SuniTAFE (the Institute) recognises the value of the information it holds and is committed to the responsible management of personal information (including health information). This commitment arises not only from the requirement to comply with relevant legislation but also in recognition of and commitment to information privacy as a fundamental human right.
SuniTAFE will comply with the Information Privacy Principles (IPPs) from the Privacy and Data Protection Act 2014 (VIC), and the Health Privacy Principles (HPPs) from the Health Records Act 2001 (VIC) as minimum standards when handling personal and health information, unless otherwise permitted by law.
SuniTAFE will only collect personal information if the information directly relates to the legitimate purpose of the Institute, and in a way that is lawful, fair and not unreasonably intrusive.
When collecting information, reasonable steps will be taken to ensure that the individual is aware of:
- The purpose of which the Institute is collecting the information;
- The fact that the individual can gain access to the information;
- To whom the information will be disclosed;
- Any law that requires the particular information to be collected;
- The consequences (if any) for not providing the information.
SuniTAFE will take all reasonable measures to store personal information securely and ensure personal information no longer required is destroyed as per the Institute’s Records Management Policy and Procedure.
SuniTAFE will not divulge any personal information to a third party for any reason other than the primary purpose for its collection or with the consent from the individual or as required by law.
Individuals will have access to their own personal records, unless prevented by law. This information is not to be taken from the Institute.
SuniTAFE will not collect sensitive information about an individual unless they have;
- given consent, or
- the collection is required under law, or
- the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of an individual.
When required to collect sensitive information, the purpose of collecting this information will be clearly communicated.
Organisations and individuals contracted to provide services to the Institute will also be required to comply with the Information Privacy Principles in relation to acts done by the service provider for the purposes of the contract with the Institute.