Privacy Statement
LeisureNet Australasia is committed to protecting the privacy of personal information.

National Privacy Principles
We have applied the Australian National Privacy Principles set out in the Privacy Act 1988 to the way we collect, use, store, disclose, and destroy personal and sensitive information.

What is personal information?
This is information about individuals where it is possible to identify that individual. It may include information such as name, contact details, age, or financial details.

What is sensitive information?
This is a particular kind of personal information and includes information about an individual’s health; racial or ethnic origins; membership of political, professional or trade associations; political opinions or philosophical or religious beliefs; criminal record; or sexual preferences.

Why do we collect personal and sensitive information?
We may directly or indirectly collect this information to enable us to send out relevant information to a customer that has requested or ordered such information.

What do we do with the personal and sensitive information we collect?
Unless you request otherwise, we may disclose this information to other organisations where we believe it is necessary to assist us and them in providing their services. Recipients will typically be insurers for Accreditation and premium discount purposes, and business owners for those accredited operators who wish to have their information passed on to potential employers.

We also use the information for administrative purposes such as processing applications for Assessment and Accreditation. If you do not provide the required information, it may not be possible to process your application for Assessment or Accreditation.

We may sometimes be required by law, such as under legislation or by court order, to disclose some of your personal information.

We take reasonable steps to ensure that whenever we collect, use or disclose personal information it is accurate, complete, and up to date.

What you are required to do
If you provide us with personal information about other individuals, we rely on you to have made them aware that you will or may provide their information to us, the purposes for which we use it, the types of third parties we disclose it to, and how they can access it (as described in this document). If it is sensitive information, we rely on you to have obtained their consent to the above. If you have not done these things, you must tell us before you provide the relevant information.

If we give you personal information, you and your representatives must only use it for the agreed purposes.

Where relevant, you must meet the requirements of the National Privacy Principles when you collect, use and handle personal information on our behalf.

You must also ensure that your agents, employees, and contractors meet all of these requirements.

Security of your personal information
We may store your personal information electronically or in hard copy. We endeavour to protect it from misuse and loss, and from unauthorised access, modification, and disclosure.

How you can contact us Please contact us at LeisureNet Australasia if you would like to

Find out more about the way we manage personal information Access your personal information held by LeisureNet Australasia Provide details for LeisureNet Australasia to correct or update your personal information Complain about a breach of privacy by LeisureNet Australasia If you do not want us to disclose your personal information to other organisations

Contact Privacy Officer LeisureNet Australasia Locked Bag 3451 Tuggerah NSW 2259 Phone: 02 4355 4800 Fax: 02 4355 4800

The Privacy Amendment (Private Sector) Act 2000 is based on the National Privacy Principles (NPPs) regulating the collection, storage, access to, use, disclosure and de-identification of personal information.

The NPPs apply to ‘organisations’ in the private sector, including an individual, a body copy corporate, a partnership, an unincorporated association or a trust. The new legislation, however, does contain a number of exemptions with regard to organisations and activities.

The NPPs establish a minimum standard that private sector organisations must observe when handling personal information. Individual organisations may develop, adopt and enforce their own codes, which must be approved by the Privacy Commissioner as being at least equivalent to the NPPs. In the absence of a specific code, an organisation must comply with the NPPs.

The government has taken a ‘light touch’ approach in developing the privacy legislation. The current law is the least regulatory regime Australia will have. Organisations demonstrating compliance with the law through programs such as the Australian Privacy Seal Audit and Certification Program will improve industry’s chances of maintaining this approach.

Summary of the National Privacy Principles (NPP's)

1. Collection
	Must only collect personal information that is necessary for one or more of its functions or activities
	Must collect personal information only by lawful and fair means and not in an unreasonably intrusive way
	Must take reasonable steps to ensure that the individual from whom personal information is collected is aware:
		of the identity and contact details for the organisation
		that the individual can access information
		why the information is collected
		to whom the information is usually disclosed
		any law requiring the collection
		main consequences for the individual if the information is not provided
	If reasonable and practicable, collect from the individual directly
	If personal information is collected from third parties, must take reasonable steps to ensure the individual is aware of matters listed under third bullet point above.

2. Use and Disclosure
Must not use or disclose other than for the primary purpose of collection (namely a secondary purpose) unless:
	individual consent; or
	secondary purpose is related to primary purpose (directly related in the case of sensitive information) and reasonable expected by individual; or
	direct marketing and information not “sensitive”, impracticable to obtain consent and individual can opt out; or
	direct marketing and information “sensitive”, consent from individual.
	In direct marketing, customer must be given the option not to receive communications both at the time of first contact and at any time afterwards.

4. Data Security
Must take reasonable steps that:
	Personal information is protected from misuse, loss, unauthorised access, modification or disclosure
	Personal information is destroyed or permanently de-identified if no longer needed.

5. Openness
Must have available on request a clearly expressed policy statement outlining personal information handling practices.
	On request, take reasonable steps to let a person know what personal information it holds, for what purposes, how it collects, holds, uses and discloses that information.

6. Access and Correction
Must provide an individual with access to personal information about that individual.
	May charge a reasonable fee for access
	Must take reasonable steps to correct information.

9. Transborder Data Flows
May only transfer information to someone in a foreign country if:
	recipient is subject to law/scheme/contract substantially similar to the National Privacy Principles; or
	individual has consented; or
	transfer necessary for the performance of the contract between the individual and the organisation.

10. Sensitive Information
Must not collect sensitive information unless:
	individual has consented; or
	collection required by law.