This policy has been drafted having regard to Optus' obligations under the Telecommunications Act 1997 and the Privacy Act 1988 (including the National Privacy Principles) (the Privacy Act). Nothing in this Policy changes Optus' existing obligations under the credit reporting requirements of the Privacy Act.
This Policy is a public document and has been prepared in light of National Privacy Principle 5, Openness.
1.1 Optus will only collect Personal Information where the information is necessary for Optus to perform one or more of its functions or activities. In this context, "collect" means gather, acquire or obtain by any means, information in circumstances where the individual is identifiable or identified.
1.2 Optus collects Personal Information primarily to supply customers with the products and services ordered from it and its related companies. Optus also collects and uses Personal Information for secondary purposes including:
(i) billing and account management;
(ii) business planning and product development; and
(iii) to provide individuals with relevant advertisements and relevant information about promotions, as well as the products and services of Optus and other organisations.
1.3 Optus will notify individuals (including, but not limited to, our customers) of the matters listed below before collecting any Personal Information:
i) the main reason that we are collecting Personal Information (this reason will be the Primary Purpose);
ii) other related Uses or Disclosures that we may make of the Personal Information (Secondary Purposes);
iii) our identity and how individuals can contact us, if this is not obvious;
iv) that individuals can access the Personal Information that Optus holds about them;
v) that individuals should contact our customer service department (even if they are not a customer) if wish to access or correct Personal Information collected by us or have any concerns in relation to Personal Information;
vi) the organisations or types of organisations to whom we usually Disclose the Personal Information including Related Bodies Corporates and contractors;
vii) where applicable, any law that requires the Personal Information to be collected (for example, information that is required to be collected for the Integrated Public Number Database which is used by directory publishers);
viii) the consequences (if any) for the individual if all or part of the Personal Information is not provided to Optus.
1.4 Where it is not practicable for Optus to notify individuals of all of the Collection Information before the collection of Personal Information, Optus will ensure that individuals are notified of the Collection Information as soon as possible after the collection. Optus will provide "post collection notification" in those circumstances where it is not practicable to notify individuals about the collection of their personal information before it is collected.
1.5 When collecting Personal Information over the telephone, it may not always be practicable to provide all the Collection Information at that time. In such circumstances, we will provide the individual with Optus' contact details, and then provide the balance of the Collection Information in a confirming letter.
1.6 Optus will not collect Sensitive Information from individuals except with consent and only where it is necessary for Optus to collect such information for an activity or function.
1.7 Optus will not collect Personal Information secretly or in an underhanded way.
1.8 Optus will take steps to ensure that individuals on purchased lists are or have been notified of the information as outlined at 1.3.
2.1 Optus will obtain an individual's consent for Use of non-sensitive Personal Information for Secondary Purposes at the time of collection, unless the Use is a related Secondary Purpose which would be within the relevant individual's Reasonable Expectations.
2.2 Optus Uses Personal Information primarily for the purposes listed in 1.2 above.
2.3 If Optus relies on the Direct Marketing exception to Direct Market to individuals it will ensure that:
i) individuals are clearly notified of their right to Opt Out from further Direct Marketing;
ii) there is only one Use of the information before the Opt Out right is given and this Use applies across all Optus' Related Bodies Corporate (if the information is shared between those Related Bodies Corporate);
iii) the individual is given an Opt Out in all further instances of Direct Marketing if they have not previously chosen to Opt Out; and
iv) if the individual Opts Out of all Direct Marketing the Opt Out will be respected by Optus and all its Related Bodies Corporate.
2.4 Optus will not use Sensitive Information for Direct Marketing.
2.5 Optus may use Personal Information to avoid an imminent threat to a person's life or to public safety. It may also use Personal Information for reasons related to law enforcement or internal investigations into unlawful activities.
2.6 Optus will not use Personal Information without taking reasonable steps to ensure that the information is accurate, complete and up to date.
2.7 Optus will not attempt to match de-identified or anonymous data collected through surveys or such online devices as "cookies", with information identifying an individual, without the consent of the relevant individual.
3.1 Optus may Disclose Personal Information to related or unrelated third parties if consent has been obtained from the individual. This will include obtaining the individual's consent for Disclosures made under the credit reporting requirements of the Privacy Act.
3.2 Optus may Disclose Personal Information between Related Bodies Corporate. Where information is Disclosed to such a Related Body Corporate, that Related Body Corporate is bound by the original Primary Purpose for which the information was collected.
3.3 Optus may Disclose Personal Information to unrelated third parties to enable outsourcing of functions (such as billing), where that is Disclosure or Use for a related Secondary Purpose and has been notified to individuals or where such Disclosure is within the individual's Reasonable Expectations. Individuals will be notified of Optus' usual Disclosures via the Collection Information, as outlined in 1.3.
3.4 Optus will take reasonable steps to ensure that its contracts with third parties include requirements for third parties to comply with the Use and Disclosure requirements of the Privacy Act.
3.5 Optus may Disclose Personal Information to law enforcement agencies, government agencies, courts or external advisers where permitted or required by law.
3.6 Optus may Disclose Personal Information to avoid an imminent threat to a person's life or to public safety.
3.7 If a Disclosure is not for a Primary Purpose; is not for a related Secondary Purpose; or upfront consent has not been obtained, Optus will not Disclose Personal Information otherwise than in accordance with the exceptions set out at 3.1 to 3.6 above.
