Skip to main content

POLICY STATEMENT

NCOSS is committed to protecting and upholding the right to privacy of staff, volunteers, Board members and representatives of agencies we deal with.

NCOSS is required to comply with the Privacy Act 1988 (Cth) and the Privacy and Personal Information Act 1988 (NSW) (PPIP Act). To the extent that NCOSS handles health information NCOSS is also required to comply with the Health Records and Information Privacy Act 2022 (NSW)

The Privacy Act requires NCOSS to comply with the 13 Australian Privacy Principles (AAPs) and to prepare a Privacy Policy. The PPIP Act requires NCOSS to follow follow the 12 Information Protection Principles  and to prepare a Privacy Management Plan detailing:

  • The policies and practices that ensure compliance by the agency with the requirements of the PPIP Act
  • How these policies and practices are disseminated to persons within the agency
  • The procedures which NCOSS proposes to follow in relation to internal reviews under Part 5 of the PPIP Act
  • Any other matters which NCOSS considers relevant to privacy and to the protection of personal and health information.

NCOSS’ Privacy Management Plan is outlined in the procedures below.

This policy will apply to all records, whether hard copy or electronic, containing personal information about individuals, and to interviews or discussions of a sensitive personal nature.

PROCEDURES

1. Dealing with personal information

In dealing with personal information, NCOSS staff will:

  • Only collect and store personal information if it is for a lawful purpose that is related to one of our functions, and it is reasonably necessary for us to have the information;
  • Ensure that people know what sort of personal information is held, for what purposes it is held and how it is collected, used, disclosed and who will have access to it;
  • Take reasonable steps to protect all personal information from misuse, loss and unauthorised access, modification or disclosure;
  • Ensure personal information is not shared, sold, rented or disclosed other than as described in the NCOSS  Privacy policy or by law;

2. Types of personal information collected

NCOSS may collect the following types of information:

  • Name
  • Address
  • Email
  • Fax
  • Telephone
  • Profession/occupation/job title
  • Details of service provided and additional information necessary to deliver those products and services and to respond to enquiries
  • Additional information that is provided directly through use of the NCOSS website or online presence, through NCOSS representatives or otherwise
  • Information provided by members, through our service centre, surveys or visits by NCOSS representatives from time to time
  • Employee information i.e to process payroll, report to ATO and pay superannuation contributions.

NCOSS may also collect information that is not classified as personal information because it does not identify individuals. Eg NCOSS may collect anonymous answers to surveys or aggregated information about how the NCOSS website is used.

NCOSS may distribute direct marketing communications and information about NCOSS products and services. These communications may be sent in various forms including mail, SMS, and email in accordance with marketing laws such as the Spam Act 2003 (Cth). If there is a preference for a method of communication, NCOSS will endeavour to use that method whenever practical to do so. Recipients may opt out of receiving marketing communications from NCOSS by contacting info@ncoss.org.au or by using opt-out facilities provided in the marketing communications and NCOSS will ensure the name is removed from the mailing list.

3. How personal information is collected

NCOSS collects personal information directly from individuals.  When collecting personal information NCOSS may collect in a number of ways including:

  • Through the individual’s use of the NCOSS website;
  • During conversations between the individual and the NCOSS representative; and
  • When the individual completes an application or purchase order.

NCOSS may also collect personal information about individuals indirectly including:

  • where an individual has authorised collection of the information from a third party;
  • where a person is under 16 years of age, information may be collected from a parent or guardian;
  • from government entities.

All forms used by NCOSS to collect personal information (including membership and registration forms) will carry a statement to the effect that personal information is only used for the purpose indicated on the form and that the information gathered is subject to protection under the NCOSS Privacy policy.

Cookies

NCOSS may collect personal information through the use of cookies. When the website is accessed NCOSS may send a “cookie” (a small summary file containing a unique ID number) to the user’s computer. This enables NCOSS to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. NCOSS uses this to research users’ habits to improve NCOSS online products and services. These cookies do not collect personal information. Users who do not wish to receive cookies can set their browser to not accept them.

NCOSS may also log IP addresses (that is, the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track users movements, and gather broad demographic data.

