QRME Australian Privacy Principles (APP) Policy

Similar documents
PRIVACY POLICY. 1. OVERVIEW MEGT is committed to protecting privacy and will manage personal information in an open and transparent way.

Policies and Procedures

Privacy in relation to VET Student Loans

AIA Australia Limited

PRIVACY Policy. 1. Policy Statement. 2. Purpose. 3. Policy

Privacy Policy. Cabcharge will only collect personal information which is necessary for the operation of its business.

A guide to the new privacy landscape for the Commonwealth Government

The Privacy Policy links to the following Objective contained within the City Plan

About the 2015 AGPT Program Policies

Privacy Policy. This Privacy Policy sets out the Law Society's policies in relation to the management of Personal Information.

Privacy. Purpose. Scope. Policy. Appendix A

University of Wollongong

Nestlé Canada Inc. Privacy Policies and Practices April 13, 2012

CCTV, videos and photos in health, aged care and retirement living and disability facilities your rights and obligations

Aviation Security Identification Card (ASIC) Application Form S002

Aviation Security Identification Card (ASIC) Application Form S002

Implications of changes to the Privacy Act 1988 for the market and social research industry

NATIONAL POLICE HISTORY CHECK INFORMATION. Western Australian Education and Training Sectors

PRIVACY POLICY DOT DM Corporation Commonwealth of Dominica cctld (.dm)

Policy: Notifiable Data Breach

Condominium Management Regulatory Authority of Ontario Access and Privacy Policy

Canadian Anti-Doping Program Privacy and Personal Information Policy. processed by the CCES in the course of administrating and implementing the CADP.

Guidance on Telecommunications Directories Information Covering the Fair Processing of Personal Data

PRIVACY MANAGEMENT PLAN

Data Protection Policy. Malta Gaming Authority

DATA SHARING AND PROCESSING

FOUR SEASONS HOTELS BOGOTÁ PERSONAL DATA TREATMENT POLICY HOTELES CHARLESTON BOGOTÁ S.A.S.

Lex Mundi Data Privacy Guide: Focus on the Asia/Pacific Region

SUPERVISED LEGAL PRACTICE GUIDELINES

Policy To Protect Personal Information

European College of Business and Management Data Protection Policy

ACCESS AND PRIVACY POLICY

APPLICATION FOR GENERAL EMPLOYEE POSITION 2017

Health Records and Information Privacy Act 2002 No 71

Data Protection Policy

Privacy Guidelines. 1. Introduction

Port Glasgow St Andrew s Data Protection Policy

DATA PROTECTION POLICY STATUTORY

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

Data Protection Policy

Mandatory data breach reporting comes to Australia new notification requirements under the Privacy Act (2018) 15(4) PRIVLB 54

DISABILITY SERVICES EMPLOYMENT SCREENING

Application for criminal history screening prescribed notice (yellow card)

POLICY_POL04_Data Breach DATA BREACH RESPONSE RATIONALE SCOPE RESPONSIBILITY DEFINITIONS POLICY. 1 TLC_policy_POL04_Data Breach_CBA_1.

PUBLIC INTEREST DISCLOSURE POLICY

standards for appropriate ethical, responsible and professional behaviours

informed consent form

Official Gazette No. 55 issued on 8 May Data Protection Act. of 14 March 2002

BCB. Blue card business application NEW/RENEWAL. Blue Card Services Department of Justice and Attorney-General

Staff Data Protection Policy

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Department of Natural Resources and Mines. Personal Identification Information in Property Data Code of Conduct

1 October Code of CONDUCT

Australian Football Member Protection Policy August 2013

Data protected. A report on global data protection laws in 2015.

precise background services telstra employment pack 1

Our ref: FOI June Phillip Sweeney via Dear Mr Sweeney

Australian Government Department of Immigration and Border Protection

Data Protection Policy

Queensland Blue Card Application Instructions

HAVE RECENT CHANGES TO FOI CAUSED A SHIFT IN AGENCIES PRACTICES?

