Cradio Limited (ABN 73 142 480 260) (Cradio) is committed to complying with its obligations under the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs).
Cradio is committed to respecting your privacy and protecting your rights with respect to your personal information.
This policy explains how the Cradio manages and secures your personal information. It also describes the kinds of personal information that Cradio holds and for what purposes, and how that information is collected, held, used and disclosed.
This policy is available on the Cradio’s website at https://cradio.org.au/about/privacy. You may request a copy of the policy by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
Please read this policy carefully before you provide Cradio with any personal information.
3. Types of personal information that Cradio collects and holds
Cradio may collect and hold the following types of personal information about you:
a) identification information, including your name, postal address, email address, IP address, date of birth, and contact details;
b) bank account details;
c) financial transactions relating to your dealings with Cradio;
d) behaviour, interest and demographic data;
e) any other information that Cradio considers to be reasonably necessary.
Cradio may need to collect sensitive information about you. Cradio will only collect sensitive information about you if:
a) you consent to the collection of the information and the information is directly related to Cradio’s functions; or
b) the information relates:
(i) to the activities of the Cradio; and
(ii)solely to the members of Cradio, or to individuals who have regular contact with Cradio in connection with its activities; or
c) the collection is otherwise permitted under the Privacy Act.
The types of sensitive information that Cradio collects and holds about you may include:
- information or an opinion about your race or ethnic origin, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union, sexual orientation and/or practices;
- criminal records; or
- health information.
Information required by law
Cradio may also collect personal information about you because the collection of the information is required or authorised by law or a court/tribunal order.
4. Collecting your personal information
Cradio will, if it is reasonable and practical to do so, collect personal information directly from you.
Cradio may collect your information when you:
- interact with Cradio electronically, over the telephone or in person;
- complete forms.
On occasion Cradio may collect personal information about you from other sources where it is necessary to do so. Examples of other sources that Cradio may collect personal information from include, but are not limited to:
- information that is publicly available on the electoral roll.
If you do not provide Cradio with your personal information, it may not be able to:
- provide you with the service you want; and
- verify your identity.
Unsolicited personal information
If Cradio inadvertently collects personal information about you that it did not ask for, Cradio will check whether it could have collected that information itself. If Cradio could have collected the information, Cradio will handle it in the same way it handles other information it collects from you. If:
a) Cradio could not have collected the personal information; and
b) the information is not contained in a Commonwealth record,
Cradio will destroy the information or de-identify the information provided it is lawful and reasonable to do so.
5. Storing personal information
Cradio stores your personal information in different ways, including paper and electronic form, via cloud and via Dropbox.
Cradio treats all personal information as confidential. It will take reasonable steps to ensure personal information is protected from:
- misuse, interference and loss; and
- unauthorised access, modification and disclosure.
Some of the ways Cradio does this are:
- confidentiality requirements for employees;
- document storage facilities;
- security measures for access to systems;
- only giving access to personal information to a person who is verified to be able to access that information;
- control of access to buildings; and
- electronic security systems, such as firewalls and data encryption, user identifiers, passwords or other access codes, antivirus, antispyware, backup and recovery of systems.
If Cradio no longer needs your personal information for any purpose, it will take reasonable steps to destroy or permanently de-identify the information, unless:
- the information is contained in a Commonwealth record; or
- Cradio is required by law, or a court/tribunal order, to retain the information.
6. Purpose for collecting, holding, using and disclosing information
Cradio collects, holds, uses and discloses your personal information for the following purposes:
- to assess your account application;
- to establish and administer your account;
- to verify your identity;
- to consider any other application made by you for products or services;
- for customer relations purposes, including managing Cradio’s relationship with you;
- to comply with any applicable laws, regulations or codes of practice;
- to comply with any payment systems requirements;
- for information technology systems development and testing where Cradio’s internal computer system is upgraded;
- for Cradio’s internal operations, including record keeping, risk management, auditing, training, file reviews and account analysis;
- to investigate, resolve and prevent complaints;
- to make arrangements with other organisations to provide services in relation to Cradio’s products and services;
- to conduct fraud assessments;
- for reporting and data analytics purposes, including for regulatory, management, statistical or research purposes;
- direct marketing purposes; and
- for any other purpose for which you have given your consent.
