The Australian Privacy Principles
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act) made many significant changes to the Privacy Act 1988 (Privacy Act). These changes commenced on 12 March 2014. The Privacy Regulation 2013, made under the Privacy Act, also commenced on 12 March 2014. The Privacy Act includes a set of 13 new privacy principles that regulate the handling of personal information by Australian and Norfolk Island Government agencies and some private sector organisations. These principles are called the Australian Privacy Principles (APPs). They replaced the National Privacy Principles (NPPs)s. The 13 APPs are contained in schedule 1 of the Privacy Act 1988 (the Privacy Act).
The Privacy Amendment (Notifiable Data Breaches) Act 2017 came into effect on 22 February 2018 introducing mandatory notification requirements.
Principle 1 – Open and transparent management of personal information
Strata Plus will take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to our functions or activities that: will eliminate problems with compliance and ensure working within the Australian Privacy Guidelines and will enable us to deal with inquiries or complaints from individuals about compliance with the Australian Privacy Principles.
- the kinds of personal information that we collect and hold;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how an individual may access personal information about themselves that is held by us and seek the correction of such information;
- how an individual may complain about a breach of the Australian Privacy Principles, and how we deal with such a complaint;
- whether we disclose personal information to overseas recipients, and if so, the countries in which such recipients are located.
If you feel that we have failed to deal with your personal information in accordance with this policy, please contact us by registering an escalation request so we have an opportunity to resolve the issue to your satisfaction. We will log your complaint and will: listen to your concerns and grievances; discuss with you the ways in which we can remedy the situation; and put in place an action plan to resolve your complaint and improve our information handling procedures if appropriate.
Concerns or requests
If you have a question about this policy or wish to lodge a request to access your personal information or you believe we have not protected your personal information please contact us. If you are not satisfied with the response, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC): 1300 363 992 or complete the Privacy complaint form.
Principle 2 – Anonymity and Pseudonymity
The nature of our job is such that anonymity cannot be maintained. Under the Strata Schemes Management Act 1996 we are required to record an owner’s name and Australian address for service of notices. From 2022 certain information is reported to the NSW Government via the Strata Hub making key information accessible to schemes and certain service providers such as police, ambulance, SES, Fire & Rescue and local councils.
Principle 3 – Collection of personal information
Why we collect personal information
Collecting your personal information is essential for us to be able to perform our job under our agreement with the scheme. Our obligations to the scheme are to keep and maintain the books and records and by collecting personal information we are able to maintain the owners roll and minute book, issue notices of meetings, distribute minutes of meetings, issue levy notices, attend to routine repairs, maintenance and replacement of scheme property and make insurance claims.
How we collect personal information
Where possible we collect your personal information directly from you but personal information is generally collected during the course of our relationship with the scheme. Sometimes personal information may be collected about you from other sources. For example, where we make an insurance claim, the insurance company will have your personal information or where you are buying or selling your lot, your solicitor or conveyancer will have your personal information. In most cases we will need you to specifically consent to any collection, use or disclosure of your personal information by us. We will usually need your consent in writing but we may accept your verbal consent in some circumstances. Sometimes we will assume you have given your consent by your conduct with us.
Types of personal information collected and held
Personal information is information about you, whether recorded in a material form or not, from which your identity could reasonably be ascertained. The types of personal information we may collect includes name, gender, address, telephone numbers, email contact details, occupational details, and information about the property/s you own under our management. We only collect personal information that is necessary to perform our strata management agency functions. We only use personal information provided for the purposes for which it was collected.
Sensitive information as defined in Part II, Section 6 of the Privacy Act 1998. can be information about your racial or ethnic origin, political opinions, membership of political associations, religious beliefs or affiliations, membership of professional or trade associations or trade We only collect, use or disclose sensitive information about you as allowed by law, where we have received your consent to do so, or the collection is necessary for us to do our job under our agreement with your scheme.
Principle 4 – Dealing with unsolicited personal information
If Strata Plus receives unsolicited personal information that we were unable to collect under principle 3, and the information is not contained in a Commonwealth record, we will destroy the information or ensure it is de-identified.
Principle 5 – Notification of the collection of personal information
If it is reasonable in the circumstances, Strata Plus will notify an individual if information has been collected about them from someone other than the individual and/or the individual may not be aware that this has occurred.
Principle 6 – Use or disclosure of personal information
How we use personal information
We use your personal information to provide management services to you and your scheme. Some examples of parties to whom we disclose your personal information are specialist trades and services providers such as builders, engineers, architects, plumbers and insurance companies for whom we act as agents.
How we store personal information
We take all reasonable steps to keep secure any personal information which we hold about you and to protect your personal information from loss, misuse or an unauthorised alteration. All personal information collected by us is stored on secure servers. We also maintain physical security procedures to manage and protect the use and storage of records containing personal information. Access to personal information is limited to those of our personnel who specifically need it to carry out their business responsibilities. To help us protect your privacy, you should maintain the secrecy of your access credentials (ie. user name and password) you use to access and use our website.
Principle 7 – Direct marketing
We may use your personal information from time to time, to provide you with information about our company as it relates to strata management. Contact us if you do not want to receive any of this information.
Principle 8 – Cross-border disclosure of personal information
Strata Plus does not disclose personal information about an individual to overseas recipients.
Principle 9 – Adoption, use or disclosure of government related identifiers
We do not use government-related identifiers (such as a tax file number or medicare number) as ways of identifying information we have about an individual.
Principle 10 – Quality of personal information
It is very important that the personal information we collect from you is accurate, complete and up-to-date. Now and then we will ask you to tell us of any changes to your personal information.
Principle 11 – Security of personal information
We take all reasonable precautions to safeguard your personal information from loss, misuse or unauthorised access, modification and disclosure.
Principle 12 – Access to personal information
Accessing your personal information
You may request access to any of the personal information we hold about you. A summary of personal information such as your name and address details, contact telephone numbers and the matters your scheme has engaged us on are freely available and for more detailed requests, a fee may be charged to cover the cost of its retrieval and supply. We are required to provide you with this information within 30 days.
Refusal of your request
We may refuse you access to personal information where the information you seek is mixed with other information that would disclose personal information or sensitive information about another owner in the scheme.
Principle 13 – Correction of personal information
If you request a correction to information we have collected about you, we will review and take all steps reasonable in the circumstances to correct the information to ensure that the information is accurate, up-to-date, complete, relevant and not misleading. If we correct personal information about you, we will take all reasonable steps to notify any other entities that we previously disclosed information to about you or at your request unless it is impracticable or unlawful to do so.