The Privacy Act 1988 (Privacy Act) provides protection to individuals against the mishandling of personal information and applies to organisations which include individuals, partnerships, corporations and unincorporated associations. It does not apply to individuals in a non-business capacity.
Amendments were passed to the Privacy Act in November 2012 with the new privacy regime taking effect from 12 March 2014. This new regime, including the adoption of a single set of 13 Australian Privacy Principles (APPs), apply to Government agencies and private sector organisations (‘APP entities’) which include community pharmacies, pharmacist consultants and other pharmacy businesses. The APPs set out what can and cannot be done with an individual’s personal and health information. Details of each APP are available from www.oaic.gov.au
The Office of the Australian Information Commissioner (OAIC) has adopted an enforcement approach to the reforms. The OAIC compliance focus in the months following 12 March 2014 will be on working with entities to ensure that they understand the new requirements and have the systems in place to meet them. In resolving matters brought to the attention of the OAIC it will take into account the steps taken by entities to genuinely prepare for the changes and to comply with the new legal requirements.
In the case of individual complaints the OAIC would expect to see the individual try to resolve a matter with the organisation or agency first. If the respondent is a member of a recognised External Dispute Resolution scheme, the OAIC would expect the individual to have first accessed that scheme. If a matter is accepted by OAIC, the OAIC will always attempt to resolve issues through conciliation. In relation to Commissioner initiated investigations the OAIC will work with respondent organisations and agencies to resolve the matter.
Where conciliation or working with entities is not effective, the OAIC may use other tools, including determinations, enforceable undertakings or in the case of serious or repeated breaches, initiating court proceedings for civil penalties. This is consistent with OAIC current practices and the approach of the OAIC for some time.
Condensed Privacy Policy
Scope
This Condensed Privacy Policy applies to personal information collected by the Pharmacy Guild of the Australian (the Guild).
The Guild has adopted the Layered Privacy Notice format. This document provides a succinct overview of how the Guild handles personal information.
The Guild’s Complete Privacy Policy can be accessed on the Guild’s website and below.
Personal Information Handling Practices
Collection
The Guild usually collects personal information about individuals directly from those individuals or their authorised representative.
The Guild sometimes collects personal information from a third party or from a publicly available source, but only if the individual has consented to such collection or would reasonably expect us to collect their personal information in this way.
The Guild only collects personal information for purposes which are directly related to our functions or activities, and only when it is necessary for or directly related to such purposes.
Use and disclosure
The Guild will only use personal information for the purposes for which the Guild collected it – purposes which are directly related to one of its functions or activities.
The Guild does not give personal information about an individual to other Government agencies, private sector organisations or anyone else unless one of the following applies:
- the individual has consented
- the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
- it is otherwise required or authorised by law
- it will prevent or lessen a serious and imminent threat to somebody’s life or health, or
- it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
The Guild applies Google Analytics Advertising Features to its following websites:
Data security
The Guild take steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure, and against other misuse.
When the personal information it collects is no longer required, The Guild will destroy or delete it in a secure manner, in accordance with Guild’s Record Management Policy.
Access
An individual can access the personal information that the Guild holds about them, and can request the Guild to correct the personal information it holds about them. For more information, see the Guild’s Complete Privacy Policy – ‘Access and correction’.
If listed on one or more of the Guild’s media or network email lists an individual can opt out at any time by using the ‘unsubscribe’ options noted in the Guild’s emails.
The Guild’s obligations
The Guild is bound by the Privacy Act 1988 (Privacy Act) which legislates the way the Guild collects, stores, provides access to, uses and discloses personal information.
For more information see the Guild’s Complete Privacy Policy.
How to contact the Guild
For further information contact: guild.nat@guild.org.au or alternatively you can write to the Guild at PO Box 310, Fyshwick, ACT 2609.
Complete Privacy Policy
About this policy
Purpose
The purpose of this privacy policy is to:
- clearly communicate the personal information handling practices of the Pharmacy Guild of Australia (the Guild)
- enhance the transparency of the Guild’s operations, and
- give individuals a better and more complete understanding of the personal information that the Guild holds, and the way the Guild handles that information.
