RISSB must comply with the Privacy Amendment (Notifiable Data Breaches) Act 2017 and the Australian Privacy Principles (APPs) contained in the Privacy Amendment (Enhancing Privacy Protection) Act 2012, both of which amend the Privacy Act 1988.
The APPs are designed to protect the confidentiality of information and the privacy of individuals by regulating the way personal information is collected, used, disclosed and managed
This policy explains the types of personal information that we may collect and hold, how that information is used and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about this information.
What is personal information?
The Privacy Act defines personal information as:
…information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.
Common examples are an individual’s name, signature, address, telephone number, date of birth, medical records, bank account details and commentary or opinion about a person.
Why does RISSB collect personal information?
We collect personal information about our members, stakeholders, committee participants, customers, suppliers, contractors, job applicants and other contacts to understand and meet their needs, to conduct our activities, and meet legal obligations.
What personal information do we collect?
The types of personal information we may collect include contact information (such as your name, address, email address, fax and telephone number), information about your employer or the organisation that nominated you (if you are a committee member), your newsletter preferences, your committee affiliations and any feedback that you provide to us about our products and services, our website, or other matters.
Personal information may be collected by way of forms filled out by individuals (including via online forms), emails, telephone conversations, online user-generated content and market research, face-to-face meetings and interviews. Where necessary and with your consent, we supplement the information we receive from you with information from third party sources, such as your employer or nominating organisation (if you are a committee member).
Sometimes our activities require us to collect sensitive information. For more details, see the section ‘Sensitive information is subject to greater restrictions’, below.
You may in some circumstances have the option of not identifying yourself or using a pseudonym when you deal with us. However, if you choose not to provide the information we need to fulfil your request for a specific product or service or to participate in standards development activities we may not be able to provide you with the requested product or service or we may not be able to allow you to participate in our activities as a committee member.
How might RISSB use and disclose your personal information?
RISSB may use and disclose your personal information for the primary purpose of collection, or for reasonably expected secondary purposes which are related to the primary purpose, or for purposes to which you have consented, and in other circumstances authorised by the Privacy Act.
Generally, RISSB may use and disclose your personal information for a range of purposes, including to:
- provide you with our products or services that you have requested;
- respond to your queries or feedback;
- facilitate your participation in standards development in various capacities, including as a committee member;
- enable us comply with our Standards Development Organisation (SDO) functions and requirements;
- provide you with any communications or publications in which we think you might be interested, or which you have requested;
- let you know about developments in our products, services, activities and programs that might be useful to you;
- facilitate your participation in forums, and training events; and
- consider employment applications.
Disclosure of personal information to other parties
RISSB may disclose your personal information to third parties such as our members, our professional advisers, our external service providers (providing services such as distribution of newsletters, standards and other publications, and market research), other standards development organisations, your employer or nominating organisation, government, statutory or regulatory bodies and other committee members.
We may also disclose your personal information if it is required or authorised by law, where disclosure is necessary to prevent a threat to life, health or safety, or where we are otherwise permitted by the Privacy Act.
Personal information may be included in documents that are identified as Committee-in- Confidence such as:
- opinions expressed in committee meetings and recorded in the meeting minutes, and comments submitted as part of the standards development process where committee members can be identified; and
- documents labelled as Committee-in-Confidence may be circulated within the committee or to the responsible parent committee.
We do not sell or license your personal information to third parties.
Sensitive information is subject to greater restrictions
Some of the information we collect may be ‘sensitive information’, including information or an opinion about an individual’s health, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or membership of a trade union
RISSB may use and disclose your sensitive information for the primary purpose of collection, or for reasonably expected secondary purposes which are directly related to the primary purpose, or for purposes to which you have consented and in other circumstances authorised by the Privacy Act (e.g. where required or authorised by law to be disclosed, or where disclosure is necessary to prevent a threat to life, health or safety).
Security and management of personal information
RISSB will take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. The ways we do this include:
- limiting physical access to our premises;
- limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access. e.g. committee members only have access to the contact details of members of their own committee and not other committees);
- requiring any third party providers to have acceptable security measures to keep personal information secure, and
- putting in place physical, electronic, and procedural safeguards in line with industry standards.
If we no longer require your personal information and are not legally required to retain it, RISSB will take reasonable steps to destroy or permanently de-identify the personal information.
Links from our website to other websites
Our website may contain links to third party websites. We do not operate these websites and therefore are not responsible for the collection or handling of personal information by the operators of these websites.
Accessing the information we hold about you
Under the APPs, you may be able to obtain a copy of the personal information that we hold about you. The APPs provide some exceptions to your rights in this regard. To make a request to access this information, please contact us in writing. We will require you to verify your identity and specify what information you require. We may charge a fee to cover the cost of verifying the application and locating, retrieving, reviewing and copying any material requested.
Updating your personal information
We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact RISSB if you believe that the information we hold about you requires correction or is out-of-date.
Sending information overseas
Personal information is sent overseas in limited circumstances, including to:
- committee members who reside overseas, who will be provided with the contact details of other members of their committee, to enable their participation in standards development; and
- external service providers that assist our organisation with market research and the distribution of our products.
RISSB will not send your personal information to any other recipient outside Australia without obtaining your consent or otherwise complying with the APPs.
Updates to this Policy
If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may bring a complaint internally through our complaints process or you may decide to make a formal complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au) (which is the regulator responsible for privacy in Australia).
We will deal with complaints as follows:
Step 1: Let us know
If you would like to make a complaint, you should let us know by contacting our office
Rail Industry Safety and Standards Board (RISSB)
PO Box 518
Spring Hill QLD
Step 2: Investigation of complaint
Your complaint will be investigated by an appropriate RISSB Management representative.
A response to your complaint will be provided in writing within a reasonable period.
Step 3: Contact OAIC
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:
Office of the Australian Information Commissioner (OAIC)
(Complaints must be made in writing)
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001