2018/19 APPLICATION FOR GRANT OF AN AUSTRALIAN REGISTRATION CERTIFICATE AS AN AUSTRALIAN-REGISTERED FOREIGN LAWYER IN NEW SOUTH WALES

Identity Cards Bill EXPLANATORY NOTES. Explanatory notes to the Bill, prepared by the Home Office, are published separately as Bill 9 EN.

complete this QUT will section for you this section Blue card application Insert your name NEW/RENEWAL

Interstate Commission for Adult Offender Supervision

Law Enforcement processing (Part 3 of the DPA 2018)

Individual Rights (Data Privacy) Policy

Brussels, 16 May 2006 (Case ) 1. Procedure

GOLD COAST SCHOOLIES COMMUNITY SAFETY RESPONSE POSITIVE NOTICE (BLUE CARD) PAPERWORK CHECKLIST

Fraud and Corruption Prevention Policy

Blue card application

Data Protection Policy and Procedure

House Standing Committee on Social Policy and Legal Affairs

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

REGISTRATION FOR A SCHOOL PSYCHOLOGIST/COUNSELLOR OR SPEECH PATHOLOGIST POSITION IN THE DIOCESE OF MAITLAND-NEWCASTLE

Schools' HR model whistleblowing procedure Jan

Data Protection Policy

Public Interest Disclosures Procedure

Security Providers Form 1-1

MUTHOOT MICROFIN LIMITED

FOR THE OFFICE OF THE POLICE OMBUDSMAN FOR NORTHERN IRELAND

Memorandum of Understanding. between. HM Land Registry. and. Solicitors Regulation Authority (SRA)

Saskatoon Zoo Foundation Inc. Ticket Purchase Policies, Donation Policies and Privacy Policies

Access to Information

Accreditation for Migration Purposes

Complaints to the Ombudsman

Department of the Premier and Cabinet Circular. PC032 Lobbyist Code of Conduct. October 2009

CHAPTER I. Definitions

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

APPLICATION FOR GRANT OF AN AUSTRALIAN PRACTISING CERTIFICATE AS A VOLUNTEER SOLICITOR AND MEMBERSHIP OF THE LAW SOCIETY OF NEW SOUTH WALES

32000D0520. Official Journal L 215, 25/08/2000 P

The Liberal Party of Australia Western Australian Division APPLICATION FOR ENDORSEMENT NOTES FOR APPLICANTS

Data Protection Act 1998 Policy

THE MEDICAL COUNCIL OF HONG KONG

AVIATION SECURITY IDENTIFICATION CARD (ASIC) APPLICATION

The Ministry of Technology, Communication and Innovation and The Data Protection Office. Workshop On DATA PROTECTION ACT 2017

HONG KONG DEALER ELECTRONIC SERVICE AGREEMENT

1. What sort of passenger information will be transferred to US authorities?

Appointment of a migration agent or exempt agent or other authorised recipient

Transcription:

QRME Australian Privacy Principles (APP) Policy Contact Officer Approval Date 07/04/2014 Approval Authority Privacy Officer/Chief Executive Officer QRME CEO Date of Next Review 07/04/2015 Definitions Australian Privacy Principles (APP) that regulate the handling of personal information by both Australian government agencies and businesses. Personal Information means information or an opinion (including information on an opinion forming part of a database) whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. Sensitive Information personal information about an individual s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices or criminal record. Open and Transparent Management of Personal Information Queensland Rural Medical Education Ltd (QRME) is committed to complying with the Australian Privacy Principles (APPs) as provided in the Privacy Amendment Act 2012. In addition, QRME complies with the Health Records Act 2001 and all other applicable legislation. Further information on the Privacy Amendment Act 2012 and the Australian Privacy Principles can be accessed via the Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au. The APP policy is available to all stakeholders. The policy may be accessed on the QRME website (www.qrme.org.au), through the QRME Server Policies or a copy may be obtained from Quickbase. A copy of the APP policy will be provided on request. QRME has committed to comply with all Australian privacy legislation by appointing a Privacy Officer to provide information, advice and to monitor adherence to the APP across the organisation. The position of Privacy Officer is to be assumed by the Chief Executive Officer (CEO). The APP policy will be reviewed annually with reference to the relevant legislation. Any amendments will be actioned and communicated to all stakeholders. Page 1 of 5