I don’t have time to read the whole policy. What should I read first?
The Guild’s privacy policy has been developed to follow the ‘layered policy’ format, which means that it offers layers of greater or lesser detail so people can read as much as they wish and find what they need fast.
If all that is required is a snapshot of the Guild’s personal information handling practices, refer to the Guild’s CONDENSED PRIVACY POLICY . This offers an easy to understand summary of:
- how the Guild collects, uses, discloses and stores personal information, and
- how an individual can contact the Guild to access or correct personal information the Guild holds about them.
- If, in search of a more comprehensive explanation of the Guild’s information handling practices, then this document is appropriate. This document forms the ‘detailed’ layer of the Guild’s privacy policy.
Outline of this policy
‘Part A — Personal Information Handling Practices’ explains the Guild’s general information handling practices across the organisation including information about how the Guild collects, uses, discloses and stores personal information.
‘Part B — Files’ offers further detail by explaining the Guild’s personal information handling practices in relation to specific Guild functions or activities.
‘Part C — Online’ explains the Guild’s personal information handling practices when visiting its website(s).
Part A — Personal Information Handling Practices
Obligations under the Privacy Act
This privacy policy sets out how the Guild complies with its obligations under the Privacy Act 1988 (Privacy Act).
As an ‘APP entity’, this Guild is bound by the Australian Privacy Principles (APPs) in the Privacy Act which regulate how APP entities may collect, use, disclose and store personal information, and how individuals may access and correct personal information held about them.
In this privacy policy, ‘personal information’ has the same meaning as defined by section 6 of the Privacy Act:
information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
Collection
It is the Guild’s usual practice to collect personal information directly from the individual or their authorised representative.
Sometimes the Guild collects personal information from a third party or a publicly available source, but only if the individual has consented to such collection or would reasonably expect the Guild to collect their personal information in this way, or if it is necessary for a specific purpose such as the investigation of a privacy complaint.
In limited circumstances the Guild may receive personal information about third parties from individuals who contact the Guild and supply the Guild with the personal information of others in the documents they provide to us.
The Guild only collects personal information for purposes which are directly related to our functions or activities under the Privacy Act or Freedom of Information Act 1982 (FOI Act) and only when it is necessary for or directly related to such purposes.
Enquiries:
- when an individual contacts the Guild asking for information or advice about the Guild’s functions and its operations.
Policy advice:
- when the Guild has contact with officers in Australian, State and Territory Government agencies, private sector organisations or individuals for the purpose of analysis and advice
- when the Guild plans consultation with stakeholders who it believes will want to be consulted
- when the Guild research policy issues.
Communication and education:
- when people ask to be on an email or mailing list so that the Guild can send them information about its activities and publications
- when the Guild records who it has had contact with in relation to media or other public relations events
- when the Guild conduct events, or deliver training.
Administrative activities:
- when the Guild process membership applications and renewals
- when the Guild manages its personnel and corporate service functions.
For more detailed information about these purposes and the information handling practices that apply to them, see Part B – Files.
The Guild also collects personal information (including contact details) as part of its normal communication processes directly related to those purposes, including:
- when an individual emails Guild staff members
- when an individual telephones the Guild
- when an individual provides the Guild with their business card.
Use and disclosure
The Guild only uses personal information for the purposes for which it was given to the Guild, or for purposes which are directly related to one of the Guild’s functions or activities, and the Guild does not give it to other organisations, government agencies, or anyone else unless one of the following applies:
- the individual has consented
- the individual would reasonably expect, or has been told, that information of that kind is usually passed to those individuals, bodies or agencies
- it is otherwise required or authorised by law
- it will prevent or lessen a serious and imminent threat to somebody’s life or health
- it is reasonably necessary for the enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection of public revenue.
Data quality
The Guild take steps to ensure that the personal information it collects is accurate, up to date and complete. These steps include maintaining and updating personal information when the Guild is advised by individuals that their personal information has changed, and at other times as necessary.
Data security
The Guild take steps to protect the personal information it holds against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system securing paper files in locked cabinets and physical access restrictions.
When no longer required, personal information is destroyed in a secure manner in accordance with the Guild’s Records Management Policy and Procedures.
