Issue Date: October 2018
Who does this policy apply to and what does it cover?
This policy sets out how Shoalhaven Ex-Servicemen’s Club Limited and its related entities (“Club”, “we”, “us” or “our”) collect, use, disclose and hold “personal information”.
“Personal information” means information or an opinion about an individual (who can reasonably be identified), whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
What is our privacy commitment to you?
We are committed to complying with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) by protecting the privacy and confidentiality of your personal information.
When we collect, use, disclose, store, access or correct your personal information, our actions will comply with the Privacy Act and the Australian Privacy Principles.
Where appropriate, we will handle your personal information relying on the employee records exemption and the related bodies corporate exemption in the Privacy Act.
What kinds of personal information does the Club collect and hold?
We collect and hold a wide range of personal information, and in some cases sensitive information, including:
From time to time, we may collect additional information about you related to surveys, promotions and particular services or activities at or in connection with the Club.
Wherever practicable, we will advise you of the information being collected about you and provide you with an opportunity to refuse the collection of that information.
How do we collect your personal information?
Your personal information is collected as a result of your visits to, or dealings with, the Club. Information is collected by recording information that you provide to us, by electronic means, and by the observations of our staff. We collect personal information when you:
In general, if you contact us, we may keep a record of that correspondence.
We only collect personal information about you from you, unless it is unreasonable or impractical to do so.
For example, it may be unreasonable or impractical to collect information from you when the information is provided by other members, our staff or the Police.
Will I be notified that my personal information is being collected?
When we collect information from you, we will take reasonable steps to notify you (or otherwise ensure that you are aware) of the following:
One way we notify you of the above is by making you aware of this policy.
If you give us personal information about others, we expect that you will tell them about this policy.
Is the Club required by law to collect personal information?
As a registered club, we have a legal responsibility to collect certain information about our members and guests pursuant to legislation, including the Registered Clubs Act 1976 (Registered Clubs Act), Corporations Act 2001 (Corporations Act), Gaming Machines Act 2001, Liquor Act 2007, Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and Work Health and Safety Act 2011.
For example, when a person applies for membership of the Club, we must collect details including their name and address. We must display this information on the Club’s notice board before our Board is able to consider the application for membership. We also may need to provide this information to any member of the general public who makes a request under certain legislation, including the Corporations Act.
Temporary members, guests of members and other visitors to the Club may be required to produce a recognised form of identification (such as a driver’s licence or passport) to gain entry into the licenced premises.
If you elect to use our electronic ID scanner, we will collect information from your ID at the time you enter the Club. More information about our electronic ID scanners appears below.
For what purposes does the Club collect, hold, use and disclose your personal information?
We collect, hold, use and disclose your personal information to operate the Club, carry out certain activities, provide products and services to you, other members and guests and other members of the public, and comply with our legal obligations. The purpose of collecting your personal information is to undertake one or more of the following activities or functions:
What happens if you don’t provide your personal information?
If you don’t give the Club your personal information, you may not be able to become a member of the Club or use the Club’s services or facilities.
You have the option of not identifying yourself, or of using a pseudonym, when dealing with us. However, this will be limited to enquiries of a very general nature and only over the telephone or by email.
In most circumstances, you will be unable to deal with the Club anonymously or with a pseudonym because of our obligations under the Registered Clubs Act.
How do we use your personal information?
We use your personal information primarily to allow us to carry out the activities and functions listed above. We also use your personal information for secondary purposes related to those activities and functions, or when permitted under the Privacy Act.
The Club may also use the personal information we collect from you for direct marketing of products and services to you, including from third parties. Such products and services may include the provision of newsletters, competitions, announcements, campaigns or information about shows and entertainment at the Club or services offered by the Club.
You can refuse any direct marketing by contacting our Privacy Officer.
Does the Club disclose my personal information to others?
There may be times when we may need to disclose your personal information to third parties that we engage to provide services to or in connection with the Club, including our related entities, our insurers, ClubsNSW, our sponsors, our legal or financial advisers and other Club members.
Your personal information will only be disclosed to third parties for a purpose permitted by the Privacy Act and/or this policy and, where required, after obtaining your consent.
We may need to disclose your personal information to third parties for the purposes of allowing us to carry out the activities and functions mentioned in this policy.
For example, from time to time, the Club engages external companies to send direct marketing information (usually via email or SMS), carry out mail services, and provide IT storage and other services.
A third party will only receive your personal information from the Club where that information is necessary for that third party to provide services to or in connection with the Club and the Club will always require that the third party comply with the Privacy Act when dealing with your personal information.
We will also disclose your personal information to third parties if we are required or authorised to do so by law, including to law enforcement agencies, the Office of the Australian Information Commissioner, the Australian Electoral Commission, the Department of Family and Community Services and the Australian Taxation Office.
FREQUENTLY ASKED QUESTIONS
How does this policy apply to the Club’s sub-clubs and its related entities
The Club operates a number of sub-clubs, including a cricket club, a fishing club, an indoor sports club and others. These sub-clubs form part of the Club.
For the purposes of the Privacy Act, a sub-club’s collection, use, disclosure or storage of your personal information is the Club’s collection, use, disclosure or storage of your personal information.
If a sub-club (being part of the Club) collects, uses, discloses or stores your personal information, it will comply with this policy when doing so.
The Club may have one or more related entities, also known as “related bodies corporate”.
These related entities are separate legal entities to the Club, but are related to the Club in some way (e.g. the Club owns the related entity, or the related entity owns the Club).
The Privacy Act permits related entities to share personal information in certain circumstances.
