Scope

This summary sets out the key points about how the Ambika-Bleue handles personal information.

We collect, hold, use and disclose personal information to carry out our functions or activities under the Australian Information Commissioner Act 2010 (AIC Act), the Privacy Act 1988 (Privacy Act) and the Freedom of Information Act 1982 (FOI Act).

Collection of your personal information

We usually collect personal information (including sensitive information) from you or your authorised representative when we are handling privacy and freedom of information (FOI) complaints and FOI reviews or taking other regulatory action under the Privacy or FOI Acts.

We sometimes collect personal information from a third party or a publicly available source to enable us to deal with a complaint or review application or to communicate with the public and stakeholders.

We also collect personal information through our websites and social networking services. We use this information to improve our website and receive feedback from the community.

At all times we try to only collect the information we need for the particular project opportunity or activity we are carrying out.

The main way we collect personal information about you is when you give it to us, for example, we collect personal information such as contact details submitted with your inquiry. We may also collect contact details and some other personal information if you are participating in a meeting or consultation with us.

Collecting sensitive information

Ambika-Bleue is committed to protecting and maintaining the privacy of its clients, candidates and employees. Any personal information collected or generated as a result of our relationship, is also safeguarded and protected from access by unauthorised individuals.

Indirect collection

In the course of handling enquiries and applications, we may collect personal information (including sensitive information) about you indirectly from publicly available sources or from third parties. Sometimes we may need to collect sensitive information about you, this might include information about your police and criminal history checks.

Analytic, session and cookie tools

We use a range of tools provided our web hosting company WebSetGo and stored at the government approved Silverwater Data Centre in NSW to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our websites. The information collected by these tools may include the IP address of the device you are using, the device, browser and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them. This information is not linked to personal details until and enquiry is made. In relation to Google Analytics you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.

Social Networking Services

We use social networking services to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These sites have their own privacy policies.

Electronic Forms

Ambika-Bleue enables you to lodge an application or enquiry online. We collect your email and, if you provide it, other contact details when you complete an online enquiry form. When you submit one of these forms it your personal information not stored on the internet. The data is transmitted within Australia, emailed directly to us and stored manually.

Disclosure

We may disclose your personal and sensitive information to third parties to whom we provide services to, and including organisations that assist us in our business activities.

To ensure fairness, we disclose relevant information about the details of your complaint or review application to the respondent and, where relevant, affected third parties. We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree.

Generally we only disclose personal information overseas so that we can properly handle your complaint or application. As well, web traffic information we collect using Google Analytics may be stored overseas.

Disclosure of personal information overseas

Generally we only disclose personal information overseas if we are providing services to a company based overseas.

Web traffic information is disclosed to Google Analytics when you visit our websites. Google stores information across multiple countries. For further information see Google Data Centres and Google Locations. When you communicate with us through a social network service, the social network provider and its partners may collect and hold your personal information overseas.

Quality of personal information

To ensure that the personal information we collect is accurate, up-to-date and complete we:

  • record information in a consistent format
  • where necessary, confirm the accuracy of information we collect from a third party or a public source
  • promptly add updated or new personal information to existing records
  • regularly audit our contact lists to check their accuracy. We also review the quality of personal information before we use or disclose it.
Storage and security of personal information

We take steps to protect the security of the personal information we hold from both internal and external threats by:

  • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information
  • taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff only access those records when they need to
  • conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.

We destroy personal information in a secure manner when we no longer need it.

Accessing and correcting your personal information

Under the Privacy Act you have the right to ask for access to personal information that we hold about you, and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.

We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.

If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.

If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why. You also have the right under the FOI Act to request access to documents that we hold and ask for information that we hold about you to be changed or annotated if it is incomplete, incorrect, out-of-date or misleading.

If you ask, in most cases we must give you access to the personal information that we hold about you, and take reasonable steps to correct it if we consider it is incorrect. We will try to make the process as simple as possible.

How to make a complaint

If you wish to complain to us about how we have handled your personal information you should complain in writing. We will respond to the complaint within 30 days. If you need help lodging a complaint, you can contact us. If we receive a complaint from you about how we have handled your personal information we will determine what (if any) action we should take to resolve the complaint.

How to contact us

You can contact us at:

Ambika-Bleue
Privacy Officer
Level 10, 30 Collins Street
Melbourne, VIC 3000 Australia
E-mail: privacy@ambikableue.com