On this page:
A. CONSIDERATION OF PERSONAL INFORMATION PRIVACY
Australian Privacy Principle 1 — Open and transparent management of personal information
- Managing personal information
CBB is committed to managing personal information in an open and transparent way and implementing practices, procedures and systems relating to CBB’s functions or activities that:
a) will ensure that CBB complies with the Australian Privacy Principles; and
b) will enable CBB to deal with inquiries or complaints from individuals about CBB’s compliance with the Australian Privacy Principles.
CBB will make this policy available:
a) free of charge; and
b) in such form as is appropriate. If a person or body requests a copy of this policy in a particular form, CBB shall take such steps as are reasonable in the circumstances to give the person or body a copy in that form (for example, in hard copy, via email or via the CBB website, www.cbb.com.au).
- Complaints regarding the management of personal information
If an individual believes that CBB has not complied with its obligations concerning their personal information, we invite them to contact us and lodge a complaint. We will aim to resolve complaints when we are first contacted by an individual. If we cannot immediately resolve it, we will take the following steps: a) Advise the individual who is handling the complaint; and b) Keep the individual informed of the progress with respect to resolution of the complaint. Please refer to the contact details below: ATT: Chief Executive Officer CBB PO Box 506 Kensington Park SA 5068 Tel: 08 8444 9700 Email: email@example.com
Australian Privacy Principle 2 — Anonymity and pseudonymity Individuals interacting with CBB have the option of not identifying themselves, or of using a pseudonym, when dealing with CBB in relation to a particular matter, for example, subscribing to our eNews. However, this does not apply if:
a) CBB is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
b) It is impracticable for CBB to deal with individuals who have not identified themselves or who have used a pseudonym, for example, clients that purchase our products or services.
B. COLLECTION OF PERSONAL INFORMATION
Australian Privacy Principle 3 — Collection of solicited personal information
- Why we collect personal information
CBB will only collect personal information that is reasonably necessary for one or more of our organisation’s functions. We use this information to perform our core business functions. Primarily, we will use an individual’s personal information to provide them with the product or service that they have requested and the administration of that product or service. We may also use the information to:
a) Develop new products and services;
b) Conduct our internal administration and operations (such as accounting, risk management, record keeping, statistical analysis, marketing, research, planning, systems development, testing and staff training);
c) Conduct client satisfaction surveys;
d) Attend to enquiries; and
e) Inform individuals about the activities of CBB or our related partners or companies. If personal information is not provided, we may not be able to provide individuals with their requested product or service.
- The type of information we collect
Depending on the nature of the product or service that individuals request or receive from CBB, the types of personal information that we will collect include:
c) contact details (including email address, landline and mobile phone numbers);
d) date of birth;
e) employment and financial information (such as salary and the name and address of employer); and
f) employee number.
We may also collect the following information depending on the product and service we provide:
a) credit card details;
b) bank account number;
c) details of income, assets, liabilities, expenses, credit history, credit worthiness; and
d) other information as required by the Anti-Money Laundering Counter-Terrorism Financing Act 2006.
When an individual uses the CBB website, we may collect statistics on the number, date and time of visits, the number of pages viewed and the manner in which the user navigates through the site and may also collect information about an individual’s use of our products and services. When an individual calls us, we may collect statistics on the number, date and time of calls, and the manner in which the individual navigates through our telephony system. We may also monitor and/or record incoming and outgoing telephone calls for taxation, verification, substantiation and quality assurance purposes.
- How we collect information
If it is reasonable and practical to do so, we collect personal information directly from the individual or from their application form or via telephone or web. How we collect an individual’s personal information will depend upon how they interact with us. There are occasions on which we may need to collect an individual’s personal information from third parties, with or without their direct involvement. Depending on the nature of the product or service requested or received, the types of persons or organisations from which we may collect personal information include an individual’s employer, market research organisations, third party brokers, credit reporting agencies, government agencies, an individual’s representatives, advisers and other organisations, who jointly with us, provide services to an individual whom also engages with CBB.
Australian Privacy Principle 4 — Dealing with unsolicited personal information
If CBB receives personal information that we did not solicit, CBB will, within a reasonable period after receiving the information, determine whether or not we could have collected the information under Australian Privacy Principle 3, had CBB solicited the information. If CBB determines that we could not have collected the personal information and the information is not contained in a Commonwealth record, CBB will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.
