NTEU Privacy Statement
This Privacy Statement is made in compliance with the Australian Privacy Principles (APP). This Privacy Statement describes how NTEU manages personal information. This Privacy Statement will be published in an accessible format on the NTEU website (www.nteu.org.au ) and a copy will be made available to any person who may request to view it.
Introduction and scope
National Tertiary Education Industry Union (NTEU) is an organisation of employees (i.e. a trade union) registered under the Fair Work (Registered Organisations) Act 2009. The Privacy Act 1998 (the Act) and the Australian Privacy Principles (APPs) apply to NTEU in relation to the collection and use of personal information, as well as its disclosure and its security and access to it. This Privacy Statement (Statement) applies to NTEU and should be read in conjunction with the Act and the APPs.
In furtherance of the Objects of the NTEU and in order to carry out its activities and provide services, NTEU may collect personal information from, or on behalf of, members, students, potential members, potential students and former members and students, in order to conduct our affairs and provide services related to tertiary and higher education in Australia and provide information such as newsletters and publications.
Personal information is defined as any ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.’
The purpose for which personal information is collected, held, used and disclosed by NTEU
NTEU’s purpose and functions are set out in Objects (Rule 3) of the NTEU Rules. A copy is available upon request. In furtherance of its objects (and without limiting their application), NTEU may collect personal information for many purposes, including the following:
- providing assistance with industrial relations and employment queries;
- representing and organising members regarding industrial and political issues and/or campaigns;
- providing services;
- providing information about rights at work;
- providing information about changes to legislation;
- providing referrals for professional services;
- providing information about industrial, social and political campaigns;
- managing NTEU’s relationship with its members;
- conducting surveys and research;
- providing educational services and professional development;
- conducting union elections;
- improving the services provided by NTEU;
- enabling a contractor engaged by NTEU to provide goods or services (such as cloud storage, preparing physical membership cards or sending publications) provided that the contractor may only use the information to give effect to the contract, and may not provide the information to any third party, unless on the same terms;
- managing employee records;
- handling complaints;
- complying with its legal obligations.
NTEU will not use personal information for the purpose of direct marketing, unless it is reasonably expected that the personal information will be used for the purpose of direct marketing and/or the person has consented to us doing so. A person may wish not to receive communications, or a particular communication, from NTEU and may request to cancel such communication(s) by:
- unsubscribing to an email newsletter at any time from the newsletter mailing list (which will unsubscribe the person from all general email communication);
- “opt out” by texting STOP in reply to a text message from NTEU; or
- by contacting us at any time via telephone, mail or email.
- NTEU will not sell personal information and will only provide personal information to a third party in the circumstances such as those described above.
NTEU only uses or discloses personal information about an individual for the primary purpose for which the information is collected. Personal information is not used or disclosed for a secondary (related) purpose, except in accordance with the APPs. The secondary purpose may be related to the primary purpose of collection (or, if the personal information is sensitive information, directly related to the primary purpose), and the individual would reasonably expect the use or disclosure of the information for that secondary purpose. This may include, for example, where NTEU engages a third party to perform a function on its behalf.
Sometimes NTEU de-identifies personal information through aggregation with other information or removes reference to personal information. In these circumstances, the information will no longer be personal information as it is no longer about an identifiable individual or an individual who is reasonably identifiable.
NTEU does not disclose personal information to overseas recipients.
The type of information the NTEU may collect
NTEU only collects personal information that is related to the performance of NTEU’s functions and in furtherance of its Objects (see above). Depending upon the circumstances, NTEU may collect information such as, but not limited to:
- contact details;
- social media details (e.g. blogs, Twitter, Facebook, LinkedIn);
- marital status;
- employment details;
- health status;
- educational qualifications;
- bank and/or credit card details;
- inquiry or complaint details;
- area of personal and professional interest.
Some personal information is also considered sensitive information and includes:
- political opinions;
- political party membership (if any);
- union membership (if any);
- racial or ethnic origin;
- sexual orientation;
- any disabilities, illnesses or injuries.
As a non-profit organisation, NTEU is authorised by the Act to collect sensitive information where it relates directly to the activities of the NTEU and the information relates solely to the members of the NTEU, or to individuals who have regular contact with NTEU in connection with our activities.
NTEU will take all reasonable steps to ensure that personal information is accurate, up-to-date and complete. This may include ensuring all required information is disclosed at the time of commencing membership or during normal updates of information (e.g. if a member advises us of a new phone number).
Where information is provided to NTEU in relation to a job application the personal information provided will only be collected, held, used and disclosed for the purposes of considering potential employment with NTEU. Where a candidate has provided the details of referees, they confirm that they have informed the referees that they are providing their contact information to NTEU and they have consented to the NTEU contacting them and discussing the personal information the candidate has provided in relation to the job application.
The NTEU website collects two types of information. The first type is anonymous information and is therefore not personal information.
Another way information may be collected is through the use of “cookies”. A cookie is a small text file that the website may place on the person’s computer. Cookies may be used, among other things, to track the pages previously visited, to remember preferences and store personal information.
