- how and when GHRC collects personal information;
- how GHRC uses and discloses personal information;
- how GHRC keeps personal information secure, accurate and up-to-date;
- how an individual can access and correct their personal information; and
- how GHRC will facilitate or resolve a privacy complaint.
1. Personal information
1.1. What is Personal Information?
a) Personal information is defined under the Privacy Act 1988 to mean information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is reasonably identifiable, from the information or opinion.
b) Some examples of personal information are your name, residential address, email address, bank details, photos and opinions on your likes and dislikes that can identify you (see paragraph 3.2 below).
c) You do not need to identify yourself when you deal with us (e.g. when enquiring about membership) but there are certain situations where we will only deal with individuals who identify themselves (e.g. providing fitness services).
2. Sensitive Information
2.1 What is Sensitive Information?
a) Sensitive information is a subset of personal information.
b) It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.
2.2 Collection of Sensitive Information
a) In general, we attempt to limit the collection of sensitive information we may collect from you, but depending how you use our products and services this may not always be possible and we may collect sensitive information from you in order to carry out the services provided to you.
b) The type of sensitive information we may collect from you or record about you is dependent on the services provided to you by GHRC and will be limited to the purpose(s) for which it is collected.
c) We do not use sensitive information to send you Direct Marketing Communications (as defined in paragraph 7 below) without your consent.
d) We will not collect sensitive information from you without your consent unless consent is not required by law.
2.3 Consent to collection of certain types of sensitive information
We may collect certain types of sensitive information where you have consented and agreed to the collection of such information. We will obtain your consent at (or around) the point in time in which we collect the information unless consent is not required by law.
The main type of sensitive information that we may collect (if any) will usually relate to your:
a) health or medical information;
b) current or previous membership of a health and fitness facility (if any);
c) biometric identification, such as finger print scans;
d) racial origin and religious beliefs, to the extent these are ascertainable from any photographic identification (such as a driver’s licence or photo identification);
e) family health and medical history;
but only if the sensitive information is necessary for, or incidental to, the purposes of collection set out in paragraph 4.
3. Collection of your personal information
3.1 We will only collect personal information that is necessary for us to provide our products and services to you. This depends ultimately upon the purpose of collection and we have set out the general purposes of collection at paragraph 4 below.
3.2 The type of information includes (but is not limited to) the following:
a) your contact information such as full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
b) your date of birth;
c) proof of your identity (including, but not limited to, driver’s licence, passport, birth certificate);
d) any sensitive personal information listed in paragraph 2.3;
e) emergency contact details;
f) whether you participated in any activity or event organised by the club;
g) photographs or video footage taken at our premises, which may include you;
h) your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by the club; and
i) if you are requesting products or services from us or we are purchasing goods or services from you, then any relevant payment or billing information (including but not limited to bank account details, direct debit, credit card details, billing address, repayment information and invoice details).
3.4 When you engage in certain activities, such as entering a contest or promotion, filling out a survey or sending us feedback, we may ask you to provide certain information, which you may withhold or provide at your own discretion. It is optional for you to engage in these activities.
3.5 Depending upon the reason for requiring the information, some of the information we ask you to provide may be identified as mandatory or voluntary. If you do not provide the mandatory data or any other information we require in order for us to provide our services to you, we may be unable to provide or effectively provide our services to you.
3.6 If you use our website or mobile app, we may utilise “cookies” and “web beacons” which enable us to monitor traffic patterns and to serve you more efficiently if you revisit our website / mobile app. A cookie or web beacon does not identify you personally but may identify your internet service provider, computer or mobile device. You can set your browser or mobile device to notify you when you receive a cookie or web beacon and this will provide you with an opportunity to either accept or reject it in each instance.
4. Use and disclosure of your personal information
4.1 We will only use or disclose your personal information for the primary purposes for which it was collected or as consented to and/or as set out below.
4.2 You consent to us using and disclosing your personal information to facilitate a purpose in connection with:
a) if required, the verification of your identity, including the verification of your date of birth, if applicable;
b) facilitating membership or facility usage requirements;
c) provision of our products and services to you, which shall include but is not limited to:
I. the administration and management of our products and services, including charging, billing, credit card authorisation and verification, checks for financial standing, credit-worthiness (including but not limited to undertaking an assessment for credit loss and obtaining credit references, if applicable), fraud and collecting debts; and
II. to offer you updates, or other content or products and services provided by GHRC that may be of interest to you;
d) to facilitate the administration, management and improvement of the club, including but not limited to: I. the use of your personal information collected in accordance with paragraph 3.1 in the administration and management of the club; II. the management, governance and administration of the club, including but not limited to any management and governance meetings of the club ;
e) if applicable, any requirement to include you in various registers maintained by the club including, but not limited to, the register of excluded persons;
f) facilitating medical assistance in the event of a medical emergency, or to provide you with medical treatment as requested by you;
g) your participation in any activity or event organised by the GHRC including those delivered outside the facility and administered by a third-party organisation;
h) co-ordinating, managing and maintaining good order and security of the club and our premises, which shall include but is not limited to protecting the rights and safety of other parties on our premises;
i) investigating and reporting information to third parties regarding any accidents or incidents that may have occurred on our premises;
j) the improvement of our services (including to contact you about those improvements and asking you to participate in surveys about our products and services);
k) the maintenance and development of our products and services, business systems and infrastructure;
l) marketing and promotional activities by us and our related bodies (including by direct mail, telemarketing, email, SMS and MMS messages) such as print or electronic newsletters;
m) to provide customer service functions, including handling customer enquiries and complaints;
n) to offer you updates, or other content or products and services that may be of interest to you;
o) our compliance with applicable laws;
p) the transfer, and matters in connection with a potential transfer, of the club to another entity; and
q) any other matters reasonably necessary to continue to provide our products and services to you.