Australian Privacy Principle 5 — Notification of the collection of personal information
At or before the time or, if that is not practicable, as soon as practicable after, CBB collects personal information about an individual, CBB will take such steps (if any) as are reasonable in the circumstances, to notify the individual:
a) of CBB’s identity and contact details if:
i. CBB has collected an individual’s personal information from someone other than the individual; or
ii. the individual may not be aware that CBB has collected the personal information;
b) of the fact that CBB collects, or has collected, the information and the circumstances of that collection, for example, by a recorded telephone message or through verbal notification on incoming and outgoing calls;
c) if the collection of the personal information is required or authorised by or under an Australian law or a court/tribunal order — the fact that the collection is so required or authorised (including the name of the Australian law, or details of the court/tribunal order, that requires or authorises the collection);
d) of the purposes for which CBB collects the personal information;
e) of the main consequences (if any) for the individual if all or some of the personal information is not collected by CBB;
f) of any other entity, body or person, or the types of any other entities, bodies or persons, to which the CBB usually discloses personal information of the kind collected by CBB;
g) that this policy contains information about how the individual may access the personal information about them that is held by CBB and seek the correction of such information;
h) that the CBB policy contains information about how the individual may complain about a breach of the Australian Privacy Principles and how CBB will deal with such a complaint;
i) whether CBB is likely to disclose the personal information to overseas recipients;
j) if CBB is likely to disclose the personal information to overseas recipients — the countries in which such recipients are likely to be located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.
C. DEALING WITH PERSONAL INFORMATION
Australian Privacy Principle 6 — Use or disclosure of personal information
- Information used or collected for a particular purpose
We may need to disclose individuals’ personal information to another person or organisation, where that information was collected for a particular purpose (the primary purpose). We will only disclose individuals’ personal information, however, where we are allowed to or obliged to do so by law or where we have the individual’s express or implied consent. An individual gives express consent when they clearly and unmistakably state so when speaking to us or in writing. Implied consent is where we have reasonably assumed an individual has given consent from their behaviour. For example, consent can be implied when an individual contacts us by telephone and proceeds after hearing a recorded message that the call may be recorded for staff training, verification or record keeping purposes. Consent to use of this information is implied by the individual’s action of continuing with the call. Where we disclose individuals’ personal information to organisations that perform specific essential services for us, we limit this disclosure to the information that they need to perform the required service.
These organisations or contractors are bound by the same or a substantially similar policy as CBB. They are only given the right to use the personal information for the specific service or function that they are performing and cannot legally provide or use this information for any other purpose. Depending upon the products or service that individuals have requested, we may exchange information about an individual with, for example:
a) The individual’s employer;
b) Our agents, contractors and external service providers;
c) Regulatory bodies, government agencies and law enforcement bodies;
d) Financial institutions;
e) Credit reporting agencies;
f) Debt collecting agencies;
g) Payment systems operators;
h) Agents acting on an individual’s behalf, including legal or financial advisers;
i) An individual’s executor, administrator, trustee, guardian or attorney;
j) Insurers and reinsurers;
k) Superannuation funds;
l) Other organisations or firms, who jointly with us, provide products or services to an individual;
m) Guarantors and prospective guarantors in relation to applications for credit or lease applications made by an individual to CBB;
n) In the unlikely event that our organisation is sold to another party, our records of personal information will be transferred to that party. We will take steps so that the information will remain subject to the same privacy protections as when we first obtained.
- Information used or collected for another purpose
If we need to use or disclose the information for another purpose (the secondary purpose), it will only occur in instances where:
a) The individual has consented to the use or disclosure of the information; or
b) The individual would reasonably expect CBB to use or disclose the information for the secondary purpose and the secondary purpose is:
i. if the information is sensitive information — directly related to the primary purpose; or
ii. if the information is not sensitive information — related to the primary purpose; or
c) the use or disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
d) a permitted general situation exists in relation to the use or disclosure of the information by CBB; or
e) CBB reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. Australian Privacy
Principle 7 — Direct marketing
- The use of personal information for direct marketing communications
Subject to our contractual obligations to meet or indirectly meet obligations under such contracts, we may use or disclose an individual’s personal information (other than sensitive information) for direct marketing communications to offer products, services or updates that we believe may be of interest to those individuals, where we have collected information from the individual. An individual can notify us at any time, however, if they do not wish to receive direct marketing communications. Our direct marketing communications (sent electronically) include an option to unsubscribe. In addition, our contact details are set out at the end of this policy.
- The use of sensitive information for direct marketing communications
We may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
- Requesting not to receive direct marketing communications
If CBB uses or discloses personal information about an individual for the purpose of direct marketing by CBB or for the purpose of facilitating direct marketing by other organisations, the individual may:
a) request not to receive direct marketing communications from CBB; and
b) request that CBB not use or disclose the information for direct marketing communications for the purpose of facilitating direct marketing by other organisations; and
c) request CBB to provide its source of the information.
In instances where an individual makes a request:
a) CBB will not charge the individual for the making of, or to give effect to, the request and:
b) if the request is to not receive direct marketing communications from CBB or other organisations, CBB will give effect to the request within a reasonable period after the request is made; and
c) if the request is for CBB to provide its source of the information, CBB will, within a reasonable period after the request is made, notify the individual of its source unless it is impracticable or unreasonable to do so.