4.  Remaining Anonymous

If individuals cannot or do not wish to provide the personal information described above, it may be difficult for NCOSS to provide the requested products r services (either to the same standard or at all). Further, NCOSS may not be able to provide individuals with requested information about products r services

5. Purposes for which personal information may be collected, held, used and disclosed

NCOSS uses personal information as permitted by law, including for the primary purpose for which it was collected, a related secondary purpose, or otherwise with the consent of the individual.

NCOSS may collect, hold, use and disclose personal information for the following purposes:

  • To provide products and services;
  • To answer enquiries and provide information or advice about existing and new products or services;
  • To provide you with access to protected areas of our website;
  • To assess the performance of the website and to improve the operation of the website;
  • To conduct business processing functions;
  • For the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes of NCOSS, its related contractors or service providers;
  • To provide updated personal information to NCOSS contractors or service providers;
  • To update NCOSS records and keep contact details up to date;
  • To process and respond to any complaints;
  • To comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (or political sub- division of a country).

6. To whom personal information may be disclosed

NCOSS may disclose personal information as permitted by law, including to:

  • NCOSS employees, contractors or service providers for the purposes of operation of the NCOSS website or business, fulfilling requests, and to otherwise provide products and services including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants;
  • Suppliers and other third parties with whom NCOSS has commercial relationships, for business, marketing, and related purposes;
  • Government agencies from whom NCOSS receives funding, in accordance with the terms of a funding agreement.  For example, for the purpose of auditing NCOSS' compliance with a funding agreement; and
  • Any organisation for any authorised purpose with the express consent of the owner of the personal information.

Any disclosure will be in accordance with NCOSS' privacy obligations.

7. Direct Marketing

NCOSS may distribute direct marketing communications and information about NCOSS products and services. These communications may be sent in various forms including mail, SMS, and email in accordance with marketing laws such as the Spam Act 2003 (Cth). If there is a preference for a method of communication, NCOSS will endeavour to use that method whenever practical to do so. Recipients may opt out of receiving marketing communications from NCOSS by contacting info@ncoss.org.au or by using opt-out facilities provided in the marketing communications and NCOSS will ensure the name is removed from the mailing list.

8. Responsibilities for managing privacy

  • All staff are responsible for the management of personal information to which they have access, and in the conduct of research, consultation or advocacy work. Staff members should raise any concerns they have regarding privacy with their supervisor.
  • Media and Communications Officer  is responsible for content in NCOSS publications, communications and website ensuring the following:
    • Appropriate consent is obtained for the inclusion of any personal information about NCOSS personnel
    • Information being provided by other agencies or external individuals conforms to privacy principles
    • That the website contains a privacy statement that makes clear the conditions of any collection of personal information from the public through their visit to the website.
  • Operations Manager is responsible for safeguarding personal information relating to NCOSS staff, Board members, volunteers, contractors and NCOSS members.
  • CEO and Operations Manager are responsible for over sighting the organisation’s Privacy Management Plan.
  • The NCOSS Privacy Contact Officer: The NCOSS Privacy Contact Officer will be the NCOSS Operations Manager. The NCOSS Privacy Contact Officer will be responsible for:
    • Ensuring that all staff are familiar with the Privacy Policy and administrative procedures for handling personal information
    • Handling any queries or complaint about a privacy issue
    • Acting as the point of contact for liaison with the Information and Privacy Commission New South Wales (IPC NSW).

9. Internal review

A person wishing to make a complaint about the handling of their personal information (including health information) or about a breach of their privacy may lodge their concern with the NCOSS Privacy Officer who will investigate their concern and:

  • Notify the Information and Privacy Commissioner NSW (IPC NSW) that they have received the application for internal review
  • Keep IPC NSW informed of the progress of the internal review
  • Consider any relevant material submitted by the applicant or by IPC NSW
  • Complete the review as soon as possible
  • Once the review is finished, notify the applicant and IPC NSW of the findings of the review (and the reasons for those findings), and the action proposed to be taken
  • Notify the applicant of any other rights they may have including making a complaint to the IPC NSW or Office of the Australian Information Commissioner for breaches of the Privacy Act.

Once the review is finished, NCOSS may take no further action, or it may do one or more of the following:

  • Make a formal apology
  • Take remedial action
  • Provide undertakings that the conduct will not occur again
  • Implement administrative measures to ensure that the conduct will not occur again.