Access and correction
If an individual requests access to the personal information the Guild holds about them, or requests that the Guild change that personal information, the Guild will allow access or make the changes unless the Guild considers there is a sound reason under the Privacy Act, FOI Act or other relevant law to withhold the information, or not make the changes.
If the Guild does not agree to provide access to personal information or to amend or annotate the information it holds about them, the individual can pursue the matter further with the Office of the Australia Information Commissioner.
Individuals can obtain further information about how to request access or changes to the information the Guild holds about them by contacting the Guild (see details below).
How to contact the Guild
Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting the Guild:
National Secretariat
Level 2, ‘Pharmacy Guild House’
15 National Circuit
Barton ACT 2600
PO BOX 310
Fyshwick ACT 2609
Ph: 02 6270 1888
Fax: 02 6270 1800
Email: guild.nat@guild.org.au
Website: www.guild.org.au
Australian Capital Territory
Level 3, Computer Associates House
10 National Circuit
Barton ACT 2600
PO Box 13
Deakin West ACT 2600
Ph: 02 6270 8900
Fax: 02 6270 8910
Email: guild.act@guild.org.au
Website: www.guild.org.au/ACT
New South Wales
84 Christie Street
St Leonards NSW 2065
Locked Bag 2112
St Leonards NSW 1590
Ph: 02 9467 7100
Fax: 02 9467 7101
Email: anne.bidstrup@nsw.guild.org.au
Website: www.guild.org.au/NSW
Northern Territory
Level 3, Oasis Building
43/29 Woods Street
Darwin NT 0800
GPO Box 1554
DARWIN NT 0801
Ph: 08 8944 6900
Fax: 08 8981 7518
Email: office@ntguild.org.au
Website: www.guild.org.au/NT
Queensland
132 Leichhardt Street
Spring Hill QLD 4000
PO Box 457
Spring Hill QLD 4004
Ph: 07 3831 3788
Fax: 07 3831 9246
Email: guild.qld@qldguild.org.au
Website: www.guild.org.au/QLD
South Australia
12/202 Glen Osmond Road
Fullarton SA 5063
Ph: 08 8304 8300
Fax: 08 8333 1729
Email: guildsa@guild.org.au
Website: www.guild.org.au/SA
Tasmania
2nd Floor Knopwood House
38 Montpelier Retreat
Battery Point TAS 7004
PO Box 215
Battery Point TAS 7004
Ph: 03 6220 2955
Fax: 03 6220 2966
Email: guild.tas@guild.org.au
Website: www.guild.org.au/TAS
Victoria
Level 2, 40 Burwood Road
Hawthorn VIC 3122
Ph: 03 9810 9999
Fax: 03 9819 2542
Email: info@vic.guild.org.au
Website: www.guild.org.au/VIC
Western Australia
1322 Hay Street
West Perth WA 6005
PO Box 968
West Perth WA 6872
Ph: 08 9429 4100
Fax: 08 9324 2075
Email: reception@wa.guild.org.au
Website: www.guild.org.au/WA
Part B – Files: how the Guild handles specific types of files that contain personal information
Guild Electronic Membership Management (GEMM)
Purpose
The Guild, through its Customer Relationship Management (CRM) system collects personal information to:
- Manage information about their clients or constituents
- Manage interactions with their clients or constituents
- Manage business relationships and connections between clients or constituents
- Perform analytics
- Facilitate workflow and business processes
- Organise and manage the data
- Interface the solution and/or data with other solutions, such as Accounting applications, and the
- ‘Find A Pharmacy’ application.
- Support applications which connect consumer’s with pharmacies
- Share information with related organisations and ICT systems.
The Guild collects personal information through its CRM system, known as GEMM, to enable the Guild to perform the following specific functions:
- Member Record Management
- Pharmacy Record Management
- Activity Record Management
- Invoicing and Payment Management
- Navigation and Search
- Geo Location
- Reporting
- Bulk Editing
- Auditing
- Managing Business Units
- Security and Access
- Marketing
- Correspondence
- Locate pharmacies near a client.
Collection
The Guild collects personal information directly from their clients or constituents, or their authorised representatives.