This principle does not apply to the extent that any of the following apply:
a) the Do Not Call Register Act 2006;
b) the Spam Act 2003; c) any other Act of the Commonwealth, or a Norfolk Island enactment, prescribed by the regulations.
Australian Privacy Principle 8 — Cross-border disclosure of personal information
Before CBB discloses personal information about an individual to a person (the overseas recipient):
a) who is not in Australia or an external Territory; and
b) who is not the entity or the individual; CBB will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the Australian Privacy Principles (other than Australian Privacy Principle 1) in relation to the information.
However, this will not apply if CBB reasonably believes that:
a) the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information; and
b) there are mechanisms that the individual can access to take action to enforce that protection of the law or binding scheme; or
c) both of the following apply:
d) the entity expressly informs the individual that if he or she consents to the disclosure of the information, subclause 8.1 will not apply to the disclosure; e) after being so informed, the individual consents to the disclosure; or
f) the disclosure of the information is required or authorised by or under an Australian law or a court/tribunal order; or
g) a permitted general situation exists in relation to the disclosure of the information by CBB.
Australian Privacy Principle 9 — Adoption, use or disclosure of government related identifiers
CBB will not adopt a government related identifier of an individual as its own identifier of the individual unless:
a) the adoption of the government related identifier is required or authorised by or under an Australian law or a court/tribunal order; or
b) the identifier is prescribed by the regulations; and
c) the organisation is prescribed by the regulations, or is included in a class of organisations prescribed by the regulations; and d) the adoption, use or disclosure occurs in the circumstances prescribed by the regulations.
CBB will not use or disclose a government related identifier of an individual unless:
a) the use or disclosure of the identifier is reasonably necessary for CBB to verify the identity of the individual for the purposes of the organisation’s activities or functions; or
b) the use or disclosure of the identifier is reasonably necessary for CBB to fulfil its obligations to an agency or a State or Territory authority; or
c) the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
d) a permitted general situation exists in relation to the use or disclosure of the identifier; or
e) CBB reasonably believes that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
f) points b) through d) above, apply in relation to the use or disclosure.
D. INTEGRITY OF PERSONAL INFORMATION
Australian Privacy Principle 10 — Quality of personal information
CBB will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that we collect, use or disclose is accurate, up-to-date, complete and relevant.
Australian Privacy Principle 11 — Security of personal information
- Protection of personal information on CBB systems and premises
Where CBB holds personal information, we will take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorised access, modification or disclosure. We have implemented procedures and systems designed to protect individuals’ personal information from loss, misuse, unauthorised access or disclosure, alteration or incidental destruction. When personal information is stored in our systems, they are protected from unauthorised access by the use of various protection mechanisms. Only employees of CBB and those who perform services on our behalf are authorised to handle or have access to personal information. Our employees are bound by both our employment policies and by confidentiality clauses in their employment agreements. Those who perform services on our behalf are also bound by the same or substantially similar Privacy Principles. Paper documents are protected from unauthorised access or use through the various security systems that we have implemented over our physical premises.
- Protection of personal information when using our website
When an individual visits our website, whenever they submit information which may be considered private, we use forms protected by Secure Socket Layer (SSL) encryption technology. When we capture your personal information it is encrypted and passed to our server to ensure it is protected over the Internet. Information that we collect as to the activity on our website through the use of ‘cookies’ may identify an individual. This information is only used to validate access to the respective website and for other purposes noted above. When browsing our website, individuals acknowledge that the internet is not always a secure environment and that the computer and network used contributes to the overall level of effective protection in place. Individuals further acknowledge that any transmission of information over the internet is out of our control before it reaches our system. Only once we receive an individual’s transmission, we can take reasonable commercial steps to ensure its security. We cannot guarantee the policies and procedures of any other websites that may be linked from our website. They may or may not comply with the same privacy standards that we do and, therefore, you should take care to evaluate their particular privacy standards and procedures as needed.
- Observing security requirements when accessing information online
To ensure that individuals’ personal information is protected, we ask that they observe the security requirements that relate to the use of their NCB number and/or the password used to access account details electronically. In order to protect individuals’ personal information online, we require individuals to take specific measures to protect against unauthorised access. These measures include but are not limited to the individual:
a) changing his/her password on initial access to our website;
b) ensuring the NCB number given to him/her is kept securely;
c) destroying any documentation we issue containing his/her password;
d) memorising his/her NCB number and password;
e) not telling anyone his/her NCB number and password;
f) immediately telephoning us if he/she suspects his/her NCB number or password has been breached.
