Red Corner Boxing is committed to protecting the privacy of all individuals who provide personal information to it and is bound by the National Privacy Principles (NPPs), which are effective from 21 December 2001.
Collecting, using and disclosing Information
In addition to collecting and using personal information for conducting our business functions and activities, we may use such information, with consent, for:
Tailoring our offerings to suit our customers preferences; and
Communicating our offerings to our customers and potential customers.
We will only disclose personal information in accordance with the Privacy Act and, where necessary, to our business partners to enable them to provide services contracted out to them.
Data Quality and Security
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date and is destroyed appropriately when no longer required.
Our employees are required to ensure that personal information they are privy to is not divulged, except under appropriate circumstances. They are required to ensure that any such information available to them is protected from theft, damage, loss, unauthorised access and any other form of abuse or improper use.
Improper use or suspected improper use of personal information will result in appropriate disciplinary action being taken.
Access and correction
Individuals will be able to access and correct their personal information upon request in accordance with the legislation, as well as request to “opt-out” from receiving further communications from us.
The Company will only collect information that is necessary for its functions and activities, in a fair and lawful manner.
At or before the time (or, if that is not practicable, as soon as practicable after) the Company collects personal information from an individual, the Company will take reasonable steps to ensure that the individual is aware of:
(a) The Company’s identity and how to contact it;
(b) The fact that he or she is able to gain access to the information;
(c) The purposes for which information is collected;
(d) The organisations (or the type of organisations) to which the Company discloses information of that kind;
(e) Any law that requires the particular information to be collected; and
(f) The main consequences (if any) for the individual if all or part of the information is not provided.
Where it is reasonable and practicable to do so, the Company will collect personal information directly from the concerned individual.
Where the Company collects information from a third party, the Company will take reasonable steps to ensure that the individual concerned is or has been made aware of the matters listed from (a) to (f) above.
Principle 2 – Use and disclosure
The Company will not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:
(a) Both of the following apply:
(i) The secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection;
(ii) The individual would reasonably expect the Company to use or disclose the information for the secondary purpose; or
(b) The individual has consented to the use or disclosure; or
(c) If the information is not sensitive information and the use of the information is for the secondary purpose of direct marketing:
(i) It is impracticable for the Company to seek the individual’s consent before that particular use; and
(ii) The Company will not charge the individual for giving effect to a request by the individual to the Company not to receive direct marketing communications; and
(iii) The individual has not made a request to the Company not to receive direct marketing communications; and
(iv) In each direct marketing communication with the individual, the Company draws to the individual’s attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications; and
(v) Each written direct marketing communication by the Company with the individual (up to and including the communication that involves the use) sets out the Company’s business address and telephone number and, if the communication with the individual is made by fax, telex or other electronic means, a number or address at which the Company can be directly contacted electronically; or
(d) The Company reasonably believes that the use or disclosure is necessary to lessen or prevent:
(i) A serious and imminent threat to an individual’s life, health or safety; or
(ii) A serious threat to public health or public safety; or
(e) The Company has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
(f) The use or disclosure is required or authorised by or under law; or
(g) The Company reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body:
(i) The prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(ii) The enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) The protection of the public revenue;
(iv) The prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(v) The preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
If the Company uses or discloses personal information under paragraph 2.1(g), it will make a written note of the use or disclosure.
Sub-clause 2.1 operates in relation to personal information that the Company has collected from a related body corporate as if the Company’s primary purpose of collection of the information were the primary purpose for which the related body corporate collected the information.
Principle 3 – Data Quality
The Company will take reasonable steps to ensure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.
Principle 4 – Data Security
The Company will take reasonable steps to protect the personal information it holds from misuse and loss from unauthorised access, modification or disclosure.
The Company will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
Principle 5 – Openness
The Company will have clearly expressed policies on its management of personal information and these will be readily available to anyone who asks for it.
The Company will take reasonable steps to let a person know, generally, what sort of personal information it holds, for what purposes, and how it collects, uses and discloses that information.
Principle 6 – Access and correction
Where the Company holds personal information about an individual, it will provide the individual with access to the information on request by the individual, except to the extent that:
(a) Providing access would pose a serious and imminent threat to the life or health of any individual; or
(b) Providing access have an unreasonable impact on the privacy of other individuals; or
(c) The request for access is frivolous or vexatious; or
(d) The information relates to existing or anticipated legal proceedings between the Company and the individual, and the information would not be accessible by the process of discovery in those proceedings; or
(e) Providing access would reveal the intentions of the Company in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(f) Providing access would be unlawful; or
(g) Denying access is required or authorised by or under law; or
(h) Providing access would be likely to prejudice an investigation of possible unlawful activity; or
(i) Providing access would be likely to prejudice:
(ii) The prevention, detection, investigation or prosecution or punishment of criminal offences, breaches of law imposing a penalty or sanction or breaches of a prescribed law; or
(iii) The enforcement of laws relating to the confiscation of the proceeds of crime; or
(iv) The protection of public revenue; or
(v) The prevention, detection, investigation or remedying of seriously Improper conduct or prescribed conduct; or
(vi) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders by or behalf of an enforcement body; or
(j) An enforcement body performing a lawful security function asks the organisation not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
Where providing access would reveal evaluative information generated within the organisation in connection with commercially sensitive decision-making process, the organisation may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
Where direct access to information is not appropriate because of the above reasons, the Company will, if reasonable, consider the use of mutually agreed intermediaries to allow sufficient access to meet the needs of both the parties.
Where the Company charges for providing access to personal information, those charges will:
(a) Not be excessive; and
(b) Not apply to lodging a request for access.
If an individual is able to establish that the personal information held by the Company is not accurate, complete and up-to-date, the Company will take reasonable steps to correct the information so that it is accurate, complete and up-to-date.
If the individual and the Company disagree about whether the information is accurate, complete and up-to-date, and the individual asks the Company to associate with the information a statement claiming that the information is not accurate, complete or up-to-date, the Company will take reasonable steps to do so.
The Company will provide reasons for denial of access or a refusal to correct personal information.
Principle 7 - Identifiers
The Company will not adopt as its own identifier an identifier assigned to an individual by a government agency (or by an agent of, or contractor to, a government agency acting in its capacity as an agent or contractor).
The Company will not use or disclose an identifier assigned to an individual by a government agency (or by an agent of, or contractor to, a government agency acting in its capacity as an agent or contractor), except where clauses (d) to (g) of principle 2 apply.
Principle 8 – Anonymity
Whenever it is lawful and practicable, individuals will have the option of not identifying themselves when entering transactions with the Company.
Principle 9 – Transborder data flows
The Company will not transfer personal data outside Australia unless:
(a) The Company reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the NPPs; or
(b) The individual consents to the transfer; or
(c) The transfer is necessary for the performance of a contract between the individual and the Company, or for the implementation of preâ€‘contractual measures taken in response to the individual’s request; or
(d) The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the Company and a third party; or
(e) All of the following apply:
(i) The transfer is for the benefit of the individual;
(ii) It is impracticable to obtain the consent of the individual to that transfer;
(iii) If it were practicable to obtain such consent, the individual would be likely to give it; or
(f) The Company has taken reasonable steps to ensure that the information, which it has transferred, will not be held, used or disclosed by the recipient of the information inconsistently with the National Privacy Principles.
Principle 10 – Sensitive information
The Company will not collect sensitive information about an individual, such as racial or ethnic origin, political, religious or philosophical beliefs or affiliations, membership of professional or trade association or trade union, sexual preferences or practices, criminal record or health information unless:
(a) The individual has consented; or
(b) The collection is required by law; or
(c) The collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is physically or legally incapable of giving consent; or
(d) The collection is necessary for the establishment, exercise or defence of a legal or equitable claim.