The Grain Industry Association of Western Australia Inc. (GIWA, we, us, our) is committed to treating the personal information it collects in accordance with the Australian Privacy Principles (APPs) outlined in the Privacy Act 1988 (Cth) (Privacy Act).
This Privacy Policy sets out how GIWA handles personal information about you in a fair and responsible manner. It does not apply to personal information GIWA collects that is exempt under the Privacy Act.
GIWA may modify this Privacy Policy from time to time to reflect its current privacy practices and any legislative requirements and will notify you by posting an updated version of the policy to our website. We recommend that you review our Privacy Policy each time you visit our website or provide us with your personal information.
If you require any further information about our privacy practices, we welcome you to get in touch with us by using the contact details set out at the end of this Privacy Policy.
What is personal information?
Personal information is defined in the Privacy Act as information or opinion about an identified individual (or an individual who is reasonably identifiable) whether the information or opinion is true or not and whether the information or opinion is recorded in material form or not.
Sensitive information is a subset of personal information that is afforded higher levels of protection under the Privacy Act. It includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious beliefs, sexual orientation, criminal record or health information.
What personal information does GIWA collect and hold?
The type of personal information GIWA collects and holds will depend on how you interact with GIWA.
GIWA may collect personal information about you which allows GIWA to carry on its business, including:
- name, phone number, email address, postal address, date of birth, occupation;
- banking information
- business information
- current associations or current memberships
How we collect personal information
We will always aim to collect personal information directly from you, where practicable. Personal information may be collected directly from you in a few ways, for example, when you register to attend a GIWA event, as a response to a request for information made by GIWA, as part of any forms you may need to submit to GIWA or during the process of entering into an agreement with GIWA.
How does GIWA use personal information?
The primary purposes for which GIWA collects and uses personal information are:
- providing you with information and services as a GIWA member.
- payment of membership services;
- making payment to you and receiving payment from you; and
- enabling GIWA to meet its legal and regulatory obligations.
When does GIWA disclose personal information?
GIWA only discloses personal information in accordance with the purpose for which it was collected or a related purpose that you would reasonably expect, as permitted by law or otherwise with your consent which may at times be implied from your dealings with GIWA.
We may be required to disclose your personal information by law, by court order or to investigate suspected fraud or other unlawful activity. We may also disclose your personal information to third parties in certain circumstances including:
- if you agree to the disclosure;
- when we use it for the primary purpose for which it was collected (e.g., to provide you with goods and/or services);
- if you would reasonably expect us to disclose the information for a secondary purpose related to the primary purpose;
- where disclosure is required or permitted by law;
- to our related entities, in accordance with the Privacy Act;
- if disclosure will prevent or lessen a serious or imminent threat to someone’s life or health; or
- where it is reasonably necessary for an enforcement related activity.
Disclose to overseas recipients
In general, GIWA does not provide any of your personal information to overseas recipients unless permitted by law. Before we disclose your personal information offshore, we will take all reasonable steps to ensure that the overseas recipient of the personal information does not breach the APPs under the Privacy Act. Please note that these requirements do not apply if one of the exceptions below applies:
- you consent to the disclosure, after being informed by us that the receiving entity will not be accountable for breaches, and you will not be able to seek redress under the Privacy Act;
- we reasonably believe that the entity is subject to privacy laws or a binding scheme substantially similar to the Privacy Act, and that you can access the mechanisms that enforce the protection of the law or binding scheme; or
- disclosure is required or authorised by or under an Australian law or a court/tribunal order.
All these overseas disclosures will be made in compliance with the offshore disclosure requirements of the Privacy Act.
GIWA does not use cloud computing solutions or data storage located overseas, in which case information may be stored under the control of GIWA on computer servers which are presently located inside of Australia.
How does GIWA keep your personal information secure?
Once GIWA receives your personal information it takes reasonable steps to keep your personal information secure and protect it from unauthorised access, modification, disclosure, loss, and misuse.
GIWA implements both physical and technological security measures to protect personal information. Physical measures include secure storage and use of security passes to access the GIWA office while technological security measures include firewalls, the use of encryption and passwords and restriction of access to personal information unless necessary for the uses outlined in this Privacy Policy.
GIWA will take steps to notify you of a data breach involving your personal information, as required by the Privacy Act. Where a notification is required, GIWA will advise you, amongst other things, of the nature of the breach and the kind of personal information involved in the incident.
Further detail about the notifiable data breach scheme is provided in this Privacy Policy below.
However, GIWA cannot guarantee that any information that can be accessed or transmitted on the internet is entirely secure. Ultimately you are solely responsible for keeping your passwords and/or account information confidential and you should be careful and responsible whenever you are online.
GIWA retains your personal information only for as long as necessary to fulfil the purposes for which the information was collected, as required by law or in accordance with GIWA records management procedures.
How do I access my personal information?
You are welcome to request that we provide you with access to the personal information we hold about you by contacting us using the details listed at the end of this Privacy Policy. Generally, we will provide you with access to the information unless applicable laws allow us to refuse (and it is reasonable to do so in the circumstances) or prevent us from giving you access to the personal information we hold about you.