4.3 We may also use or disclose your personal information and in doing so we are not required to seek your additional consent:
a) when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose (secondary use);
b) if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
c) if we have reason to suspect that unlawful activity has been, or is being, engaged in; or
d) if it is required or authorised by law or formally requested by a statutory or regulatory authority. 4.4 In the event we propose to use or disclose such personal information other than for reasons in 4.1, 4.2, and 4.3 above, we will first seek your consent prior to such disclosure or use.
5. The types of organisations to which we may disclose your personal information
5.1 We may disclose your personal information to other organisations. Examples of organisations and/or parties that your personal information may be provided include:
a) related entities and subsidiaries of the club;
b) our contractors and agents, including but not limited to our professional advisors such as accountants, solicitors and auditors or other companies who assist us in providing our products and services to you.
6. Photographs and Closed Circuit Television
6.1 We use closed circuit televisions (CCTV) at certain locations throughout our premises (e.g. entry and exit) and surrounding areas. The CCTV is integral to our security system and CCTV images are stored for a minimum “retention period” of 28 days (unless an incident is identified, in which case the images are archived and retained for a minimum period of one year after the retention period unless they are given to the relevant authority (e.g. police). The CCTV footage must be archived if requested by the relevant authority.
(Note: If an incident occurs at the venue, CCTV footage for the period leading up to, during and following the incident must be archived and where no incident has been identified, the CCTV footage is automatically deleted within 30 days after the retention period.)
6.2 As indicated in paragraph 3.2(g), we may take photographs of you attending our premises, and we may wish to use them for marketing and advertising purposes. If we notify you of the collection and purpose at the time, unless you advise us otherwise, you expressly agree and consent to the use of any photographs, which may include you, for the aforementioned purposes, without compensation.
7. Direct Marketing
7.1 You expressly consent to us using your personal information, including any email address you give to us, to provide you with information and to tell you about our products, services or events or any other direct marketing activity (including third party products, services, and events) which we consider may be of interest to you.
7.2 You expressly consent to us disclosing your personal information to other organisations (including but not limited to organisations such as those listed in paragraph 5.1) that may also use your personal information for sending you Direct Marketing Communications.
7.3 If at any time, you do not wish to receive any further Direct Marketing Communications from us, or others under paragraph 7.2, you may ask us not to send you any further information about products and services and not to disclose your information to other organisations for that purpose. You may do this at any time by using the “unsubscribe” facility included in the email or by contacting us via the details set out at the end of this document.
8. Cross Border Disclosure
8.1 Any personal information that you provide to us may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand and the United Kingdom, where we may utilise overseas data and website hosting facilities or have entered into contractual arrangements with third party service providers to assist us with providing our goods and services to you. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
8.4 If you do not agree to the transfer of your personal information outside Australia, please contact us via the details set out at the end of this document.
9. Data quality and security
9.1 We have taken steps to help ensure your personal information is safe. You will appreciate, however, that we cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved.
9.2 Notwithstanding the above, we will take reasonable steps to:
a) make sure that the personal information we collect, use or disclose is accurate, complete and up to date;
b) protect your personal information from misuse, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
c) destroy or permanently de-identify personal information if it is no longer needed for its purpose of collection.
9.3 However, the accuracy of personal information depends largely on the information you provide to us, so we recommend that you:
a) let us know if there are any errors in your personal information; and
b) keep us up-to-date with changes to your personal information (such as your name or address).
10. Access to and correction of your personal information
10.1 You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by law (e.g. secrecy provisions under the Anti-Money Laundering and Counter Terrorism Financing Laws). You are also entitled to edit and correct such information if the information is inaccurate, out of date, incomplete, irrelevant or misleading.
10.2 If you would like access to or correct any records of personal information we have about you, you are able to access and update that information (subject to the above) by contacting us via the details set out at the end of this document.
12. Resolving Privacy Complaints
12.1 We have put in place an effective mechanism and procedure to resolve privacy complaints. We will ensure that all complaints are dealt with in a reasonably appropriate timeframe so that any decision (if any decision is required to be made) is made expeditiously and in a manner that does not compromise the integrity or quality of any such decision.
12.2 If you have any inquiries, concerns or complaints about the manner in which we have collected, used or disclosed and stored your personal information, you can tell us by contacting us.
- Telephone: 07 3300 6668
- Email: firstname.lastname@example.org
- Postal Address: 200 Settlement Road, The Gap, QLD 4061
Please mark your correspondence to the attention of the Club Manager.
12.3 In order to resolve a complaint, we:
a) will liaise with you to identify and define the nature and cause of the complaint;
b) may request that you provide the details of the complaint in writing;
c) will keep you informed of the likely time within which we will respond to your complaint; and
d) will inform you of the legislative basis (if any) of our decision in resolving such complaint
12.4 We will keep a record of the complaint and any action taken in a privacy register.
12.5 Persons can refer their complaint to the Office of the Australian Information Commissioner if they are not satisfied with the result of their complaint.
Date of Effect: 19th February 2021