3.8 Optus does not generally sell or share its customer lists on a commercial basis with third parties but if it did, it would only do so if we had the appropriate consent of the individual involved. If the consent provided is conditional, Optus will take steps to ensure (by contract) that the use of its customer list by third parties does not exceed the scope of the consent.
4. Information quality
4.1 Optus will review, on a regular and ongoing basis, its collection and storage practices to ascertain how improvements to accuracy can be achieved.
4.2 Optus will take steps to destroy or de-identify Personal Information after as short a time as possible and after a maximum of seven years, unless the law requires otherwise.
5. Information security
5.1 Optus requires employees and contractors to perform their duties in a manner that is consistent with Optus' legal responsibilities in relation to privacy.
5.2 Optus will take all reasonable steps to ensure that paper and electronic records containing Personal Information are stored in facilities that are only accessible by people within Optus who have a genuine "need to know" as well as "right to know".
5.3 Optus will review, on a regular and ongoing basis, its information security practices to ascertain how ongoing responsibilities can be achieved and maintained.
6. Access and correction
6.1 Optus will allow its records containing Personal Information to be accessed by the individual concerned in accordance with the Privacy Act.
6.2 Optus will correct its records containing Personal Information as soon as practically possible, at the request of the individual concerned in accordance with the Privacy Act.
6.3 Individuals wishing to lodge a request to access and/or correct their Personal Information should do so by contacting Optus Customer Service, as per the details on the back of this document. While some requests for access may be handled by Customer Service, it may be necessary for your request to be escalated to the Optus Customer Relations Group.
6.4 Optus will not normally charge a fee for processing an access request unless the request is complex or is resource intensive. Optus does, however, reserve the right to charge a $25.00 administration fee if an individual requests access to their Personal Information more than once in a three month period.
6.5 Where Optus offers on-line account management facilities, customers can use this capability to control aspects of their account, including amending or updating certain Personal Information.
7.1 Optus' Customer Service representatives will be the first point of contact for inquiries about privacy issues. Individuals wishing to make an inquiry or complaint regarding privacy, should do so by contacting Optus Customer Service, as per the details on the back of this document.
7.2 Privacy complaints will be managed in accordance with Optus' Complaint Handling Policy, which complies with the C628:2007 Telecommunications Consumer Protections Industry Code (as amended from time to time).
8. Anonymous transactions
8.1 Optus will not make it mandatory for visitors to its web sites to provide Personal Information unless such Personal Information is required to answer an inquiry or provide a service. Optus may however request visitors to provide Personal Information voluntarily to Optus (for example, as part of a competition or questionnaire).
8.2 Optus will allow its customers to transact with it anonymously wherever that is reasonable and practicable.
9. Transferring personal information overseas
9.1 Optus will take reasonable steps to limit the amount of Personal Information it sends to unrelated organisations overseas.
9.2 If Personal Information must be sent by Optus overseas for sound business reasons, Optus will require the overseas organisation receiving the information to provide a binding undertaking that it will handle that information in accordance with the National Privacy Principles, preferably as part of the services contract.
Collection Information means the information outlined in 1.3 notified to individuals prior to, or as soon as practical after, the collection of their Personal Information.
Direct Marketing means the marketing of goods or services through means of communication including written, verbal or electronic means. The goods or services which are marketed may be those of Optus or a Related Body Corporate or those of an independent third party organisation.
Disclosure generally means the release of information outside Optus, including under a contract to carry out an "outsourced function".
Health Information means:
(a) information or an opinion about:
(i) the health or a disability (at any time) of an individual; or
(ii) an individual's expressed wishes about the future provision of health services to him or her; or
(iii) a health service provided or to be provided to an individual;that is also personal information; or
(b) other personal information collected to provide or in providing a health service; or
(c) other personal information about an individual collected in connection with the donation; or intended donation by the individual of his or her body parts or body substances.Opt Out means an individual's expressed request not to receive further Direct Marketing.
Optus means all companies in the Optus group, including Optus Networks Pty Limited, Optus Mobile Pty Limited and Optus Administration Pty Limited and their Related Bodies Corporate.
Personal Information means information or an opinion (including information or an opinion forming part of a database), whether true or not and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained from the information or opinion.
Primary Purpose is the dominant or fundamental reason for information being collected in a particular transaction.
Reasonable Expectation means a reasonable individual's expectation that their personal information might be Used or Disclosed for the particular purpose.
Related Body Corporate means that where a body corporate is:
a holding company of another body corporate;
a subsidiary of another body corporate; or
a subsidiary of a holding company of another body corporate,
the first mentioned body corporate and the other body corporate (either or both of which may be located in or outside Australia) are deemed to be related to each other
Sensitive Information means:
(a) information or an opinion about an individual's:
(i) racial or ethnic origin; or
(ii) political opinions; or
(iii) membership of a political association; or
(iv) religious beliefs or affiliations; or
(v) philosophical beliefs; or
(vi) membership of a professional or trade association; or
(vii) membership of a trade union; or
(viii) sexual preferences or practices; or
(ix) criminal record; that is also personal information or
(b) Health Information or genetic information about an individual.
Use means the handling of Personal Information within Optus.
Telephone: 133 345
TTY: 1800 500 002
TTY (mobile): 1800 123 124
Online: via www.optus.com.au
PO Box 306 Salisbury South SA 5106
This policy was last updated on 10 May 2013
|Amendment Date||Change Made|
|10 May 2013||