Is there surveillance at the Club?
All venues operated by the Club are subject to video and audio surveillance for security reasons, including to monitor the safety of members, guests and employees and to protect the Club’s assets.
The footage and audio recordings may be used in disciplinary proceedings and/or to investigate incidents and may be disclosed to our legal representatives, our insurers and law enforcements agencies.
Do I have to use the electronic ID scanner to enter the Club’s premises?
No. You are not obliged to scan your identification to enter the Club’s premises.
If you prefer, you can manually enter your name, address and signature (as required by the Registered Clubs Act) into the terminal and present your identification to staff who will confirm your details.
What information is collected from the electronic ID scanners?
The electronic scanners used by the Club may retain a full copy of your ID.
Where this applies, the Club collects all of the information recorded on your ID (which may include sensitive information).
Our electronic ID scanners store data in a password protected, encrypted database.
Why does the Club use ID scanners?
Under the Registered Clubs Act, we are required to maintain a register of the name, address and signature of temporary members and guests over the age of 18 who enter the Club’s premises. This information must be retained by us for at least three years.
Previously, we provided paper registers that needed to be filled out by hand, which was slow and cumbersome and wasted paper.
The Club now offers scanning terminals, which are quicker and more efficient for persons who want to enjoy the facilities of the Club, but do not want to manually write in their details.
ID scanners are a secure way for the Club to collect information about persons entering the Club’s premises.
ID scanners are also environmental friendly in that they have helped the Club reduce its paper usage and storage of certain hardcopy records.
The collection of personal and sensitive information of the individuals who choose to scan their identification is reasonably necessary for the activities and functions of the Club.
How do we hold and protect your personal information?
Personal information that is held by us is stored electronically and/or in hardcopy.
We take reasonable steps to ensure that your personal information is safe and secure from unauthorised access, use or disclosure.
Information that is stored electronically on our servers is restricted and password protected and only accessible to certain employees and third party IT service providers.
Video surveillance is stored on our digital recorders, which are maintained in a restricted access area and password protected.
Your personal information is securely destroyed when it is no longer needed or when it is out of date.
What happens if my personal information is involved in a data breach?
The Club has various security measures in place to protect your personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure.
In the unlikely event that the Club’s security measures are compromised and your information is the subject of a data breach, the Club will comply with its obligations for responding to data breaches outlined in the Privacy Act.
Upon becoming aware of a data breach, the Club will take urgent steps to contain the breach, mitigate any risk of harm and determine who may have been affected.
The Club will then assess the breach, including any potential for harm, and determine whether the breach is likely to result in serious harm to any person whose data was involved.
If the Club has reasonable grounds to believe that the breach is likely to result in serious harm to you, the Club will notify you of the breach as soon as possible. The Club will also notify the Office of the Australian Information Commissioner.
Following a breach, the Club will conduct a review of its security measures and implement any additional measures it considers necessary to enhance the security of your information.
Are we likely to disclose personal information overseas?
It is unlikely that we will disclose your personal information overseas. However, if you agree to information being put on our websites or social media pages then this could be accessed by other countries.
We occasionally use secure cloud servers. This involves the use of servers that may be located in other countries and may constitute a disclosure under the Privacy Act.
Using the Club’s websites and social media sites
The websites and social media pages operated by or in connection with us may collect personal information for the purposes outlined in this policy.
Any information collected by us as a result of your use of those websites and pages will be handled in accordance with this policy.
Any hyperlinks are provided for reference only. We do not have control over websites and pages operated by third parties and are not responsible for the content available on such websites or pages or the privacy practices of those third parties.
What does this policy mean?
By entering, visiting or dealing with the Club, you consent to the terms of this policy.
From time to time, your additional consent will be sought for the collection, use or disclosure of your personal information for purposes other than as set out in this policy.
If you do not agree to this policy or do not wish to receive direct marketing information from or in connection with the Club, please contact our Privacy Officer.
How do I access, update or correct the personal information held by the Club about me?
You can request access to the personal information we hold about you by contacting our Privacy Officer.
We will not charge you for making the request. However, we may need to charge you for our time to answer your request. We will advise you in advance if there are to be any charges associated with complying with your request.
We will respond to your request within a reasonable timeframe (usually not more than 30 days).
When you request access, we may need further information from you to verify your identity.
There are a number of reasons why we may be unable to give you access to your personal information held by the Club. If we are not able to provide access, we will provide you with written reasons.
If you believe any of the personal information that we hold about you is incorrect, you can ask us to correct it and we will take reasonable steps to ensure that it is accurate, up-to-date, relevant and not misleading.
If we refuse to correct your personal information, we will give you written reasons.
How do I make a complaint about privacy related to the Club?
If you believe we have breached the Privacy Act or any of the Australian Privacy Principles, or if you have any issues about the Club’s collection, use, disclosure or storage of your personal information, please contact our Privacy Officer.
When contacting our Privacy Officer, please give us enough details to be able to identify you, understand your issue or complaint and respond appropriately.
We will respond to you within a reasonable timeframe (usually not more than 30 days).
If you are unhappy with how we handle your issue or complaint, you are entitled to make a privacy complaint to the Office of the Australian Information Commissioner.
How do I contact the Privacy Officer at the Club?
You can contact the Privacy Officer by:
Phone: 4421 6855
Facsimile: 4421 4679
Post: 157 Junction Street, Nowra NSW 2541
How do I contact the Office of the Australian Information Commissioner?
Please visit the Office of the Australian Information Commissioner’s website for contact details.