Personal Information QRME Collects QRME will only collect personal information that is reasonably necessary to conduct its core functions or activities. Examples of personal information that QRME collects includes: Page 2 of 5 Your name, residential and work contact details Your academic and employment history including medical registration details, exam results or supervisor feedback Your family background QRME may collect personal information which is regarded as sensitive information (as defined under the Act). An example of sensitive information QRME collects includes: Your medical history Your racial or ethnic origin Any indigenous affiliation Sensitive information that is collected will be treated with the utmost security and confidentiality. Collection of Personal Information QRME will collect information by lawful and fair means. QRME will include a statement on any of its forms and templates indicating that the information requested is related to QRME s primary functions or activities. At or before the time of collection, QRME will take reasonable steps to ensure that the individual is aware of: The contact details for QRME and the Privacy Officer How information will be collected and stored The purpose for which the information is collected, used or disclosed How an individual may access personal information that is being held by QRME How to make a complaint regarding a breach of the Australian Privacy Principles Third parties to whom the information may be disclosed to Any law or contractual agreement that requires the information to be collected; and The consequences (if any) for the individual if the information is not provided. Information must be collected directly from an individual. Personal information is not collected for any purposes other than those for which QRME has obtained the individual s consent, unless the law requires otherwise, or where other exceptional circumstances prevail as described under the Act or under QRME s contractual obligations with GPET. Information is not to be collected from third parties, unless the collection is required or authorised under the Act, or under QRME s contractual obligations with GPET. If personal information is collected from a third party, all reasonable steps will be taken to ensure that the individual is aware: That the information has been collected from another source How the information will be used Any other person or body to whom the information may be shared, or disclosed to QRME will determine whether unsolicited personal or sensitive information that it has received is collected for the purposes that solely relate to QRME s primary functions or activities. If it is determined that QRME has received or collected unsolicited information, QRME will destroy or deidentify the information in a timely manner.

Use or Disclosure of Personal Information In the course of its primary functions and activities, QRME may use or disclose personal information to third parties. Examples of how QRME may use information collected includes: To administer and process applications for the Australian General Practice Training Program (AGPT) and the Prevocational General Practice Placements program (PGPPP) in conjunction with GPET To manage the training and education of registrars with the Royal Australian College of General Practioners (RACGP) and the Australian College of Rural and Remote Medicine (ACRRM) To provide reports to the Department of Health and other Commonwealth agencies as necessary To promote and market QRME programs to prospective applicants QRME will only use or disclose information for the purposes for which it is being collected (primary purpose). The information may be used or disclosed for secondary purposes such as information that is related to the primary purpose, or the individual would reasonably expect the use or disclosure of the information for a secondary purpose, or QRME has the consent of the individual concerned to use or disclose the information. QRME may also use or disclose information where consent to do so has been given by the individual, as part of the arrangements for training to be undertaken by an outside organisation or individual, as required by law or under other circumstances where permitted under the Act. QRME will not handover information to any third parties except in certain circumstances where: Consent of the individual concerned is obtained The information is required by AGPT (GPET or the Department of Health) or the two General Practice Colleges (RACGP and ACRRM) The information is transferred for the benefit of the individual Or as otherwise allowed under the Acts or required/authorised by or under law. It can reasonably be expected that information collected will be disclosed to: General Practice Education and Training (GPET) and other Regional Training Providers (RTPs) General Practices, Supervisors and Practice Managers Agencies involved with relevant official administration, monitoring, registration and verification activities including the Department of Human Services (Medicare Australia), the Department of Health, the Australian Health Practitioner Regulation Agency (AHPRA), RACGP and ACRRM Contractors or agents who provide services to us, for example, medical educators or off site data storage facilities. It may be necessary for QRME to send personal information overseas, for example an overseas medical practice or training provider. Information will not be sent outside Australia without consent, or unless the transfer complies with APP 8 (Cross Border Disclosure of Personal Information), or where QRME are obliged to do so under contract with the Commonwealth Government. QRME will not use or disclose personal information for direct marketing purposes unless it is required for QRME s core functions and activities. Where possible, information will be de identified before use. Page 3 of 5

