Policies

1. In the course of our business, there may be circumstances where we collect personal information.

Our privacy policy has been developed to ensure that such information is handled appropriately.

2. We are committed to complying with the Privacy Act 1988 (Cth) (“the Privacy Act”) in relation to all personal information we collect. This commitment is demonstrated in this policy. The Privacy Act
incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated.

3. This policy applies to any person for whom we currently hold, or may in the future collect, personal information.

4. This policy does not apply to acts and practices which relate directly to the employee records of our current and former employees.

5. In broad terms, ‘personal information’ is information or opinions relating to a particular identifiable individual. Information or opinions are not personal information where they cannot be
linked to a particular individual.

Types of personal information that we collect and hold:

6. We are a business and industry representative body and collect and hold different types of information to assist us to achieve our organisational objectives. Generally, the types of information
that we may collect and hold include:
(a) contact information;
(b) financial information;
(c) business circumstances;
(d) employment history;
(e) date and place of birth;
(f) expertise and interests;
(g) insurance history;
(h) banking and credit card details;
(i) driver’s licence and other photographic information;
(j) information otherwise required by law; and
(k) any other personal information required to perform our services.

7. Sensitive information is a subset of personal information and includes personal information that could have serious ramifications for the individual concerned if used inappropriately.

8. The sensitive information that we collect and hold about a person may include:
(a) health information;
(b) racial or ethnic origins;
(c) political opinions and membership of political associations;
(d) religious beliefs or affiliations;
(e) philosophical beliefs;
(f) membership of professional or trade associations or unions;
(g) criminal records;
(h) genetic information;
(i) any sensitive information required to be disclosed by law; and
(j) any other sensitive information required to perform the service to the person.

9. We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.

10. In limited circumstances, it may be possible for an individual to use a pseudonym or remain anonymous when dealing with us. If an individual wish to use a pseudonym or remain anonymous,
they should notify us when making first enquiries. It should be noted that this may affect our ability to perform the services that we offer to you.

How we collect and hold personal information

11. Where reasonable and practicable, we will collect personal information directly from the individual to whom the personal information relates.

12. However, we may also collect personal information from numerous other sources. It is not possible to provide an exhaustive list of these sources, but they may include:
(a) professional advisors or agents;
(b) banks and financial institutions;
(c) government bodies;
(d) insurance companies;
(e) businesses about their employees, contractors, customers or suppliers;
(f) feedback surveys; and
(g) from paid search providers.
13. We hold personal information:
(a) physically, on our premises;
(b) electronically;
(c) through internal servers and websites; and
(d) on electronic storage devices, including DVD and USB.

14. We will take all reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised
disclosures will not occur.

15. Some of the methods we use to store and secure information include:
(a) using unique usernames, passwords and other protections on systems that can access personal information;
(b) restricting access to information on a “needs to know basis”; and
(c) using our document retention system (locked storage area with only authorised access) for important documents and other original documents.

16. We manage the personal information we collect by:
(a) providing team members training on privacy issues;
(b) implementing procedures such as providing privacy statements when dealing with a client’s
personal information;
(c) regularly reviewing our privacy compliance, including privacy audits; and
(d) implementing security measures to keep the personal information we collect safe, including
using unique usernames and passwords on systems that can access personal information and security cards to access on-site information.

The purposes for which we collect, hold, use and disclose personal information

17. We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected.

18. The primary purpose for which information is collected is to:
(a) enable us to provide the services to the Coolum business industry and facilitate the memberships that we sell;
(b) to maintain contact with members;
(c) to notify and keep members and contacts informed of the events, services and service offer we provide; and
(d) to ensure we provide correct and up to date information regarding industrial relations and/or human resources services.

19. In the case of potential employees and/or contractors, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.

20. Personal information may also be used or disclosed by us for secondary purposes which are within the individual’s reasonable expectations and related to the primary purpose of collection.

21. For example, we may use personal information for the following secondary purposes:
(a) to process payment of invoices;
(b) to add an individual’s details to our newsletters, to inform the individual of any relevant updates
and to invite them to events that are being held (which can be unsubscribed at any time); and
(c) to collect data to be used for the purpose of lodging submissions

22. We will only disclose personal information to third parties with the relevant individual’s consent
or if the disclosure is permitted by the Privacy Act.

Disclosure of personal information to overseas recipients

23. We do not disclose personal information to overseas recipients with the exception of the website analytic statistics that may be disclosed pursuant to the Website Analytics section of this
policy below, and to MembershipWorks a cloud based software provider focussed on the supply of membership management tools.

