in respect of handling personal information and ensures consistency in RAS’s approach to privacy. RAS is bound by the Australian Privacy Principles (APP) contained in the Commonwealth Privacy Act 1988 and will collect, use and retain personal information in accordance with those principles. RAS reserves the right to and may, from time to time, review and update this Policy to take into account new laws and technology, changes to RAS’s operations and practices and to make sure the Policy remains current and relevant. What is “Personal Information”? Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information is recorded in material form or not. Employee Records are not Personal Information for the purposes of the Privacy Act and of this Policy. Collection of Personal Information RAS may collect Personal Information from clients, customers, employees, contractors and other individuals. RAS will only collect Personal Information that is reasonably necessary or directly related to one or more of RAS’s functions or services. RAS collects most Personal Information directly from individuals (the “Discloser”) when dealing directly with them. The Personal Information collected may be provided in forms filled out by the Discloser, face to face meetings, email messages or telephone conversations. If RAS is contacted, a record of that contact may be kept. The main types of information collected and held by RAS relates to the contact details and organisation roles of RAS’s clients, suppliers and other business contacts. Typically, this information includes names, addresses, telephone numbers, email addresses and job titles, employment, skills, qualifications, accreditations and employment history and any other information RAS deems necessary. RAS may also collect other types of Personal Information such as references and employment objectives while dealing with the Discloser, for example, when applying for employment. RAS Website When individuals visit the RAS website (‘Visitors’), RAS may collect their Personal Information when: registering for or subscribing to any RAS services or requesting further information;contacting RAS to report a problem with the RAS website or to make any enquiry or query or comment;providing a response in an online survey;completing a feedback form; andapplying online for a job. Use and Disclosure of Personal Information RAS holds, uses and discloses Personal Information for the purpose disclosed at the time of collection, or otherwise as set out in this Policy. RAS will not use or disclose Personal Information for any other purpose without first seeking consent of the Discloser, unless: its use or disclosure is permitted by this policy; RAS believes it is necessary to provide the Discloser with a service or product which has been requested; to protect the rights, property or personal safety of any member of the public or a client of RAS or the interests of RAS; Some or all of the assets or operations of RAS may be transferred to another party as part of the sale of some or all of RAS’s business, in which case permission would be sought from all RAS clients to pass on any information; the Discloser has provided consent; or such disclosure is otherwise required or permitted by law, regulation, rule or professional standard. RAS may also share non-personal, non-identifiable and aggregated information for research or promotional purposes. Except as set out in this policy RAS does not sell or trade Personal Information with third parties. Generally, RAS will only use and disclose Personal Information for the following purposes: to provide services to the Discloser;to maintain business relationships, where the Discloser is a user of the RAS website; is a client or an employment candidate; to keep clients and other contacts informed of the services RAS offers and industry developments or legislative changes that may be of interest to them, and to notify them of service offerings, seminars and other events that RAS may be holding;to enable the Discloser to submit a CV to apply for employment vacancies; for general management and reporting purposes such as invoicing and account management; to trusted third parties that have been retained by RAS to provide services that the Discloser has requested or who provide services to RAS. RAS may also release Personal Information to regulatory or law enforcement authorities, if required to do so; and RAS may seek the consent of the Discloser to collect, hold, use and disclose Personal Information for any other purpose not listed above. RAS may also use the Discloser’s Personal Information to send information (either by email or post) that has been requested by the Discloser. The Discloser may elect at any time to no longer receive such information by writing to PO Box 341, North Sydney NSW 2059 or by emailing us at email@example.com. Sensitive Information Sensitive information is a special category of personal information under the Privacy Act 1988 (Cth). It is the information or an opinion about you, including racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal records and health information. Under this policy, RAS will not collect or maintain Sensitive Information. Privacy on the RAS Website CVs may be submitted via the RAS website, either for general consideration for positions as they arise or to apply for a specific advertised job. Once submitted, CVs will be stored on a central database. This database may include details of Personal Information and can be accessed by RAS staff members with the appropriate access. RAS gathers information and statistics about all Visitors including the most frequently accessed pages and most frequently used services. This data is only used in its aggregate form (i.e. the information does not identify any one individual). This information helps to determine the most beneficial parts of the RAS website and ways in which it can continually improve any online services provided by RAS to create a better overall experience for RAS clients and Visitors. Cookies on the RAS Website Visitors may leave a comment on the site and may opt-in to saving their name, email address and website in cookies. These are for the Visitor’s convenience so that these details don’t have be filled in again if another comment is provided. These cookies will last for one year. A temporary cookie will be set for Visitors on any log-in page on the RAS website to determine if the Visitor’s browser accepts cookies. This cookie contains no personal data and is discarded when the Visitor closes its browser. When a Visitor logs in, RAS will also set up several cookies to save login information and screen display choices. Login cookies last for two days, and screen options cookies last for a year. If a Visitor selects “Remember Me”, their login will persist for two weeks. If a Visitor logs out of their account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. Security RAS will take reasonable steps to keep personal information secure, accurate and up to date. The Internet is not always a secure method of transmitting information. Accordingly, while RAS seeks to protect Personal Information by implementing digital security systems in various parts of its website, RAS cannot accept responsibility for the security of information sent to or receive by RAS over the Internet or for any unauthorised access or use of that information. Where there are links to websites outside RAS, RAS cannot ensure that the privacy of others will be protected in accordance with this policy. Visitors should consult these other websites’ privacy policies as RAS has no control over them and is not responsible for any information that is submitted to or collected by these third parties. Transfer of Personal Information Overseas RAS does not currently transfer to or store Personal Information in countries outside of Australia. RAS does not intend to do so in the future. This Policy will be updated if this intention changes in the future. Access and Correction RAS will take reasonable steps to make sure that any Personal information collected, used and disclosed is accurate, complete and up-to-date. Disclosers may request access to the information RAS maintains by contacting us as set out below. Unless informed otherwise, RAS assumes that any request for access relates to current records about the Discloser. These current records include Personal Information which is included in the RAS databases and paper files, and which may be used on a day to day basis. RAS may, but is not obliged to, archive any out of date Personal Information. If a Discloser believes that its Personal Information is not accurate, complete or up to date, request for correction can be made. RAS will consider all requests for correction in a timely manner. RAS reserves the right to charge an administrative fee for access and updating requests. RAS may reject a request to access Personal Information if: the request is frivolous or vexatious; providing access would have an unreasonable impact on the privacy of another person; providing access would pose a serious and imminent threat to the life or health of any person; providing access would prejudice RAS’s legal rights; there are other legal grounds to deny the request. Links The RAS website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, RAS is not responsible for the privacy practices of, or any content on, those linked websites, and has no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from the RAS Policy, so RAS encourages individuals to read them before using those websites. Privacy Complaints If you think that RAS has breached an APP or if you are dissatisfied with the manner in which your Personal Information has been dealt with, you should contact RAS directly by emailing firstname.lastname@example.org. Your complaint should include a brief description of your privacy concern, any action or dealings you have had with RAS staff members regarding your privacy complaint and your contact details. Please allow RAS 30 days to provide a response. If you are dissatisfied with our response you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) about your privacy concerns.