The Guild may also collect personal information about clients or constituents from third parties, when it is relevant to functions listed above.
Use and disclosure
The Guild only uses the personal information it collects to carry out the functions listed above.
The Guild may use the personal information it holds to make contact with the clients or constituent and any other relevant individual, agency or organisation.
Data quality
The Guild maintains and updates the personal information it holds as necessary or when advised by individuals that their personal information has changed.
Data security
The personal information collected is held in electronic databases. Some personal information is also held in paper files.
Guild staff members have access to the electronic databases with access restricted based on their roles as:
- IR Managers
- Membership Managers
- General users
The GEMM database maintains audit trails whenever personal information is amended or deleted on the database.
The GEMM database does not allow records to be deleted, but made inactive. This is specifically to be able to maintain an ownership and membership history.
Access and correction
For information about how to access or correct personal information held in enquiries files see ‘Access and correction’ in Part A of this document.
Policy Files
Purpose
The purpose of policy files is to store policy correspondence, analysis, working papers and other documents that relate to the Guild’s functions to:
- draft and provide advice
- examine advice
- issue guidance
- undertake research
- conduct consultations
- approve draft documents and
- maintain a register of stakeholder consultation.
The limited personal information in policy files relates to correspondence and submissions from people with an interest in health policy, community pharmacy issues, and people working for or representing agencies or organisations with an interest in health policy and community pharmacy issues. This includes people working for an organisation, group or association representing a particular sector of the community.
Collection
The Guild collects personal information in policy files directly from individuals or their agencies or organisations, or from publicly available sources such as websites or telephone directories.
Use and disclosure
Personal information in policy files is only used for the purpose of undertaking policy research, providing advice or exercising our statutory functions.
The personal information on policy files is not disclosed to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.
Data quality
The Guild maintains and updates personal information in its policy files as necessary or when its is advised by individuals that their personal information has changed.
Data security
Policy files are stored in either password protected electronic media or in locked cabinets in paper form. When no longer required, personal information in policy files is destroyed in a secure manner or deleted in accordance with the Guild’s Records Management Policy and Procedures.
Guild staff members have access to the policy files with access restricted based on their roles as:
- Directors
- Policy staff
- ICT staff
- Records management staff
- General staff.
Access and correction
For information about how to access or correct personal information in policy files see ‘Access and correction’ in Part A of this document.
Communication and Education Files
Purpose
The purpose of communication and education files is to record details of communication and educational activities, such as contact with the media, speeches, event management, surveys and publication preparation.
The limited personal information in communication and education files relates to agencies, organisations, individuals, media representatives, event attendees, service providers and events calendar listings.
Collection
It is the Guild’s usual practice to collect personal information in communication and education files directly from individuals.
Sometimes the Guild may collect personal information from an individual’s representative or from publicly available sources such as websites or telephone directories.
Use and disclosure
The Guild will only use the personal information in communication and education files for the purposes of undertaking communication and education initiatives and managing public relations.
The personal information on communication and education files is not disclosed to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.
Data security
Communication and education files are stored in password protected electronic media. When no longer required, personal information in communication and education files is destroyed in a secure manner.
Guild staff members have access to the in communication and education files with access restricted based on their roles as:
- Directors
- Communication and education staff
- ICT staff
- Records management staff
- General staff.
Access and correction
For information about how to access or correct personal information in communication and education files see ‘Access and correction’ in Part A of this document.
Contacts Lists
Purpose
The Guild maintains contacts lists which include contact information about individuals who may have an interest in community pharmacy, are involved in pharmacy business activities and media representatives. The Guild uses these contacts lists to distribute information about its activities and publications.
Collection
It is the Guild’s usual practice to collect personal information in contacts lists directly from individuals, for example, where they have asked to be added to a contact list.
Sometimes the Guild collects personal information from a third party or from a publicly available source such as a website or telephone directory. The Guild usually only collects personal information in this way if the individual would reasonably expect us to, or has given their consent. For instance, The Guild might collect this information if it believes that the individual (or the organisation they work for) would like to receive information about a consultation the Guild is carrying out, or that they might be likely to consider information about the Guild and the work it does in the work they do. The Guild would only contact this individual in their work capacity.