24. We currently store, process and back-up your personal information on computer servers or networks that are “in the cloud”.
Website Analytics and Membership Works

25. We use Cookies on our website. Cookies are small text files that our site may place on your computer when you access our website.

26. Our website uses Google Analytics, a service which transmits website traffic data to Google Servers. Google Analytics stores the statistics it obtains from the Cookies on its servers which are maintained around the world. Your information may be processed on servers located outside of
Australia.

27. Our website also uses Membership works which is cloud-based provider of membership management software Your information may be processed outside of Australia, including “in the cloud”, by third party service providers of Membership Works

28. By using this website, you consent to the processing of data about you by Google in the manner described in their respective Privacy Policies. Where you access other websites from our website, we encourage you to read their privacy policy as the terms of their privacy policy apply.

29. We use Cookies to authenticate logged-in users, to anonymously collect aggregate information about visitor behaviour and to facilitate a live chat service. The majority of the information obtained anonymously through the Cookies will not be personal as they will not reveal your personal identity.
30. If you refuse the use of Cookies, you can change the appropriate settings on your browser to disable or refuse the cookie, disable JavaScript or follow Google’s opt-out service. If you do disable Cookies, you may not be able to use the full functionality of this website.

Credit information

31. We do not use a person’s personal information to assess their credit eligibility. However, during the course of providing our services, we may collect, hold and use certain credit-related information
about you.

32. The main kind of credit information we collect is an individual’s and businesses identification information.
33. We do not collect an individual’s credit information from credit reporting bodies, banks or other credit providers unless or we have been expressly authorised to do so. If we have been given such authorisation, we may request and be given (and subsequently hold) the following other kinds of credit information:
(a) information about any credit that has been provided;
(b) repayment history;
(c) information about overdue payments;
(d) if terms and conditions of credit arrangements are varied;
(e) if any court proceedings have been commenced in relation to the individual’s credit activities;
(f) information about any bankruptcy or debt agreements;
(g) any publicly available information about creditworthiness; and
(h) any information about whether an individual may have fraudulently or otherwise committed a serious credit infringement.

34. Other sources we may collect the credit information from include:
(a) banks and other credit providers; and
(b) an individual’s suppliers and creditors.

35. However, in most cases, a person will be aware that this information is being collected as part of providing our services.

36. We may also collect credit information to process payments.

37. We store and hold credit information in the same manner as outlined in paragraph 13 above.

38. We will not disclose an individual’s credit information to overseas entities unless expressly requested, apart from the extent that it is necessary or desirable to make such a disclosure to obtain
payment of money owed to us.

39. An individual can access and correct his/her credit information, or complain about a breach of privacy in the same manner as set out in paragraphs 40 to 53 of this policy.

How to access personal information and seek correction of any personal information

40. It is important the information we hold about individuals is up-to-date. Individuals should contact us if their personal information changes. Some personal information may be amended
directly through our Members Only interface.

41. Individuals may request access to the personal information we hold or ask for their personal information to be corrected.

42. A request by an individual to access or correct personal information about the individual must be made to the following contact officer:

Contact person: Secretary
Telephone number: (07) 4031 1838
Email address: secretary (at) @coolumbusinessandtourism.com.au
Postal address: PO Box 61, COOLUM BEACH, QLD 4573

43. We will grant individual access to their personal information as soon as possible, subject to the request circumstances.

44. In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.

45. We may deny access to personal information if:
(a) the request is impractical or unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) providing access would compromise our professional obligations; or
(e) there are other legal grounds to deny the request.
46. We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.

47. If an individual is able to establish that personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-todate, where it is appropriate to do so.

How to complain about an alleged privacy breach

48. We are committed to observing the principles of the Notifiable Data Breaches Scheme contained in Part IIIC of the Privacy Act.

49. If a person wishes to complain about an alleged breach of the Australian Privacy Principles, they can contact us by using the contact details below. We may ask you to lodge your complaint to us in writing.

50. Any complaint will be investigated by the President and you will be notified of the outcome of the investigation into your complaint as soon as practicable after it is made.

51. In the event the privacy issue cannot be resolved by us, the individual may take their complaint to the Office of the Australian Information Commissioner.

52. A person can complain about a breach of privacy by contacting us using the contact details below:

Contact person: Secretary
Telephone number: (07) 4031 1838
Email address: secretary (at) @coolumbusinessandtourism.com.au
Postal address: PO Box 61, COOLUM BEACH, QLD 4573

53. We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.