7. Use and disclosure of information
Personal information Cradio holds about you that was collected for a particular purpose will not be disclosed for another purpose, unless:
- you have consented to the use or disclosure of the information for another purpose; or
- the access, use or disclosure is otherwise permitted under the Privacy Act (e.g. you would reasonably expect Cradio to use or disclose the information for another purpose or the use or disclosure of the information is required or authorised by law or a court/tribunal order).
Cradio may disclose personal information about you to third parties. Examples of third parties that Cradio may disclose your personal information to include, but are not limited to:
- Cradio’s service providers;
- Cradio’s agents, contractors and external advisors;
- any person acting on your behalf, including your legal and financial advisers;
- Government and other regulatory bodies, law enforcement bodies and courts as required or authorised by law;
- external dispute resolution bodies;
- other financial institutions; and
- any other person where you have given your consent.
Cradio is not likely to disclose your personal information to any overseas recipients.
Where your personal information is disclosed, Cradio will seek to ensure that information is used, held and disclosed consistently with the Privacy Act and any other applicable laws.
8. Direct marketing
Cradio may use or disclose your personal information (excluding sensitive information) for direct marketing purposes. Cradio may conduct direct marketing via email, telephone, mail out or any other electronic means.
Cradio will only use your sensitive information for the purposes of direct marketing if you have consented to the information being used or disclosed for the purposes of direct marketing.
If at any time you decide you do not want to receive any more marketing material from Cradio, you may:
- contact the Privacy Officer in accordance with paragraph 13 of this policy; or
- opt-out of receiving any more marketing material via any opt-out mechanism contained in Cradio’s marketing correspondence.
All of Cradio’s marketing correspondence will display a clearly visible and user-friendly opt-out mechanism. Cradio may imply consent to receive direct marketing material if you do not use the opt-out mechanism.
If you request to no longer receive direct marketing material Cradio will process your request within a reasonable period after the request is made.
9. Quality of personal information
Cradio will take all reasonable steps to ensure that any personal information it collects, uses or discloses is accurate, complete, up-to-date and relevant to Cradio’s functions or activities.
If you believe that your personal information is not accurate, complete or up to date, you should contact the Privacy Officer in accordance with paragraph 13 of this policy.
10. Access to personal information
You can access your personal information unless an exception in the Privacy Act applies.
You can request access to your personal information by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
Depending on the nature of the request, Cradio may charge you a small fee for granting you access.
Cradio will respond to a request for access within a reasonable time (usually 30 days), and give access in the manner requested by you, if it is reasonable and practicable to do so.
Sometimes, it may not be possible for Cradio to give you access. If Cradio refuses to give you access, it will:
- take reasonable steps to give you access in a manner that meets Cradio’s needs as well as yours;
- provide you with written reasons for the refusal provided it is reasonable to do so; and
- provide you with the mechanisms available to complain about the refusal.
11. Correcting personal information
If you think that any personal information Cradio holds about you is incorrect, inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request Cradio to correct the information by contacting the Privacy Officer in accordance with paragraph 13 of this policy.
Cradio will take all reasonable steps to correct that information to ensure that, having regard to the purposes for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If Cradio corrects personal information that has been disclosed to another entity and you ask Cradio to tell the other entity about the correction, Cradio will take all reasonable steps to tell the other entity about the correction, unless it is impractical or unlawful to do so.
If Cradio refuses to correct the personal information, then it will provide you with:
- written reasons for the refusal provided it is reasonable to do so; and
- the mechanism available to complain about the refusal.
Cradio must respond to a correction request within a reasonable time (usually 30 days).
You have the option to remain anonymous, or to use a pseudonym when dealing with Cradio where it is lawful and practical to do so.
13. Complaints or queries
- have any issues about the way Cradio handles your personal information after reading this policy;
- become aware of a potential breach of privacy; or
- wish to make a privacy complaint,
you are requested to contact the Cradio Privacy Officer at:
Cradio Privacy Officer
Telephone: (02) 8005 1530
Post: GPO Box 62, Hobart, Tas, 7001
Visit: 35 Tower Road, New Town, Tas, 7008
If Cradio’s Privacy Officer is unable to resolve the matter, it will be escalated (internally or externally) as appropriate to facilitate resolution.
If you are not happy with the outcome of Cradio’s Privacy Officer’s investigation, then you can raise your concern with the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Telephone: 1300 363 992
Mail: GPO Box 5218 Sydney NSW 2001
Changes to this policy
Cradio will review this policy from time to time. Cradio encourages you to check its website regularly for any updates to this policy.