ARTD Consultants is committed to the Australian Privacy Principles (APPs) and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.
We have adopted the APPs contained in the Privacy Act 1988 (Cth) (the Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.aoic.gov.au
1.1 What is Personal and Sensitive Information and why do we collect it?
Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect include: names, addresses, email addresses, phone and facsimile numbers.
Personal Information is obtained in many ways including interviews, correspondence, by telephone, by email, via our website www.artd.com.au, from social media, publicly available sources, cookies (data generated by your computer as you interact with a website) and from third parties such as our clients.
We collect Personal Information for the purposes of undertaking research and providing other consultancy services commissioned by our clients, providing information to our clients.
Through our website and social media, we collect information for answering client requests, communication and marketing.
When we collect Personal Information we will explain to you why we are collecting the information and how we plan to use it. We will only use your personal information for this stated purpose (for example, you will only be added to our marketing mailing lists if you subscribe or otherwise provide your email address for that purpose, not if you participate in a survey).
ARTD may also receive sensitive information from clients such as administrative data records. Through our work, we may also turn personal information into sensitive information by collecting survey responses that are stored with the personal information.
Sensitive information is a type of personal information and includes information about an individual’s:
- health (including predictive genetic information)
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
- biometric information that is to be used for certain purposes
- biometric templates
Sensitive information will be used by us only:
- For the primary purpose for which it was obtained
- For a secondary purpose that is directly related to the primary purpose
- With your consent; or where required or authorised by law.
1.2 Personal information collected on our website and social media
We don’t guarantee website links or policy of authorised third parties.
You may unsubscribe from our mailing/marketing lists at any time by clicking ‘unsubscribe’ or contacting us in writing.
1.3 Default position for personal and sensitive information collected during a consultancy project
When undertaking a consultancy project we:
- seek information from informants lawfully, with their consent as appropriate, and used only for the purposes of the consultancy
- advise informants of the intended primary and secondary use for the collected information
- keep information and documents in secure places and do not divulge them to any other party
- keep information only for the purposes of ARTD’s work, record-keeping, or research validation, and de-identify information within the terms of the Australian Privacy Principles’ application to our work.
We are committed to maintaining privacy and confidentiality for informants. To do this we:
- prepare protocols for collecting information from stakeholders
- provide a clear explanation of the purpose of the research and how their information will be used to potential participants, noting that participation is voluntary
- seek informed consent for participation and give interviewees the option to opt out at any time
- when using case studies or direct quotes, we change names and remove details that would make persons identifiable.
Our policy is not to receive sensitive information unless necessary. Any sensitive information that is received that is not necessary for the project and that includes identifying information must have all identifying information deleted immediately from the server and from emails. If we do receive or collect sensitive information, we will separate the identifying information from its related entity (i.e. person). We will create a linkage key that includes all the personal information such as name, address, date of birth, or any other factors that could likely make the data re-identifiable. This data will be placed in a partitioned drive to allow re-identification if necessary and will be destroyed as per the time frames in this policy. Survey responses are not stored with their identifying personal information.
Electronic records will be retained as part of ARTD’s disaster recovery system. The linkage key will be deleted 7 years after the completion of the project.
Paper records should be secured in a location that cannot be accessed without ARTD credentials and will generally be kept onsite for 12 months, then moved off site. They should be destroyed 7 years after the completion of the project.
1.4 Limitation of this policy
This policy is not intended to replace specific contractual requirements in any project which will take precedence.