The South Australian Jockey Club (SAJC) recognises that privacy is important and that individuals have a right to control their personal information. The SAJC acknowledges that providing personal information is an act of trust and takes this seriously. The SAJC is committed to protecting personal information.
This Policy details our information gathering and dissemination practices in compliance with the National Privacy Principles established in the Privacy Act (Cth) 1988, and the Australian Privacy Principles in the Privacy Amendment (Enhancing Privacy Protection Act) 2012.
Unless an individual gives the SAJC consent to act otherwise, this Policy governs how the SAJC handles personal information of individuals.
1 COLLECTION OF PERSONAL INFORMATION
1.1 The SAJC will not collect personal information unless the information is necessary for one or more of its functions or activities.
1.2 The SAJC will only collect personal information by lawful and fair means and not in an unreasonably intrusive way.
1.3 At the time of collecting personal information, the SAJC will make known:
- The name and contact details of the SAJC
- That the individual may gain access to this information at any time
- The purposes for which the information is collected
- The main consequence (if any) for the individual if all or part of the information is not provided
1.4 Where further enquiry is made, the SAJC will provide detail of the information’s purpose and importance to the organisation as a whole.
2 USE AND DISCLOSURE OF PERSONAL INFORMATION
2.1 The SAJC uses personal information for the purposes of administering our business activities, providing the products and services, to process payments, to monitor the use of our online service, to identify trends, for our marketing and promotional efforts and improve our content and service offerings. These uses ultimately improve the SAJC business services.
2.2 The SAJC will not use or disclose personal information about an individual, other than on an aggregate basis, for a purpose other than the primary purpose of collection. Personally identifiable information or business information will not be shared with external parties.
- Where the secondary purpose is directly related to the primary purpose of collection and that the individual would reasonably expect the SAJC to use or disclose the information for the secondary purpose i.e. marketing, newsletters and ordinary distributions to Members’ personal addresses relevant to the business of the SAJC
- Where the individual has consented to the use or disclosure of their personal information
- Where the SAJC reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health, or safety, or to public health or safety
- A circumstance where the SAJC has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reposting to relevant persons or authorities
- The use or disclose is required or authorised by or under law
- The SAJC reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body: (a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; (b) the enforcement of laws relating to the confiscation of the proceeds of crime; (c) the protection of the public revenue; (d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or (e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal
- If the information is not sensitive information and it is impracticable for the SAJC to seek the individual’s consent before that particular use
2.3 Where further enquiry is made, the SAJC will provide detail of the information’s purpose and importance to the organisation as a whole.
2.4 The SAJC will make available its contact details in order to cease direct marketing communications and will adhere, where possible, to a request by the individual to the SAJC to no longer receive these communications.
2.5 If Members or Customers choose to correspond with us through email or via written letter, we may retain the content of the messages together with addresses and responses.
2.6 We do not share, sell, lend or lease any of the information that uniquely identifies a Member or Customer with anyone except to the extent it is necessary to process transactions of provided services.
2.7 All Members with a current email address can login to view and modify all personal details available to the SAJC.
2.8 Members and Customers of the SAJC, consent to the collection and use of personal information as described in this policy.
2.9 The Board of the SAJC may amend this policy from time to time with or without notice, in accordance with legislative requirements.
3 DATA QUALITY
3.1 The SAJC will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date and that Members are contactable directly should the need arise.
4 DATA SECURITY
4.1 The SAJC provides the same protections for electronic communications, mail and telephone.
4.2 The SAJC will take reasonable steps and has policies in place to ensure that sensitive data and personal information is handled appropriately, stored safely and used for its primary purpose without subjectivity to unauthorised access, interference, modification or disclosure.
4.3 The SAJC will take reasonable steps to destroy or permanently de-identify personal information that it no longer requires.
4.4 In the unlikely event of a data breach occurring, the relevant manager or staff member must notify SAJC’s Privacy Officer. A data breach can be defined by instances of personal information being held by the SAJC that is lost, subject to unauthorised access, disclosure, or other misuse or interference. This could include:
- A database containing personal information being hacked or
- Personal information mistakenly provided to the wrong person, or;
- A device or laptop containing personal information is lost or stolen
4.5 Any instances of data breaches will be managed in accordance with the Notifiable Data Breaches (NDB) requirements and recorded on the SAJC’s Incident Report Form.
5 ACCESS AND CORRECTION
5.1 The SAJC will provide individuals with access to their personal information on request by the individual, or in special circumstance to a nominated person on the individual’s behalf (see “special circumstances” below).
- Where providing access would pose a serious and imminent threat to the life or health of any individual
- Where providing access would have an unreasonable impact upon the privacy of other individuals
- Where the request for access is frivolous or vexatious
- If the information relates to existing or anticipated legal proceedings between the SAJC and the individual, and the information would not be accessible by the process of discovery in those proceedings
- Where providing access would reveal the intentions of the SAJC in relation to negotiations with the individual in such a way as to prejudice those negotiations
- Where providing access would be unlawful
- Where providing access would be likely to prejudice an investigation of possible unlawful activity
- Where providing access would be likely to prejudice: (a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; (b) the enforcement of laws relating to the confiscation of the proceeds of crime; (c) the protection of the public revenue; (d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or (e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal
Examples of special circumstances include:
- A spouse, child, carer or nominated person paying for the Member’s yearly subscription on their behalf
- A family member seeking to make changes to existing contact details, or cease subscription to a membership due to ill health or death
- Any other circumstance where a Member or Customer cannot act on their own behalf, as evaluated on a case-by-case basis by the responsible SAJC staff member
5.2 Where an individual is requesting access to an existing Member’s information, they will be asked to provide all details of that person, as well as their own name and contact information, and state an intention to act on the Member’s behalf. Consent must be obtained in writing prior to disclosing the personal information.
5.3 All updated membership subscriptions, requests or changes to details made on behalf of a Member by a trusted person will be documented for future reference if required. Changes made by the member and the date/time of these changes will be noted where possible.
6 COMPLAINTS HANDLING, FURTHER INFORMATION AND FUTURE AMENDMENTS
- Should you have any concerns regarding the use or handling of your personal information, please submit your comments to the SAJC in writing:
via email: email@example.com
via post: 79 Morphett Road, Morphettville, SA 5043
- For further information on the management of personal information relating specifically to membership, please contact the SAJC Membership Department via email firstname.lastname@example.org or phone 08 8295 0111 during business hours.
- The Board of the SAJC may amend this policy from time to time with or without notice, in accordance with legislative requirements.