Where we agree to provide you with access to your personal information, we may make this conditional on us recovering our reasonable costs of doing so. No fee will be incurred for requesting access, but if your request for access is accepted, you will be notified of the fee payable (if any) for providing access if you proceed with your request.
How do I correct personal information?
You may also lodge a request to correct personal information we hold about you if you believe it is inaccurate, incomplete, irrelevant, misleading, or out of date. Please contact us using the details listed at the end of this Privacy Policy.
GIWA will respond to any such request within a reasonable time. If GIWA refuses to amend the information stored it will provide you with the reasons for its refusal, unless it would be unreasonable to provide those details (for example, where providing reasons would prejudice an investigation of unlawful activity or enforcement action by an enforcement body).
Direct contact
GIWA may use your personal information to among other things, provide you with information, invite you to attend events, or notify you of issues of industry importance.
Generally, we only do so where you consent or where allowed by applicable laws. Our communications to you may be sent in various forms such as by post or by electronic means (including email and SMS). If GIWA does use personal information in this way, you will have the right to opt-out from receiving this information by following the details of any opt-out procedures contained within the material or by contacting GIWA using the details set out at the end of this Privacy Policy.
Our online platforms
We sometimes use cookie technology on our online platforms (including our website and social media accounts) to provide information and services to visitors. Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes and are a necessary part of facilitating online transactions. Most web browsers are set to accept cookies. Cookies are useful to estimate our number of visitors and determine overall traffic patterns through our websites.
We may also collect statistical information regarding the use of our online platforms, including the domains from which website users visit, IP addresses, the dates and times of visits, activities undertaken on our online platforms and other clickstream data. In addition, we may use web beacon technology to monitor internet activity on our websites. A web beacon is a clear-pixel image that generates an anonymous de-identified notice of a websites visit when viewed and usually works in conjunction with a cookie.
If you do not wish to receive any cookies, you may set your browser to refuse cookies. This may mean you will not be able to take full advantage of the services on our online platforms. If you set your browser to refuse cookies, a web beacon may still be able to generate a notice of your visit, but it will not be associated with the information contained in cookies.
Third party links
GIWA’s online platforms may contain links to other websites and those third-party websites may collect personal information about you. GIWA is not responsible for the privacy practices of other businesses or the content of websites that are linked to GIWA’s website. GIWA advises you to read the privacy statements of every website that you access through GIWA’s website.
Notifiable data breaches
A notifiable data breach scheme is currently in place in Australia. We are committed to adhering to this scheme as an important step in preventing and managing serious privacy breaches.
A “data breach” means:
- unauthorised access to, or disclosure, alteration, loss, or destruction of, personal information; or,
- an action that prevents us from accessing personal information on either a temporary or permanent basis.
An “eligible data breach” occurs when there is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates, and we are unable to prevent the likely risk of serious harm with remedial action.
We, including all our people, take breaches of privacy very seriously. If we suspect a privacy breach has occurred, our priority is to contain and assess the suspected breach. In doing so, we will:
- take any necessary immediate action to contain the breach and reduce the risk of harm;
- determine the cause and extent of the breach;
- consider the types of information involved, including whether the personal information is sensitive in nature;
- analyse the nature of the harm that may be caused to affected individuals;
- consider the person or body that has obtained or may obtain personal information as a result of the breach (if known); and
- determine whether the personal information is protected by a security measure.
If we believe an eligible data breach has occurred, we will, as soon as practicable, notify the Commissioner and all affected individuals or, if it is not possible to notify affected individuals, provide public notice of the breach (in a manner that protects the identity of affected individuals).
Employment and recruitment
This Privacy Policy does not apply to our handling of information about employees. For information about our practices relating to employee records, please contact us using the details set out at the end of this Privacy Policy.
If you send us an application to be considered for an advertised position (or unsolicited), this information will be used to assess your application or suitability for employment with us and may be held up to 6 months from submission. This information may be disclosed to our related bodies corporate and service providers for purposes such as aptitude testing or other human resources management activities.
As part of the application process, you may be asked for your consent to the use and disclosure of certain personal information about pre-employment testing. We may also ask you to consent to the disclosure of your personal information to those people who you nominated to provide references. A refusal to provide any of this information, or to consent to any proposed disclosure, may affect the success of the application.
Contacting us
If you have any enquiries or complaints about how we handle your personal information, would like to make a request to access or correct personal information we hold about you, or if you have any other questions about this Privacy Policy, please get in touch with us by contacting our Privacy Officer at:
Attention: Administration Manager
Post: PO Box 1081, Bentley Delivery Centre, WA 6983 Australia
Phone: +61 8 6262 2128
Email: [email protected]
More information about your rights and our obligations in respect to privacy and information on making a privacy complaint are available from the Office of the Australian Information Commissioner at:
Website: www.oaic.gov.au
Phone: 1300 363 992
Email: [email protected]
Referenced documents
Privacy Act 1988
Reviewed April 2023