The Board of The Australian Clinical Psychology Association (ACPA) is committed to protecting the privacy of personal information which ACPA collects, holds, and administers. Personal information is information which directly or indirectly identifies a person.
The purpose of this document is to provide a framework for ACPA in dealing with privacy considerations.
ACPA collects and administers a range of personal information for the purposes of ACPA membership and its products and/or services, and to provide excellent customer service. ACPA is committed to protecting the privacy of personal information it collects, stores, and administers.
ACPA is bound by laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
- Collect only information which the organisation requires for its primary function;
- Ensure that stakeholders are informed as to why we collect the information and how we administer the information gathered;
- Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent;
- Store personal information securely, protecting it from unauthorised access; and
- Provide stakeholders with access to their own information, and the right to seek its correction.
ACPA’s Board and the Executive Officer are responsible for developing, adopting, and reviewing this policy.
ACPA’s President, Board and Executive Officer are responsible for the implementation of this policy, for monitoring changes in Privacy legislation, and for advising on the need to review or revise this policy as and when the need arises.
In this policy:
- Personal information has the meaning given under the Privacy Act but, in short means information or an opinion relating to an individual that can be used to identify that individual.
- Privacy Act means the Privacy Act 1988 (Cth) including the Australian Privacy Principles (as amended from time to time.)
- Sensitive Information has the same meaning as under the Privacy Act
- Services mean the services that ACPA provides
What Personal Information does ACPA collect?
To provide individuals with ACPA’s services, ACPA needs to collect Personal Information. If any of the Personal Information provided to ACPA is incomplete or inaccurate, ACPA may be unable to provide its service or the quality of ACPA’s service may be compromised. The personal information ACPA collects may include:
- Name, email address, telephone numbers and address
- Personal Information (including Sensitive Information) provided to us by an individual or third party
- Bank details, credit card details and expiry dates
- Information contained in a CV if applying for a position with us
- Information relating to the matter in which ACPA is acting for an individual
ACPA collects personal information that is entered on our website, digital platforms or are otherwise volunteered to us. This includes among other things, registration for ACPA Membership or request of information.
Personal Information means information relating to an individual who can be identified from that data. Data can be stored electronically or in paper-based filing systems.
- Only collect information that is relevant and necessary for the performance and primary function of ACPA and compatible with the purposes for which the information was collected and/or was consented to.
- Collect information directly from its members. This may be via the telephone, email, mail, fax or directly through ACPA’s website or other digital platforms.
- Collect and store all correspondence from ACPA’s website, other digital platforms, email, and handwritten correspondence. This applies particularly to membership applications, renewals, membership category changes, support offered, accounts, member services and correspondence.
- Collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
- Notify stakeholders about why we collect the information and how it is administered.
- Notify stakeholders that this information is accessible to them.
- Collect personal information from the person themselves wherever possible.
- If collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected.
- Collect Sensitive information only with the person’s consent or if required by law. (Sensitive information includes health information and information about religious beliefs, race, and others).
Use and Disclosure
- Only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose. Any details collected from ACPA members is required to provide membership of ACPA and its products and/or services.
- For other uses, ACPA will obtain consent from the affected person.
- In relation to a secondary purpose, use or disclose the personal information only where:
a secondary purpose is related to the primary purpose and the individual would reasonably have expected us to use it for purposes; or
the person has consented; or
certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health, or safety.
- Use personally identifiable information for essential communications, such as emails, accounts information, and critical membership details. We may also use this information for other purposes, including some broadcast emails to keep you informed of important information from the National Board of ACPA. If at any time a member wishes not to receive such correspondence, they can request to be removed from any mailing lists by opt out or emailing us at [email protected]
ACPA will notify the individual when personal information is collected by any third party, that is not ACPA’s agent/service provider, so an informed choice as to whether or not to share the information with that party can be made.
- May use at its discretion other third parties to provide essential services on ACPA’s website, digital platforms or for ACPA’s business processes. We may share your details as necessary for the third party to provide that service. These third parties are prohibited from using your personally identifiable information for any other purpose.
ACPA does not share any information with third parties for any unknown or unrelated uses.
- In relation to personal information which has been collected from a member or individual, use the personal information for membership communication, where that person would reasonably expect it to be used for this purpose, and ACPA has provided an opt out and the opt out has not been taken up.
- Make no charge for making a request for personal information, correcting the information, or associating a statement regarding accuracy with the personal information.
- Ensure that each written member communication with the individual must set out ACPA’s business address and telephone number and, if the communication with the individual is made by fax, email or other electronic means, a number or address at which ACPA can be directly contacted electronically.
- If ACPA has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities, the organisation may make such disclosures.
- ACPA may further disclose personal information if its disclosure is mandated by an enforcement body or is required for the following:
- the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
- the enforcement of laws relating to the confiscation of the proceeds of crime;
- the protection of the public revenue;
- the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
For the purpose of this Clause, ACPA must make a written note of the use or disclosure.
Access to Collected Information and ACPA Membership
Members may correct, update, delete or deactivate personally identifiable information by accessing their membership account through ACPA’s website or by emailing ACPA at [email protected] If an eligible clinical psychologist applies for ACPA membership, changes the membership status, renews membership or purchases an ACPA service, ACPA will request certain personally identifiable information.
- Postal address
- Financial information (credit card number, expiration date)
ACPA uses this information for billing purposes and to fill your orders. If ACPA has difficulties processing an order, the required information will be used to contact a member or membership applicant.
Storage of Collected Information
- Implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification, or disclosure.
- Before ACPA discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. ACPA will have systems which provide sufficient security.
- When entering personal information (such as credit card numbers) on ACPA’s website, ACPA’s website encrypt that information using secure socket layer technology (SSL). When Credit Card details are collected, ACPA simply passes these details on to be processed as required. ACPA does not permanently store complete Credit Card details.
ACPA follows generally accepted industry standards to protect the personal information submitted, both during transmission and once received. For any questions about Website security, ACPA can be contacted via [email protected]
- Ensure that ACPA’s data is up to date, accurate and complete.
Destruction and de-identification
Destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones.
- Change information to a pseudonym or treat it anonymously if required by the person whose information ACPA holds and will not use any government related identifiers unless they are reasonably necessary for our functions.
- Take reasonable steps to ensure the information ACPA collects is accurate, complete, up to date, and relevant to the functions we perform.
Data Security and Retention
- Only destroy records in accordance with ACPA’s Records Management Policy.
- Make this information freely available in relevant publications and on the organisation’s website.
- On request by a person, ACPA must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
Access and Correction
- Ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading or not up to date.
- If the individual and ACPA disagree about whether the information is accurate, complete and up to date, and the individual asks ACPA to associate with the information a statement claiming that the information is not accurate, complete or up to date, ACPA will take reasonable steps to do so.
- Provide to the individual its reasons for denial of access or a refusal to correct personal information.
Withhold the access of an individual to his/her information if:
- the request for access is frivolous or vexatious; or
- providing access would pose a serious and imminent threat to the life or health of any individual; or
- providing access would have an unreasonable impact upon the privacy of other individuals; or
- the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
- providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- providing access would be unlawful; or
- providing access would be likely to prejudice an investigation of possible unlawful activity; or
- an enforcement body performing a lawful security function asks ACPA not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
- Where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision making process, ACPA may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
- If ACPA decides not to provide the individual with access to the information on the basis of the above mentioned reasons, ACPA will consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
Allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.
Making information available to other organisations.
- Release information to third parties where it is requested by the person concerned.
If ACPA decides: