2) Personal Information
Personal Information refers to information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether it is true or recorded in a material form.
3) Sensitive Information
Sensitive information is personal information regarding an individual's race, political opinion and affiliations, religious beliefs or affiliations, philosophical beliefs, membership of professional or trade unions or associations, sexual orientation or criminal record.
4) Collection of Personal and Sensitive Information
CEC will not collect personal information unless the information is reasonably necessary for one or more of its functions and activities. Further, sensitive information may only be collected if it is necessary and the individual consents to the collection.
All collection of personal information must be by fair and lawful means. Whenever it is reasonable and practicable to do so, CEC will only collect personal information about an individual from that individual, and otherwise will take reasonable steps to ensure that the individual is made aware of the required matters.
CEC may collect information about individuals' visits to CEC-owned websites using automatic collection tools, such as "cookies". We do this in order to monitor traffic patterns and serve individuals more efficiently if they revisit the sites. Such tools do not identify individuals personally, but they can provide information such as the individuals' browser type and language, access times, Internet Protocol addresses and behaviour (e.g. pages visited, links clicked).
5) Use and Disclosure of Personal Information
At the time personal information is collected or as soon as practicable afterwards, CEC will notify the individual concerned of:
a) of CEC's identity and contact details;
b) the circumstances and purpose of the collection;
c) the main consequence if the information is not collected;
d) any third parties to which the information may be disclosed;
e) whether disclosure to an overseas entity is likely; and
CEC may use and/or disclose personal information for the primary purpose for which it was collected or received for use on a consulting engagement. Such primary purposes may include:
a) to deliver goods and services to CEC's clients;
b) to administer and improve the performance of CEC-owned websites;
c) to address and respond to concerns or other correspondence from customers;
Personal information may only be used or disclosed for the primary purpose for which it was collected. Using it for a secondary purpose is prohibited unless:
a) the individual has consented to that secondary purpose;
b) the individual would reasonably expect the disclosure or use for the secondary purpose which is related to the primary use; or
c) the secondary purpose is required or permitted by law.
CEC will never sell or rent personal information collected by it to third parties for marketing purposes.
Once the information is no longer of use to CEC, and if there is no legal requirement to retain it, all reasonable steps will be taken to either destroy or de-identify the information.
6) Quality of Information
CEC will take all reasonable steps to ensure that the personal information that it collects, uses and discloses is accurate, up to date and complete. We will also take steps to maintain and update that information when advised of incorrectness or change.
If an individual establishes that personal information which CEC holds about him/her is not accurate, complete and up-to-date, CEC will take all reasonable steps to correct the information.
7) Security of Information
We have an obligation to take such steps as are reasonable in the circumstances to protect any personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure.
CEC uses data cloud storage for some of its records including google for email and project record storage, Podio.com primarily for our client records and internal information and Salesforce.com for some project records on Salesforce related projects. As a security measure in addition to what has been provided by Google apps, CEC enforces all staff to renew their password every 3 months (a strong password as defined by Google must be used at all times). Google Apps services provide the ability to access all data using HTTPS encrypted tunnels. CEC has chosen to require this option for our users, which helps ensure that no one except the user has access to his or her data. This is true for access to Gmail, Google calendar, and Chat, Drive and Sites data via our web applications. The mobile email client also uses encrypted access to ensure the privacy of communications.
The same or equivalent privacy and confidentiality laws and standards bind all members of our organisation.
We have contractual arrangements in place with all our service providers to protect your information up to the same standards as if we stored the information ourselves and to prevent them using the information for any purposes than our own.
We also conduct due diligence on any third party provider to ensure that they take the protection of our client's information as seriously as we do.
8) Access to Information
Individuals have a right to request access to their personal information and to request its correction by contacting CEC via the contact details provided on our website. On request by a person, CEC will take all reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
9) Cross Border Disclosure of Information
Our use of data cloud storage means that data may be stored overseas. Customer information may only be accessed by employees of CEC and will not be used for marketing purposes without specific prior permission.
Should personal or sensitive information be transferred or disclosed to overseas entities, it is the obligation of the discloser to take all reasonable steps to ensure that the receiving entity abides by the Australian Privacy Principles and the Privacy Act.
Children (persons under the age of 18 years) are eligible to access and use CEC website. However, if you are under the age of 15 we request that you obtain the consent of your parent/s or guardian/s before submitting any personal information to the Site.
CEC reserves the right to change this Policy from time to time, in accordance with relevant circumstances. If we do so, we will post the revised Policy here. We may also give notice by other means, such as a message on our website.
Any complaints, problems or queries regarding CEC's management of personal information should be directed to CEC's Privacy Officer by emailing firstname.lastname@example.org or calling (02) 8071 4550.