Privacy Policy
Healthy Kids School Canteen Association (HKSCA) from time to time collects personal or sensitive information relating to members and registered companies, or in the provision of its services. Personal information is defined by the NSW Privacy and Personal Information (PPIP) Act (1998) as:
“any information or opinion about an individual or which is reasonably capable of identifying an individual.”
The purpose of this policy is to protect the privacy of individuals and organisations about whom HKSCA collects and/or holds information. This policy outlines the guidelines to be observed when collecting, storing or using personal and confidential information. HKSCA may review and update this policy statement to take into account new laws and technologies and changes to its operations. All personal information held by HKSCA will be governed by the most recent policy, as posted on the website.
Procedure
A. Legislation
The NSW PPIP Act governs the collection, use and storage of personal information across all NSW Government agencies. The terms of HKSCA’s funding agreement with NSW Health state that HKSCA must ensure that all work done in connection with its services must comply with all applicable legislation, regulations, codes of conduct and all relevant Australian standards applicable to the services. HKSCA is also bound by the National Privacy Principles contained in the Commonwealth Privacy Act 1988. The PPIP Act sets out the following Information Protection Principles to guide the collection and use of personal information and to which KHSCA will adhere:
Collection must be:
a. lawful – information collected must be for a lawful purpose and directly related and necessary to HKSCA’s activities
b. direct from the informant. Parents and guardians can give consent for minors
c. open – HKSCA must disclose that the information is being collected, its purpose and who will be storing and using it.
d. relevant, accurate and not excessive
Storage must be:
e. secure
f. retained only while necessary
g. disposed of appropriately
h. protected from unauthorised use or access.
Access must be:
i. transparent
j. accessible without unreasonable delay or expense
k. correctable by the informant
Use must be:
l. accurate
m. limited to the disclosed purpose, or a directly related purpose or a purpose for which the informant has given consent, or in order to deal with serious and imminent threat to any person’s health or safety.
Disclosure must be
n. restricted – HKSCA will only disclose information with the consent of the informant, or in order to deal with a serious and imminent threat to any person’s health or safety
o. safeguarded – HKSCA will not disclose sensitive personal information without consent of the informant (eg information about sexual preferences, ethnic or racial origin, religious or philosophical beliefs, political opinions, health, trade union or professional association membership, criminal record) except to deal with a serious and imminent threat to any person’s health or safety. HKSCA does not routinely collect such information but if it should, it will be used only for the purpose for which it was provided.
B. Management and Security
It is the personal responsibility of every member of staff at HKSCA to manage personal and private information. The General Manger will ensure that all members of staff are suitably instructed as to their obligations in relation to the protection of personal information in their control. Staff members are encouraged to raise any issues of privacy that arise in the conduct of their work and report any breaches of privacy, to their Team Leaders.
The Database Manager shall be the person to whom members of the public can direct queries or complaints in the first instance and who will act as liaison with Privacy NSW.
The Communications Officer will monitor all web content with regard to privacy issues, especially for:
1. personal information of the staff presented to the public or to other staff
2. personal information of members of the public included in web documents
obtaining personal information from the public through their visit to the website.
3. The Communications Officer will also publish a Privacy statement on the website and on all information collection documents (eg membership applications forms, industry registration forms).
The General Manger will prepare a Privacy Management Plan and associated procedures to ensure that information is collected, stored and disclosed according to the legislation.
HKSCA protects the personal information it holds from misuse, loss, unauthorised access, modification or disclosure by various means, including firewalls, password access, secure servers and encryption of credit card transactions
C. Kinds and Methods of Information Collected
HKSCA may collect personal information about users, schools, merchants, advertisers and other businesses which supply material to or promote products in the magazine, Buyers’ Guide, or brochures or on the website. In general, personal information collected includes (but is not limited to) name, address, contact details, position, financial information, including credit card details, banking details or other financial information.
Information is obtained from the membership registration process, product registration process, registration for the Healthy Kids Expo, requests for a product or service from HKSCA, provision of a product or service to HKSCA, completion of a questionnaire, entry to a competition, participation in forums, communication with HKSCA via e-mail, telephone, fax or mail.
D. How the Information Collected is Used
Information collected is used for the primary purpose for which it was collected and for such other internal secondary purposes that enhance the HKSCA’s services. In general, HKSCA uses personal information to:
1. provide products or services requested
2. personalise and customise experiences with HKSCA
3. help HKSCA manage and enhance its services
4. communicate with members, registrants, providers or others
5. provide ongoing information about opportunities on the website, which HKSCA believes will be of interest
6. give opportunities to receive e-mail and newsletters from HKSCA.
In most cases, if information is requested by HKSCA for provision of one of its products or services, that product or service may not be able to be provided without all the correct information.
E. Disclosure
HKSCA does not provide or sell any aggregated statistics to any other third party.
This policy does not apply to communications of any kind with merchants appearing in the HKSCA’s publications or website. HKSCA accepts no responsibility for any such communications or transactions.
The HKSCA website may contain features which invite people to send personal information to organisations other than HKSCA. Any such information sent will not be bound by this policy.
Access to third party sites from the Healthy Kids website is not covered by the HKSCA Privacy Policy and HKSCA accepts no responsibility for information or content of third party sites.
F. Updating Personal Information
Membership and registration information can be updated by contacting the Database Manager or by resending new forms. Where information is no longer required by HKSCA, it will be destroyed or de-identified.
G. Access to Personal information
Informants have the right to access information given to HKSCA and to ensure it is accurate. Requests may be made by contacting the HKSCA office and anyone wishing to do so will be asked to verify their identity.
Contact Us:
Healthy Kids School Canteen Association
Level 1, 123 Misdon Rd
Epping NSW 2121
Phone: 02 9876 1300
Fax: 02 9876 1471
e-mail: info@healthy-kids.com.au