ATPM is committed to adopting the Guidelines to the National Privacy Principles (NPP) as published by the Office of the Australian Information Commissioner in September 2001. A copy of the Guidelines is available at http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guidelines-to-the-national-privacy-principles.
The Privacy Act places obligations on agencies and organisations to handle personal information and sensitive information with particular care. Personal information includes information or an opinion about an individual whose identity is apparent such as a personal identifier or particulars. Sensitive information is a sub-set of personal information and includes information about an individual’s:
- racial or ethnic origin;
- health or medical information;
- political opinion;
- membership of a political association, professional or trade association or trade union;
- religious beliefs or affiliations;
- philosophical beliefs;
- sexual preferences or practices;
- criminal record; and
- genetic information.
In addition, information provided in confidence and information which attracts intellectual property shall be managed following the same principles as outlined in the NPP.
A reference in this document to ATPM includes business operated or managed on behalf of, or associated with, ATPM.
ATPM Privacy Commitments
When undertaking its business or undertaking, ATPM commits to the following:
- ATPM will only collect personal information that is necessary to properly administer its functions or activities.
- ATPM will use fair and lawful ways to collect personal information.
- ATPM will collect personal information directly from an individual if it is reasonable and practicable to do so.
- ATPM will restrict the collection of sensitive information however where deemed necessary, will always get consent to collect sensitive information unless specified exemptions apply.
- Where lawful and practicable ATPM will give people the option of interacting anonymously with ATPM.
- ATPM will, at the time of collecting personal information or as soon as practicable afterwards, take reasonable steps to provide information or access to information advising the individual of:
- why the information was collected;
- who may have access to the information; and
- any exceptions to maintaining confidence.
- ATPM will only use or disclose personal information for the primary purpose of collection unless there is a related secondary purpose within the individual’s reasonable expectations, consent has been provided or there are specified law enforcement or public health and public safety circumstances noting that if the information is sensitive the uses or disclosures allowed are more limited.
- ATPM will take reasonable steps to protect the personal information from misuse and loss and from unauthorised access, modification or disclosure.
- ATPM will take reasonable steps to ensure individuals are aware of personal information held even if it was collected from a third party.
- ATPM will take reasonable steps to ensure the personal information collected, used or disclosed is accurate, complete and up-to-date.
- ATPM will take reasonable steps to destroy or permanently de-identify personal information once there is no longer a need for the use or disclosure of the information.
- If an individual asks, ATPM will take reasonable steps to let them know, generally, what sort of personal information is held, what the purpose for holding it is, and how it was collected, used and disclosed.
- If an individual asks, ATPM will give access to the relevant personal information held unless particular circumstances apply that permits ATPM to limit the access – these circumstances include emergency situations, specified business imperatives and law enforcement or other public interests.
- ATPM will only adopt, use or disclose a Commonwealth Government identifier where lawful.
Collection of Personal Information
The personal information that ATPM collects may include an individual’s:
- Date of Birth;
- Licence numbers;
- Email addresses / IP addresses;
- Telephone numbers;
- Date of birth;
- Vehicle registrations;
- Financial and transaction details associated with bookings, products and services;
- Special needs or preferences;
- Information concerning previous interactions with ATPM, parks managed by ATPM and business partners; and
- Residential tenancy particulars.
In addition, ATPM may collect sensitive information by consent to assist with providing services to cater to special needs.
Personal information relevant to the services provided may be sourced from information directly provided by individuals, from ATPM’s business partners, other sources lawfully obtained from third parties and other information publically available such as online directories. Sources include direct conversations, club memberships, surveys, customer feedback, sales and marketing initiatives and completing reservation forms either online or in person and via access to ATPM websites.
The collection of personal information from third parties or publically available sources may occur where the individual has consented to such collection or would reasonably expect the information to be collected in such a manner.
