The Meridian Incorporated (ABN 97812 719 846) (Meridian) is bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). It is also bound by the Health Records (Privacy & Access) Act 1997 (ACT). Meridian understands the importance of, and is committed to, protecting your personal information.
Personal information is information or an opinion about you, whether true or not, which identifies you or from which your identity is reasonably identifiable and includes sensitive and health information.
1. HOW WE COLLECT YOUR PERSONAL INFORMATION
Meridian will collect and hold your personal information in a fair and lawful manner, and not in an intrusive way. Where it is reasonably practical to do so, Meridian will collect your personal information directly from you when:
- you make an inquiry or order in relation to goods or services through Meridian’s website at meridianact.org.au (the Website);
- you apply or renew your membership with Meridian;
- you donate to Meridian;
- you contact Meridian via telephone or facsimile;
- you use any mobile applications provided by Meridian;
- Meridian administers and performs any contracts with service providers;
- Meridian conducts customer satisfaction and market research surveys;
- Meridian administers its services; and
- as otherwise required to manage Meridian’s business.
In certain cases Meridian may collect personal information from publicly available sources and third parties, such as suppliers, recruitment agencies, contractors, clients and business partners.
If Meridian collects personal information about you from a third party it will, where appropriate, request that the third party inform you that Meridian is holding such information, how Meridian will use and disclose it, and that you may contact Meridian to gain access to and correct and update the information.
2. TYPES OF PERSONAL INFORMATION WE COLLECT
The type of personal information Meridian may collect can include (but is not limited to), your name, postal address, email address, phone numbers, billing information and, if applicable, employment information.
Meridian may also collect and hold sensitive information about you, including:
- health information;
- your racial or ethnic origin;
- your sexual orientation;
Meridian only collects sensitive information about you with your consent, or otherwise in accordance with the Privacy Act.
Where you do not wish to provide Meridian with your personal information, Meridian may not be able to provide you with requested goods or services.
3. OUR PURPOSES FOR HANDLING YOUR PERSONAL INFORMATION
As a general rule, Meridian only processes personal information for purposes that would be considered relevant and reasonable in the circumstances.
Meridian collects, holds, uses and discloses personal information to:
- offer and provide you with goods and services;
- manage and administer those goods and services, including account keeping procedures;
- report to government or other funding bodies how funding is used (this information will be de-identified wherever possible);
- process any donations and provide receipts;
- communicate with you about Meridian’s services, causes, events and products, which may be of interest to you;
- communicate with you, including (but not limited to), emailing you tax invoices, dispatch and tracking information, returns and exchange authorisations;
- ascertain how individuals are interacting with the Website to allow Meridian to improve the Website to meet the needs of the community;
- respond to your feedback or complaints;
- answer any queries;
- comply with legal and regulatory obligations; and
- otherwise to manage Meridian’s business.
Meridian will not use or disclose your personal information for any other purpose unless you have consented to that use or disclosure.
Please be assured that wherever possible Meridian uses information in a de-identified form. Personal information will not be disclosed to third parties without your permission, except where permitted or required under the Privacy Act.
Meridian may disclose personal information to third parties such as suppliers, organisations that provide Meridian with technical and support services, or Meridian’s professional advisors, where permitted by the Privacy Act. If Meridian discloses information to a third party, Meridian generally requires that the third party protect your information to the same extent that we do.
Under no circumstances is personal information passed on to third party marketing firms.
4. PROTECTION OF PERSONAL INFORMATION
Meridian will hold personal information as either secure physical records, electronically, in cloud storage, and in some cases, records on third party servers, which may be located overseas.
Meridian maintains appropriate physical, procedural and technical security for office and information storage facilities so as to prevent any loss, misuse, unauthorised access, disclosure, or modification of personal information. This also applies to disposal of personal information.
Meridian further protects personal information by restricting access to personal information to only those who need access to the personal information do their job. Physical, electronic and managerial procedures have been employed to safeguard the security and integrity of your personal information.
Meridian will destroy or de-identify personal information once it is no longer needed for a valid purpose or required to be kept by law.
In the event there is an eligible data breach Meridian will comply with its obligations under the Privacy Act.
6. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION
You may contact the Meridian’s Privacy Officer to request access to the personal information that Meridian holds about you and/or to make corrections to that information, at any time. On the rare occasions when Meridian refuses access, Meridian will provide you with a written notice stating the reasons for refusing access. Meridian may seek to recover from you reasonable costs incurred for providing you with access to any of the personal information about you held by Meridian.
Meridian is not obliged to correct any of your personal information if it does not agree that it requires correction and may refuse to do so. If Meridian refuses a correction request, Meridian will provide you with a written notice stating the reasons for refusing.
Meridian will respond to all requests for access to or correction of personal information within a reasonable time.
7. OVERSEAS TRANSFERS OF PERSONAL INFORMATION
If in future Meridian does propose to disclose personal information overseas, it will do so in compliance with the requirements of the Privacy Act. Meridian will, where practicable, advise of the countries in which any overseas recipients are likely to be located.
If you do not want us to disclose your information to overseas recipients, please let us know.
From time to time Meridian may engage an overseas recipient to provide services to us, such as cloud-based storage solutions. Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing Meridian with your personal information, you consent to the storage of such information on overseas servers and acknowledge that APP 8.1 will not apply to such disclosures. For the avoidance of doubt, in the event that an overseas recipient breaches the APPs, that entity will not be bound by, and you will not be able seek redress under, the Privacy Act.
8. RESOLVING PERSONAL INFORMATION CONCERNS
The Privacy Officer
Havelock House, 85 Northbourne Avenue, Turner ACT 2612
PO Box 5245, Braddon ACT 2612
Telephone: 02 6257 2855
Meridian takes all complaints seriously, and will respond to your complaint within a reasonable period.
If you are dissatisfied with the handling of your complaint, you may contact the Office of the Australian Information Commissioner:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
The last update to this document was 6 June 2018.