CRM Online is required by the Privacy Act 1988 (Cth) (Privacy Act) to comply with the National Privacy Principles (NPP) (subject to the other provisions of the Privacy Act). The NPPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal. CRM Online is also required to comply with the Spam Act 2003 (Cth) (Spam Act) and the Do Not Call Register Act 2006 (Cth) (Do Not Call Register Act).
WHAT IS PERSONAL INFORMATION?
Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Examples include an individual’s name, address, contact number and email address.
Special provisions apply to the collection of personal information which is sensitive information. Sensitive information includes (for example) information about a person’s membership of a professional or trade association.
COLLECTION OF PERSONAL INFORMATION BY CRM ONLINE
To the extent required by the Privacy Act:
- CRM Online will not collect personal information about you unless that information is necessary for one or more of our functions or activities
- CRM Online will collect personal information only by lawful and fair means and not in an unreasonably intrusive manner
When CRM Online collects personal information directly from you, we will take reasonable steps at or before the time of collection to ensure that you are aware of certain key matters, such as the purposes for which we are collecting the information, the organisations (or types of organisations) to which we would normally disclose information of that kind, the fact that you are able to access the information and how to contact us (for example, where personal information is collected on a form, we will generally include a written privacy statement on the form which sets out these details).
CRM Online will collect your personal information directly from you where it is reasonable and practicable to do so. Where CRM Online collects information about you from a third party, we will still take reasonable steps to ensure that you are made aware of the details set out above.
USE AND DISCLOSURE OF PERSONAL INFORMATION
If CRM Online uses or discloses your personal information for a purpose (secondary purpose) other than the main reason for which it was originally collected (primary purpose), to the extent required by the Privacy Act, we will ensure that:
- the secondary purpose is related to the primary purpose of collection (and directly related in the case of sensitive information), and you would reasonably expect that CRM Online would use or disclose your information in that way;
- you have consented to the use or disclosure of your personal information for the secondary purpose:
- the use or disclosure is required or authorised by or under law; or
- the use or disclosure is otherwise permitted by the Privacy Act (for example, as a necessary part of an investigation of suspected unlawful activity)
To the extent required by the Privacy Act, CRM Online will take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, complete and up to date
- protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act
CRM Online will generally provide individuals with the option of not identifying themselves when entering into transactions when it is lawful and practicable to do so.