How personal information is collected and held by NTEU
NTEU collects personal information in the course of its operations, for purposes which are reasonably necessary for the performance of our core functions or activities. NTEU may collect personal information including:
- through a person becoming a member;
- by a person’s involvement with the union (as a member, non-member or former member) for example by seeking assistance or being involved in a campaign;
- as an employee or prospective employee or former employee;
- through publicly-available sources;
- when we are required by law to collect it (e.g. compliance with the Fair Work (Registered Organisations) Act 2009).
The personal information could be collected via one of our websites, other websites, social media, telephone, email, in person or in writing in some other form. NTEU may collect this information directly from the person or from another source, so long as it is lawful and fair.
At all times we aim to collect only the information we need for the particular function or activity we are carrying out.
Personal information (including that which is sensitive information) held by NTEU is kept in secured locations and is only accessible by authorised personnel. Personal information kept electronically is handled with care and secured by user identifiers, and passwords accessed only by authorised personnel. An electronic backup of information is stored in a secure offsite facility for disaster recovery purposes and is only accessible by authorised personnel.
Archived personal information is maintained in a secured facility and is only accessible by authorised personnel.
NTEU may destroy personal information where it is done through usual business record management (e.g. destroying physical case files which are very old). We will take reasonable steps to destroy or de-identify personal information such as shredding and use of locked security bins.
Security arrangements may be monitored and reviewed where necessary and all staff made aware of organisational systems for the processing, storing and transmitting of personal information and the protective security policies associated with this.
A person can choose to interact with us anonymously or by using a pseudonym where it is lawful and practicable. For example, an individual may wish to participate in a blog or enquire about a particular campaign anonymously or under a pseudonym. However, such decision to interact anonymously or by using a pseudonym will likely affect the level of services we can provide. For example, we may not be able to assist with a specific industrial enquiry or investigate a privacy complaint on an anonymous or pseudonymous basis. We will provide further information if this is the case.
Unsolicited personal information
If we receive unsolicited personal information about or relating to individuals, and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs.
Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information we will, if it is lawful and reasonable to do so, destroy the information or de‐identify the information.
NTEU will take reasonable steps to notify an individual of relevant NTEU contact details, the facts and circumstances of collection (how, when and from where the information was collected), if the collection is required or authorised by or under Australian law or court order (if applicable); the purpose of the collection; the consequences (if any) for the individual if all or some of the information is not collected by NTEU; any other body to which the personal information will be disclosed; information about accessing and correcting personal information or make a complaint; and that we do not disclose the personal information to overseas recipients. Notification will occur at or before the time we collect the information or, if that is not practicable, as soon as practicable after the collection occurs.
Access to personal information and how to seek its correction
An individual has the right under the Privacy Act to ask for access to the personal information held by NTEU and ask that we correct that personal information. Once NTEU has received a request for access or correction, we will respond within 30 days.
Members may correct some their membership information through use of the individual profile and login via access through NTEU’s website.
If requested, we will provide access to a person’s personal information unless there is a law that allows or requires us not to. We will take reasonable steps to correct personal information if we consider it is incorrect, unless there is a law that requires us not to. We will ask for identity verification before we provide access to information or correct it and we will try to make the process as simple as possible.
Please see the contact details at the end of this policy as to where requests may be directed.
Complaints about privacy, and how it will be handled
Complaints about how we have handled personal information should be made in writing (see contact details below). If we receive a complaint, we will determine what (if any) action we should take to resolve the complaint.
We will advise the complainant promptly that we have received the complaint, and then respond to the complaint within 30 days.
If the complainant is not satisfied with our response, they may make a complaint to the Office of the Australian Information Commissioner.
NTEU will not adopt as our own identifier a government-related identifier of an individual, such as a tax file number (for NTEU staff) and will only use or disclose a government-related identifier where the use or disclosure:
- is reasonably necessary for NTEU to verify identity for the purposes of our activities or functions;
- is reasonably necessary for NTEU to fulfil its obligations to an agency or a State or Territory authority;
- is required or authorised by or under an Australian law; or
- is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Notifiable data breaches
Where NTEU experiences a data breach that is likely to result in serious harm, NTEU is obliged to notify individuals whose personal information is involved in the data breach. The notification must include recommendations about the steps taken in response to the breach. The Office of the Australian Information Commissioner must be notified of an Eligible Data Breach.
A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.
An Eligible Data Breach arises when the following criteria are satisfied:
- there is unauthorised access to, or unauthorised disclosure of, personal information or a loss of personal information that NTEU holds; and
- this is likely to result in serious harm to one or more individuals; and
- NTEU has not been able to prevent the likely risk of serious harm with remedial action.
- NTEU maintains a Data Breach Response Plan which is in place to manage any notifiable data breaches.
How to contact us about privacy matters
For more information about this privacy statement, please contact the NTEU General Secretary at [email protected] or on 03 9254 1910 or by post at Level 1, 120 Clarendon Street, South Melbourne, 3205, or by fax on 03 9254 1915.
Variations to the Statement
This Statement may be varied from time to time and an updated version will be posted on the NTEUs websites. Please check our websites regularly to ensure this is the most recent version of the Statement.