Use and disclosure
The Guild only uses personal information in contacts lists for the purpose of managing public and stakeholder relations.
The Guild does not give personal information about an individual to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.
The Guild uses a number of online channels, including social networking services, to communicate with individuals and organisations with an interest in community pharmacy policy and activities. The use of these services is governed by the online channel’s Terms and Conditions and Privacy Policies. Users may be required to supply some personal information such as name and email address to use these channels to communicate with the Guild. Using these services to communicate with the Guild may make some personal information visible to the Guild and third parties.
Data quality
The Guild maintains and update personal information in its contacts lists when advised by individuals that their personal information has changed. The Guild also regularly audit contacts lists to check the currency of the contact information and will remove contact information of individuals who advise us that they no longer wish to be contacted.
Data security
The personal information in the contacts lists is stored in password protected electronic media. When no longer required, personal information in contacts lists is destroyed in a secure in accordance with the Guild’s Record Management Policy.
Routine access to contacts lists is limited to the Guild’s database operators who have responsibility for maintaining contacts lists. Other staff members have access to the personal information in contacts lists on a need to know basis.
Access and correction
For information about how to access or correct personal information in our contacts lists see ‘Access and correction’ in Part A of this document.
Part C — Information collected online by the Guild
Collection
It is the Guild’s usual practice to collect information about visitors to our online resources.
The Guild will, on occasion, use third party platforms to deliver information to Guild members, subscribers and stakeholders. Third party platforms are sites hosted and managed by organisations other than the Guild. Before deciding if you want to contribute to any third party site, please read their privacy policy in the first instance.
There are several methods and packages that the Guild uses to collect visitor behaviours on each of our online platforms. These methods and behaviours are outlined below.
Google Analytics
The Guild uses the following Google Analytics on our websites:
- Remarketing with Google Analytics
- Google Display Network Impression Reporting
- Google Analytics Demographics and Interest Reporting
The Guild uses Google Analytic cookies to measure traffic patterns, determine which areas of our websites have been visited and to measure transaction patterns. The Guild uses this information to research user habits so as to improve our online products and services. The Guild may also log IP addresses (the electronic addresses of computers connected to the internet) to analyse trends, administer the website, track user movements, and gather broad demographic information.
The Guild may also collect anonymous data (which is not personal information) relating to an individual’s activity on its websites (including IP addresses) via cookies, or may collect information in response to a survey. This information may be used to report statistics, analyse trends, administer services, diagnose problems as well as target and improve the quality of the Guild’s products and services.
Information and data collected through Google Analytics is stored by Google on servers in the United States of America, Belgium and Finland. You can opt out of the collection of information via Google Analytics by downloading the Google Analytics Opt-out browser add on.
When visiting any of our online resources, our metric tools may collect the following information about your visit for statistical purposes:
- server address
- top level domain name (for example .com, .gov, .au, .uk etc.)
- the date and time of your visit to the site
- the pages you accessed and documents downloaded during your visit
- the previous site you visited
- if you’ve visited our site before
- the type of browser used.
The Guild records this data to maintain its server and improve its services. The Guild does not use this information to personally identify anyone.
Cookies
Most of the Guild’s online platforms use sessions and cookies. The core functionality on these platforms will be largely unaffected if cookies are disabled in the user’s internet browser but this may also disable access to some advanced functions.
Use and disclosure
The Guild does not give personal information collected online to other agencies, organisations or anyone else without consent unless the individual would reasonably expect, or has been told, that information of that kind is usually passed to those agencies, organisations or individuals, or the disclosure is otherwise required or authorised by law.
Data quality
The Guild will delete or correct any personal information that its hold about an individual on request.
If on one of the Guild’s automated email lists, an individual may opt out of further contact from the Guild by clicking the ‘unsubscribe’ link at the bottom of the email.
Data security
There are inherent risks in transmitting information across the internet and the Guild does not have the ability to control the security of information collected and stored on third party platforms. In relation to its own servers, the Guild takes all reasonable steps to manage data stored on our servers to ensure data security.
Access and correction
For information about how to access or correct personal information collected on our website see ‘Access and correction’ in Part A of this document.
