We collect, hold, use and disclose personal information when it is needed for, or related to, our legislative functions and activities, or where it is permitted or required by law.
Purposes for collection
We collect personal information from you directly, from third parties, and from publicly available sources.
For example, we collect personal information when handling requests for assistance, receiving documents lodged with us, conducting education activities, investigating suspected breaches of the legislation for which we are responsible and taking court action.
We only collect your personal information from third parties where you consent, where we are authorised or required to do so by law, or where it would not otherwise be reasonable or practicable to inform you that we have collected the information. We also collect personal information through our website.
Using and disclosing personal information
We only use and disclose your personal information for the purpose for which it was collected, unless:
- we obtain your consent to use the personal information for a different purpose
- you would reasonably expect us to use the personal information for a different but related purpose (and if the personal information is sensitive information, that the purpose is directly related to the collection purpose)
- we are required or authorised by law to use the information
- we reasonably believe that the use is necessary for our enforcement activities (such as to gather intelligence or take enforcement action).
If we collect personal information in the course of carrying out one of our functions, and the information is relevant to another of our regulatory functions, we will, in general, use that personal information for that other purpose.
The persons or bodies to whom we may disclose personal information include the public (if the personal information is required to be published in a register that can be searched by the public or is published on our website), lawyers and other service providers who we engage, courts and tribunals, parliamentary committees, and applicants under the Freedom of Information Act 1982 (FOI Act). We are also authorised to give personal information to other Commonwealth, State or Territory government or law enforcement agencies where it’s likely to help with the administration or enforcement of a law.
Storage and security of information
We store personal information in electronic systems and paper files. We take steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure, and against other misuse. Where we store information in electronic databases or in hosted cloud based storage systems, those services are hosted in Australia.
If a data breach occurs and personal information that we hold about you is subject to unauthorised loss, use or disclosure, we will respond in accordance with the Privacy Act.
If we reasonably suspect that there has been unauthorised access or disclosure which would be likely to result in serious harm to affected individuals, we will take expeditious steps to remedy any breach and notify affected individuals, the Office of the Australian Information Commissioner (OAIC) and other relevant agencies about this.
When no longer required, we destroy personal information in accordance with the Fair Work Ombudsman and Registered Organisations Commission Entity’s (FWOROCE) Record Disposal Authority as approved by the National Archives of Australia or as part of normal administrative practice.
Accessing or correcting your personal information
If you ask, in most cases we will give you access to the personal information that we have about you. We will also take reasonable steps to correct your personal information if we agree that it is incorrect. We try to make these processes as simple as possible.
Should you wish to gain access to, or correction of, your personal information held by the Registered Organisations Commission, please contact us by emailing firstname.lastname@example.org.
If your request relates to information we may hold about your sex and/or gender, we will act consistently with the Australian Government Guidelines on the Recognition of Sex and Gender .
How to contact us or make a complaint
To contact us about a privacy matter or to complain to us about the handling of your personal information please email us at email@example.com or write to us at:
Registered Organisations Commission
GPO Box 2983
Melbourne VIC 3001
The OAIC’s website contains further information on privacy. Please visit www.oaic.gov.au .
Privacy Impact Assessment Register
This register lists privacy impact assessments undertaken by the Registered Organisations Commission.
20 Dec 2018
Privacy Impact Assessment Report for the Registered Organisations Commission on Changing Case Management System from CMS Plus to caseHQ
This is available by contacting the Registered Organisations Commission’s privacy officer at firstname.lastname@example.org