- Destruction or de-identification of personal information
Where we hold personal information about an individual; and: a) we no longer need the information for any purpose for which the information may be used or disclosed by CBB under this policy; and b) the information is not contained in a Commonwealth record; and c) CBB is not required by or under an Australian law, or a court/tribunal order, to retain the information; CBB will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
E. ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
Australian Privacy Principle 12 — Access to personal information
- Requests to access personal information
Individuals are generally entitled to access the personal information we hold about them and in such circumstances, we will require individuals to identify themselves to our satisfaction. CBB will respond to the request for access to the personal information within a reasonable period after the request is made; and give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so. On occasion we will ask that individuals put their requests in writing. This would include instances where an individual wants copies of material or access to archived information or if the nature of the application makes it necessary for us to retain a record of the request.
- Access to personal information via the CBB website
Individuals may be able to access some personal information via the Client Login Area of the CBB website. Access to personal information via the CBB website requires the use of the individual’s NCB number and password. No personal information is openly posted on the internet.
- Refusal to access personal information
CBB is not required to give an individual access where:
a) we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
b) giving access would have an unreasonable impact on the privacy of other individuals; or
c) the request for access is frivolous or vexatious; or
d) the information relates to existing or anticipated legal proceedings between CBB and the individual, and would not be accessible by the process of discovery in those proceedings; or
e) giving access would reveal the intentions of CBB in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
f) giving access would be unlawful; or
g) denying access is required or authorised by or under an Australian law or a court/tribunal order; or
h) both of the following apply:
i. CBB has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to CBB’s functions or activities has been, is being or may be engaged in;
ii. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
j) giving access would reveal evaluative information generated within CBB in connection with a commercially sensitive decision-making process. Where an information privacy request made by an individual is refused,
CBB will provide the individual with:
a) a reason for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
b) the mechanisms available to complain about the refusal; and
c) any other matter prescribed by the regulations.
- Fees for accessing personal information
In some circumstances, CBB may charge a service fee to retrieve an individual’s personal information, based on our costs (internal and external) in locating the information and the form of response the individual requires. If CBB intends to charge a service fee we will give the individual an estimate of this fee so that the individual can confirm that he/she still wants us to proceed with his/her request. This fee will not be excessive and will not apply to the making of the request.
Australian Privacy Principle 13 — Correction of personal information
- Correcting personal information
CBB takes reasonable steps to ensure the personal information we collect is accurate, up-to-date and complete. We do this through the following methods:
a) From mid 2014, users of the Client Login area of the CBB website are able to submit changes to their information via the website. This will then be verified by CBB prior to making an update on our system. In some cases we may require individuals to verify the change of information. This is to protect the individuals’ personal information.
b) Prior to mid 2014, salary packaging clients can update personal information by contacting CBB on 1300 763 505 or firstname.lastname@example.org.
c) Subscribers to CBB eNews can update their contact details via the link contained within the footer of eNews publications.
d) Subscribers to Community News (CBB’s quarterly newsletter) can update their contact details via the form included with the newsletter.
e) All other individuals can update personal information by contacting 08 8444 9700 or email@example.com. Unless we disagree with an individual about the accuracy or completeness of a record, we will generally correct it upon request (or suggest alternative arrangements for updating our records).
- Requests to correct personal information
CBB will respond to requests to correct personal information held by CBB within a reasonable period after the request is made. CBB will not charge the individual for the making of the request, for correcting the personal information or for associating the statement with the personal information (as outlined in point 3, below.
- Notification of correction to third parties
If CBB corrects personal information about an individual that we previously disclosed to another entity, and the individual requests CBB to notify the other entity of the correction, CBB will take such steps (if any) as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
- Refusal to correct personal information
If at any point we disagree about the accuracy or completeness of personal information, we will provide individuals with a) the reasons for the refusal except to the extent that it would be unreasonable to do so; and b) the mechanisms available to complain about the refusal; and c) any other matter prescribed by the regulations. If the individual requests us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, CBB will take such steps as are reasonable in the circumstances to associate the statement in such a way that will make the statement apparent to users of the information.
This website and its content is copyright © CBB the not4profit people. All rights reserved.
Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:
- you may print or download to a local hard disk extracts for your personal and non-commercial use only
- you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material
You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.
While it is with our best efforts we have endeavoured to provide all information as accurately as possible on this website, we do not give any guarantee of the accuracy or completeness of the content.
All text and imagery distributed on this website are an information source only on matters of interest. All information on this site is subject to change without notice. We make no representations, statements or warranties about the completeness or accuracy of the results obtained from the use of any material contained in this website or any website you may access through this website. We provide links to other sites for your convenience only and we take no responsibility for the accuracy, information or results obtained by you on visiting those sites.
CBB disclaim all responsibility and all liability without limitation for all expenses, losses, damages and costs you may incur as a result of the material published on this website or any linking website. It is the user’s responsibility to ensure that you have the appropriate precautions in place to avoid computer and software damage due to destructive viruses, worms or similar while visiting our website or any linking website.