More specific information about the way in which information is used or disclosed can be obtained upon request by QRME s Privacy Officer. Accuracy and Security of Personal Information QRME will take all reasonable steps to ensure that the data it collects is accurate, complete, relevant and up to date, and has been obtained directly from individuals or other reputable sources. Periodic reviews will be conducted by QRME and the individuals themselves, to ensure the quality and accuracy of data. QRME will take all reasonable steps to ensure that personal information is protected from misuse, interference or loss, or from unauthorised access, modification or disclosure. QRME uses a range of physical and electronic security measures to ensure that the personal information collected by QRME is protected and managed confidentially. Information that is collected will be stored as a hard copy in a secure location or stored electronically with password protection. QRME shall ensure that personal information is stored for only as long as is reasonably necessary. QRME has an obligation to destroy or de identify personal information appropriately when no longer required, or in certain circumstances. An individual can request to deal with QRME without identifying themselves or by using a pseudonym, for example, making a complaint. If it is practicable to do so, QRME will take measures to ensure that information provided on an anonymous or pseudonymous basis is not linked with other information held about the individual. Unauthorised disclosure of, or access to, personal information by QRME employees, contractors or agents, will be regarded as a serious breach of this policy. Appropriate action, which may include disciplinary or legal action, will be taken in such cases. Access to, and Correction of, Personal Information An individual may request access to personal information about the individual that is held by QRME. If the information is not readily available, the request must be made in writing to the QRME Privacy Officer in accordance with the Freedom of Information Act. QRME will respond within 5 business days after the request is made, and will give access in the manner requested if it is reasonable and practicable to do so. QRME may deny access to information in accordance with the exemptions contained in the Act (Privacy Principle 12.3). If access is refused, QRME will provide a reason for the refusal and take such steps to grant access through the use of a mutually agreed intermediary. If an individual is able to establish that the information held by QRME is inaccurate, out of date, incomplete, irrelevant, or misleading, QRME will take reasonable steps to amend the information. If QRME refuse an individuals request to amend or update personal information, written notice will be provided setting out the reasons for the refusal, the mechanisms available to complain about the refusal, and any other matter prescribed by regulations. Page 4 of 5

Complaints Procedure Concerns regarding the management of personal information, and compliance with the Australian Privacy Principles, by QRME, should be directed to the Privacy Officer (contact details below). The QRME Grievance Policy has been established to provide details on how an individual may make a complaint. Under the Privacy Act, the Privacy Commissioner has the power to investigate complaints, acts or practices that may be a breach of privacy even if there is no complaint. If an individual makes a complaint about a QRME practice that is believed to amount to arbitrary or unreasonable interference with an individuals privacy; and the individual does not believe that the matter has been resolved satisfactorily, the individual should either write to the Privacy Commissioner setting out the details of the practices which are believed to interfere with an individuals privacy, or telephone the Privacy Hotline 1300 363 992 (local call charge). Further information on the complaints process is available in the QRME Complaint Resolution Policy. Privacy Officer (CEO) Queensland Rural Medical Education PO Box 2076 Toowoomba Qld 4350 s.kitchener@qrme.org.au Tel: 07 4638 7999 Fax: 07 4638 7980 Document History Date Description Author/Reference Version 20 March 2013 Review HR 19 March 2014 Change to Australian Privacy Principle Policy HR Version 1 Policy Reviewed and Approved by QRME CEO: Name Scott Kitchener Signature Date 07/04/2014 Page 5 of 5

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback