Background

Rotary Club of Blacktown City Inc. collects personal information relating to members and maintains a database.

Personal information is defined by the NSW Privacy and Personal Information Protection (PPIP) Act (1998) as:

“any information or opinion about an individual or which is reasonably capable of identifying an individual”.

Purpose

The purpose of this policy is to protect the privacy of individuals and organisations about whom Rotary Club of

Blacktown City Inc. collects and/or holds information. The policy outlines the guidelines which must be observed

when collecting, storing and using personal and confidential information.

2.9.1 Legislation

The NSW PPIP Act governs the collection, use and storage of personal information across NSW.

2.9.2 Principles

The PPIP Act sets out 12 specific Information Protection Principles to guide the collection and use of personal

information. Rotary Club of Blacktown City Inc. adopts these principles:

Collection

1. Lawful – when an organisation collects your personal information, the information must be collected for a lawful

purpose. It must also be directly related to the organisation’s activities and necessary for that purpose.

2. Direct – your information must be collected directly from you, unless you have given your consent otherwise.

Parents and guardians can give consent for minors.

3. Open – you must be informed that the information is being collected, why it is being collected and who will be

storing and using it. The organisation should also tell you how you can see and correct this information.

4. Relevant – the organisation must ensure that the information is relevant, accurate, up-to-date and not

excessive. The collection should not unreasonably intrude into your personal affairs.

Storage

5. Secure – your information must be stored securely, not kept any longer than necessary, and disposed of

appropriately. It should be protected from unauthorised access, use or disclosure.

Access

6. Transparent – the organisation must provide you with enough details about what personal information they are

storing, why they are storing it and what rights you have to access it.

7. Accessible – the organisation must allow you to access your personal information without unreasonable delay

and expense.

8. Correct – the organisation must allow you to update, correct or amend your personal information where

necessary.

Use

9. Accurate – agencies must make sure that your information is accurate before using it.

10. Limited – agencies can only use your information for the purpose for which it was collected, for a directly

related purpose, or for a purpose to which you have given your consent. It can also be used without your consent

in order to deal with a serious and imminent threat to any person’s health or safety.

Disclosure

11. Restricted – the organisation can only disclose your information with your consent or if you were told at the

time they collected it from you that they would do so. The organisation can also disclose your information if it is

for a related purpose and they don’t think that you would object. Your information can also be used without your

consent in order to deal with a serious and imminent threat to any person’s health or safety.

12. Safeguarded – the organisation cannot disclose your sensitive personal information without your consent, for

example information about your ethnic or racial origin, political opinions, religious or philosophical beliefs, health

or sexual activities or trade union membership. It can only disclose sensitive information without your consent in

order to deal with a serious and imminent threat to any person’s health or safety.

2.9.3 Responsibilities for managing privacy

Responsibilities for the management of personal information are the domain of any individual within the

organisation with access to, or responsibilities for, such information. However Rotary Club of Blacktown City Inc.

promotes specific responsibilities to certain individuals/positions. Those individuals will then be in a position to

ensure that all persons holding office are suitably instructed either through training or the introduction of policies

and procedures, as to their obligations in relation to the protection of personal information in their handling.

Privacy Contact Officer

As a matter of good practice, an organisation should have a designated officer to whom members of the public

can direct any queries or complaints in the first instance. Privacy Contact Officers are also the primary point of

contact for liaison with Privacy NSW.

Please contact Club President: