Privacy Statement

1. PURPOSE
We are committed to the protection of personal privacy as required under the Privacy Act 1988 (Cth) ("the Privacy Act") and have adopted a set of privacy principles based on the National Privacy Principles contained in Schedule 3 of the Privacy Act.

2. Our Privacy Protection Principles are:
Principle 1 - Collection
We will only collect personal information that is necessary for one or more of its functions or activities. We will only collect personal information by lawful and fair means and not in an unreasonably intrusive way. At or before the time (or, if that is not practicable, as soon as practicable thereafter), we collect personal information about an individual from the individual, we will take reasonable steps to ensure that the individual is aware of:
(a) How to contact us
(b) The fact that he or she is able to gain access to the information;
(c) The purposes for which the information is collected;
(d) The organisation to which we usually discloses information of that kind; and
(e) The main consequences (if any) for the individual if all or part of the information is not provided.

If it is reasonable and practicable to do so, we will collect personal information about an individual only from that individual. If we collect personal information about an individual from someone else, we will take reasonable steps to ensure that the individual is or has been made aware of the matters listed from (a) to (e).

Principle 2 - Use & Disclosure
We will only use or disclose personal information about an individual for a purpose other than the primary purpose of collection (a secondary purpose) if:

Both of the following apply:
The secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection;
the individual would reasonably expect us to use or disclose the information for the secondary purpose; or
The individual has consented to the use or disclosure;
Principle 3 - Data Quality
We will take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.

Principle 4 - Data Security
We will take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
We will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under our Privacy Protection Principle 2.

Principle 5 - Openness
We will set out in a document clearly expressed policies on its management of personal information. We will make the document available to anyone who asks for it. On request by an individual, we will take reasonable steps to let the individual know, generally, what sort of personal information it holds, for what purposes, and how it collects, uses, and discloses that information.

Principle 6 - Access and Correction
If we hold personal information about an individual, we will provide the individual with access to the information on request by the individual, in a form or manner suitable to the individual's reasonable needs.

Principle 7 - Identifiers
Except as specifically authorised under the Privacy Act, we will not adopt as its own identifier of an individual an identifier of the individual that has been assigned by:

An agency; or
An agent of an agency acting in its capacity as agent; or
A contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.
We will not use or disclose an identifier assigned to an individual by an agency (or by an agent or contracted service provider mentioned above) unless:

The use of disclosure is necessary for us to fulfill its obligations to the agency;
One or more of paragraphs in Privacy Protection Principle 2 above apply to the use or disclosure; or
The use or disclosure is permitted under the regulations to the Privacy Act.
Note - the terms 'agency' and 'contracted service provider' in Privacy Protection Principle 7 are defined in the Privacy Act, but, in general, relate to Commonwealth Government agencies.

Principle 8 - Anonymity
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves when entering transactions with us. However, in most cases it will not be practicable for the transactions to proceed to finality or for us to provide pre and post-paid services without requiring their identification.

Principle 9 - Sensitive Information
We will not collect Sensitive Information about an individual unless:

the individual has consented; or
the collection is required by law; or
the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns:
is physically or legally incapable of giving consent to the collection; or
physically cannot communicate consent to the collection; or
the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

Principle 10 - Privacy of Network Communications
When installing, operating, or maintaining our network, we will take whatever measures are practicable, or are required by law, to ensure the privacy of communications passing over our network.

Principle 11 - New Services and Developments and Procedures.
we will consider the privacy impact of new business processes and services before they are introduced.

Privacy expectations
We will provide services with privacy standards that are commensurate with community expectations and which enables individual customers to choose a higher degree of privacy protection where practicable.

Privacy implications of change
The privacy impact arising from the introduction of the new services or products will be balanced against their benefit to the general community and will take into consideration the extent, means and cost by which privacy concerns can be mitigated. Where practicable, we will provide customers with the ability to choose between differing degrees of privacy protection.

Principle 12 - Compliance Audit
We will maintain an independent compliance audit program to ensure its Privacy Protection Principles and policies remain appropriate and that we operate in compliance with those Principles and policies.

3 DEFINITIONS
Identifier includes a number assigned by an organisation to an individual to identify uniquely that individual for the purposes of the organisation's operations. However, an individual's name or ABN (as defined in A New Tax System (Australian Business Number) Act 1999) is not an identifier. Individual means a natural person.

Monitoring means the listening to, reading or recording of a communication during the course of its passage over a telecommunication system.

Participant monitoring means the listening to, reading or recording of, a communication during the course of its passage over a telecommunication system by a party to that communication and by using equipment forming part of the service.

Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Privacy Act means the Privacy Act 1988 (Cth), as amended from time to time.
Seriously Improper Conduct includes corruption, a serious abuse of power, a serious dereliction of duty, or any other seriously reprehensible behaviour.

Surveillance means the systematic observance of a person's behaviour, communication or personal information.
Third Party in relation to personal information, means any organisation or individual other than us holding the information and the individual who is the subject of the information.

Unless otherwise specified, words in this document have the meaning set out in the Privacy Act.