Use and Disclosure of Personal Information
The primary use for obtaining personal information is to effectively administer records, accounts and financial transactions, provide for administration / operations, verify and manage membership particulars and subscriptions, arrange bookings and accommodation, establish residential tenancy agreements, book tours and other services on a customer’s behalf, to improve services to meet customer preferences, provide opportunity for future sales and marketing and provide other goods, and services in connection with ATPM business or undertaking. Some personal information obtained is required by law such as properly identifying parties to a contract and to establish binding agreements such as a residential tenancy agreement.
The information obtained provides a means for ATPM to contact customers, provide tourism information and assist in managing risks associated with staying at a Park including responding to emergencies, responding public safety threats or where there is a serious threat to health, life or safety. Personal information also assists in understanding the demographics of existing and future customers and providing appropriate facilities to meet customer needs and to offer marketing material to customers to provide information on goods and services offered. In addition, such information may be used by ATPM enterprises, business partners and associates for the above-mentioned purposes associated with ATPM’s business and undertaking or disclosed to other persons or organisations if it is reasonably expected by the individual.
Personal information may be used for direct marketing purposes where, in absence of an objection, implied consent is assumed. ATPM will also provide options for a person to opt out of receiving marketing material. In addition, ATPM may use information appropriately and lawfully sourced by a third party for direct marketing purposes if the information is not sensitive information and:
a) it is impracticable for ATPM to seek the individual’s consent before that particular use;
b) ATPM will not charge the individual for giving effect to a request by the individual to ATPM not to receive direct marketing communications;
c) the individual has not made a request to ATPM not to receive direct marketing communications;
d) in each direct marketing communication with the individual, ATPM draws to the individual’s attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications; and
e) each written direct marketing communication by ATPM with the individual (up to and including the communication that involves the use) sets out the organisation’s business address and telephone number and, if the communication with the individual is made by fax, telex or other electronic means, a number or address at which the organisation can be directly contacted electronically.
As ATPM is concerned with maintaining the privacy of personal information, such information will not be disclosed to third parties that are not directly involved or associated with ATPM’s business or undertaking unless:
- an emergency exists where disclosure of such information will assist in the response; and
- a law enforcement agency or person duly authorised by law requests the disclosure of such information for bona fide reasons.
Personal information such as basic contact details sourced from the ATPM subscription base, memberships and accommodation records may be provided to other ATPM and related entities, business partners and associates for bona fide purposes associated with ATPM’s business and undertaking. This includes the opportunity to provide information concerning products and services offered by ATPM and other entities. In addition, if certain conditions are met as detailed in the NPP, an organisation does not always need an individual’s consent to use and disclose personal information.
Personal information provided in connection with your stay at NRMA Murramarang Beachfront Resort may be provided to National Roads and Motorists’ Association Limited and its related entities for their internal and direct marketing purposes.
Information Quality and Security
ATPM takes steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access. All information stored electronically is protected by unique password and network protection with access limited to key positions held within ATPM. Physical records are kept in secure locations to prevent unauthorised access or disclosure. In addition, once records are no longer of use, personal particulars will be removed to de-identify any such records.
When the opportunity arises, ATPM will take steps to confirm or update the personal information and contact particulars to ensure currency is maintained as is practicable.
Openness, Access and Correction
ATPM will provide access to personal information held on application made by the person. Prior to information being released, precautions will be taken to confirm the person’s identity by reference to information held and other unique information held. In addition, a person has the general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
ATPM does not require the collection of an Australian Government identifier for an individual (e.g. Medicare numbers, Tax File numbers) unless required by law.
Where appropriate, ATPM shall give individuals the opportunity to do business with them without the individual having to identify themselves.
Any queries relating to this policy, enquiries about the personal information held, requests to update personal information, requests to be excluded from receiving marketing communications or complaints may be directed to the ATPM Head Office on (07) 5607 1405 or firstname.lastname@example.org. Additional information on privacy may be obtained from the Office of the Australian Information Commissioner at http://www.oaic.gov.au/privacy/privacy-news.