As a consequence of amendments to the Privacy Act 1988 (Privacy Act), 13 Australian Privacy Principles (APPs) have been implemented, which regulate the way we collect, store, provide access to, use and disclose personal information. The new APPs came into effect on 12 March 2014, and apply to public and private sector entities alike.
Although ARPC’s daily operations do not generally involve the collection, use and/or disclosure of any personal information, if we do so, you have the right to have your personal information kept private.
Your protections under the Privacy Act 1988
In compliance with APP 1, ARPC will take measures to ensure that your personal information is kept private. The Privacy Act and the APPs in particular provide you with a range of rights in relation to your personal information, including:
- your right to know what kind of information ARPC is collecting, how we collect it and why your information is being collected;
- your personal information can only be collected by lawful and fair means, and can generally only be used for the purpose for which it was collected;
- the requirement to seek your consent should ARPC wish to use your personal information for a secondary purpose;
- your right to see what information ARPC holds about you and to have it corrected if it is incorrect, out of date or incomplete;
- ARPC must store your personal information securely and protect it from interference or misuse;
- you can make a complaint about how your personal information has been handled by ARPC;
In accordance with the Guidelines for Federal Government World Wide Websites issued by the Australian Privacy Commissioner, the Australian Reinsurance Pool Corporation (ARPC) provides the following privacy statement.
When you visit this site the following information will be recorded by ARPC or its service providers for statistical purposes:
- a record of your server address;
- the top level domain name (for example, .com, .gov, .au);
- the date and time of your visit to the site;
- the pages accessed and documents downloaded;
- the previous site visited; and
- the type of browser that you use.
No attempt will be made to identify users of their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise its authority to inspect the Internet Service Providers log files.
Contacting ARPC by email
ARPC will only record your email address if you send us a message. It will only be used for the purpose for which you have provided it and will not be added to a mailing list. We will not use your email address for any other purpose, and will not disclose it, without your consent.
Security of the Internet
You should be aware that there may be inherent risks associated with the transmission of information via the internet. For those who do not wish to use the internet, ARPC provides alternative ways of contacting its office.
We seek website feedback from our users in order to improve the service offered by the site. Answering feedback questions is voluntary and does not in any way affect your access to ARPC’s website.
ARPC collects information about individuals from the individuals themselves or their authorised representatives. Broadly grouped, ARPC’s personal information holdings include:
- documents relating to employment (including name, contact information, government related identifiers such as Tax File Numbers, bank account information, photos, health information, birth certificates, passport information);
- documents relating to applications for employment (including qualifications, work history and referees’ reports);
- documents relating to the appointments to Commonwealth Boards (including qualifications and work history);
- documents relating to claims from insurers, i.e. claims assessor’s reports;
- distributions, mailing lists and contact lists (including telephone numbers and email addresses);
- financial and other information about tenderers, contractors and customers; and
- information provided in the course of making submissions or requests under the Freedom of Information Act 1982.
We sometimes collect personal information from a third party or from a publicly available source, but only if:
- the individual would reasonably expect us to collect their personal information in this way, or
- it is necessary for a specific purpose relating to ARPC’s functions.
From time to time, personal information is provided to us without being requested (for example, where you send us a letter or make an enquiry). When such information is received, we will handle it in accordance with our obligations under the Privacy Act. ARPC only collects personal information for purposes which are directly related to our functions or activities and only when it is reasonably necessary.
On occasion, we may collect or hold sensitive information about you (such as information regarding your health, criminal record or associations that you are a member of). Sensitive information may be collected if:
- you have consented to this collection, and the information is reasonably necessary for, or directly related to, one of our functions or activities; or
- the collection is required or authorised by or under law.
Use and disclosure
ARPC ordinarily only uses and discloses information, including personal information, for the primary purpose for which it was collected. We may also use or disclose personal information for reasonably expected secondary purposes related to the primary purpose or for other purposes permitted under the Privacy Act. This includes where the use or disclosure is required or authorised by or under law or where the individual concerned has consented to the use or disclosure, or would reasonably expect the use or disclosure to occur.
We will undertake all reasonable efforts to notify you at the time information is collected, or shortly after, if the information is likely to be passed on to another body and, if relevant, the bodies to which the information is likely to be given. ARPC does not disclose personal information to overseas recipients. If it is necessary for ARPC to disclose personal information to overseas recipients, it will only be done in accordance with the obligations under APP8.
We hold personal information on paper files, electronic files and databases. Reasonable steps are taken to ensure that all personal information in our possession or control is protected against loss, unauthorised access, misuse, disclosure or modification.
Where ARPC undertakes a project that may involve the handling of personal information in any new or changed ways which is likely to have a significant impact on the privacy of individuals, a privacy impact assessment will be conducted pursuant to the obligations set out by the Privacy Code.
We will take all reasonable steps to validate that the personal information collected is accurate, up to date and complete.
No attempt will be made to identify individual users of the ARPC website or browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise its authority to inspect the Internet Service Providers log files.
How to access/correct your personal information or make a complaint
ARPC is committed to protecting your privacy. Personal information that we hold about you can be accessed and/or corrected upon request, in accordance with applicable laws.
We will treat any accidental or unauthorised disclosure of personal information seriously and deal with it promptly. If concerns are noted regarding a potential breach to your privacy rights, you can make a complaint to the ARPC Privacy Officer via:
Chief Financial Officer
Australian Reinsurance Pool Corporation
PO Box Q1432
Queen Victoria Building NSW 1230
Email: [email protected]
If a satisfactory outcome is not reached regarding the way that ARPC handles your privacy-related complaint, you may contact the OAIC via:
Director of Privacy Case Management
GPO Box 5218
Sydney NSW 2001
Email: [email protected]
Phone: 1300 363992
Privacy Impact Assessment Register
From 1 July 2018, ARPC is required under paragraph 15 of the Privacy (Australian Government Agencies – Governance) APP Code 2017 to maintain and publish on its website a register of the Privacy Impact Assessments (PIAs) conducted. PIAs are conducted for all high privacy risk projects.
The PIA Register below sets out the PIAs conducted by ARPC since 1 July 2018.
Title of PIA