Privacy policy
This statement outlines Transform4Life’s policy on how it uses and manages personal information provided to or collected by it. Transform4Life is committed to protecting the privacy of your personal information.
T4L is bound by the Australian Privacy Principles contained in the Commonwealth Privacy Act and is compliant with the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
T4L may, from time to time, review and update this Privacy Policy to take account of new laws and technology and to make sure it remains appropriate to the changing global environment.
What kind of personal information does T4L collect and how does it collect it?
The type of information T4L collects and holds includes (but is not limited to) personal information, including sensitive information, about:
- you before, during and after your use of any T4L training, education, counselling or coaching programs;
- job applicants, staff members, volunteers and contractors; and
- other people who come into contact with T4L.
T4L will only collect information that is necessary for delivering the courses, training, workshops, seminars and related services requested by you, and do so by lawful and fair means and not in an unreasonably intrusive way.
Personal Information you provide:
T4L will generally collect personal information held about an individual via use of its website and its related programs. On occasion people other than you may provide personal information – for instance, your employer. You do have the right to seek to deal with us anonymously or using a pseudonym, but in almost every circumstance it will not be practical for us to deal with you or provide any services to you except for the most general responses to general enquiries, unless you identify yourself.
Personal Information provided by other people:
In some circumstances T4L may be provided with personal information about an individual from a third party, for example a report or reference provided by another organisation or individual.
In relation to employee records:
Under the Privacy Act the Australian Privacy Principles do not apply to an employee record. As a result, this Privacy Policy does not apply to T4L treatment of an employee record, where the treatment is directly related to a current or former employment relationship between T4L and employee.
How will T4L use the personal information you provide?
T4L will use personal information it collects from you for the primary purpose of collection, and for such other secondary purposes that are related to the primary purpose of collection and reasonably expected, or to which you have consented.
Before any of your personal information is used for reporting to anyone else or for research purposes, it will be de-identified and edited to ensure your identity cannot be directly or indirectly established at any time. We abide by the principles of the Australian Market & Social Research Society’s Code of Professional Behaviour (www.amsrs.com.au).
Personal information you provide to us during any T4L training, education, counselling or coaching programs and in relation to other products and services provided to you fromT4L, will be used to:
- verify your identity;
- assist you to subscribe to our products and services;
- administer and manage those services;
- share with any persons nominated by you for the purposes of training or education programs you are part of. They are subject to the same privacy policy as well as strict confidentiality requirements;
- send you information on relevant events, products, services, and research in which you may choose to participate;
- contribute to improving the quality of our products and services;
Job applicants, staff members, volunteers and contractors:
In relation to personal information of job applicants, staff members, volunteers and contractors, T4L’s primary purpose of collection is to assess and (if successful) to engage the applicant, staff member, volunteer or contractor, as the case may be.
The purposes for which T4L uses personal information of job applicants, staff members, volunteers and contractors include:
- in administering the individual’s volunteering, employment or contract, as the case may be;
- for insurance purposes;
- engaging in marketing for T4L;
- to satisfy T4L’s legal obligations.
Where T4L receives unsolicited job applications these will be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act.
Marketing
In relation to marketing, T4L may use your personal information for direct marketing where you have provided that information, and you are likely to expect direct marketing, then you will be sent direct marketing containing an opt out. If we use your personal information obtained from elsewhere, we will still send you direct marketing information where you have consented and which will also contain an opt out. We will always obtain your consent to use sensitive information as the basis for any of our marketing. We never sell or distribute your personal information to direct marketing companies. Your consent to receiving this information will remain current until you advise us otherwise.
Who might T4L disclose personal information to?
T4L may disclose personal information, including sensitive information, held about an individual to:
- government departments;
- people providing services to T4L, including mentors, facilitators, business advisors, and trainers;
- recipients of T4L publications, like newsletters and magazines; and
- anyone you authorise T4L to disclose information to.
Where the EU General Data Protection Regulation (GDPR) Applies
Article 5 of the GDPR requires that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals.
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes.
- Adequate, relevant, limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals.
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
In certain circumstances, GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. Under these circumstances, we will disclose requested data.
You have the right to have personal data rectified and a ‘right to be forgotten’ where the retention of your data is no longer necessary in relation to the purposes for which it was collected or processed, or where you have withdrawn your consent or objects to our retention of your personal data.
If you contact us requesting personal information that we hold about you, this request will be dealt with as outlined in the following sections of this privacy policy.
You may :
- What information we hold about you and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how we are meeting our data protection obligations
Sending information overseas:
T4L will not send personal information about an individual outside Australia without:
- obtaining the consent of the individual (in some cases this consent will be implied); or
- otherwise complying with the Australian Privacy Principles or other applicable privacy legislation.
We do use overseas providers of IT services including servers and cloud services. However, we will attempt to ensure that our IT service providers process your information in a manner that ensures appropriate security of your personal data that complies with both the Australian Privacy principles and the EU GDPR regime.
How does T4L treat sensitive information?
In referring to ‘sensitive information’, T4L means:
“Information relating to a person’s racial ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences or criminal record, that is also personal information; and health information about an individual”.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or the use or disclosure of the sensitive information is allowed by law.
Management and security of personal information
T4L has in place steps to protect the personal information it holds from misuse, loss, unauthorised access, modification, interference or disclosure by use of various methods including locked storage of paper records and passworded access rights to computerised records.
T4L will take reasonable steps to ensure the information it collects is accurate, complete, up-to-date, and relevant to the functions we perform.
When you use our website, having your cookies enabled will allow us to maintain the continuity of your browsing session and remember your details when you return.
Updating personal information
T4L endeavours to ensure that the personal information it holds is accurate, complete and up-to-date. A person may seek to update their personal information held by T4L by contacting the Privacy Officer of T4L at any time.
The Australian Privacy Principles require T4L not to store personal information longer than necessary.
Under the Commonwealth Privacy Act, an individual has the right to obtain access to any personal information which T4L holds about them and to advise T4L of any perceived inaccuracy. There are some exceptions to this right set out in the applicable legislation.
To make a request to access any information T4L holds about you, please contact the Privacy Officer in writing.
T4L may require you to verify your identity and specify what information you require. Although no fee will be charged for accessing your personal information or making a correction, T4L may charge a fee to retrieve and copy any material. If the information sought is extensive, T4L will advise the likely cost in advance.
How long will T4L keep my information?
Under our destruction and de-identification policies, your personal information that is no longer required will be de-identified or destroyed. In many circumstances, however it will be kept for statistical, research and marketing purposes. However, if you specifically request it, you have a right to be forgotten and all data you have provided, whether deidentified or not, will be erased by us.
Enquiries and privacy complaints
If you would like further information about the way T4L manages the personal information it holds, please contact the Privacy Officer. If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Privacy Officer who will first deal with you, usually over the phone. If we then have not dealt satisfactorily with your concerns, we will meet with you to discuss further. If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner via:
- email: enquiries@oaic.gov.au
- tel: 1300 363 992
- fax: +61 2 9284 9666
- website: https://forms.business.gov.au/aba/oaic/privacy-complaint-