Privacy Policy

The Board of Buninyong Golf Club (BGC) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.

Purpose

The purpose of this document is to provide a framework for BGC in dealing with privacy considerations.

Policy

BGC collects and administers a range of personal information for the purposes of facilitating Club operations. BGC is committed to protecting the privacy of personal information it collects, holds and administers. The Club recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other. These privacy values are reflected in and supported by our core values and philosophies and our Code of Conduct Policy and Procedures, the Associations Incorporated Reform Act 2012 (Vic) and associated Regulations which govern this Club. BGC is bound by these policies and laws which impose specific obligations when it comes to handling information. The Club has adopted the following principles contained as minimum standards in relation to handling personal information. BGC will: - Collect only information which the organisation requires for its primary function; - Ensure that members, visitors, clients and stakeholders are informed as to why we collect the information and how we administer the information gathered; - Use and disclose personal information only for our primary functions or a directly related purpose, or for another purpose with the person’s consent; - Store personal information securely, protecting it from unauthorised access; and, - Provide members with access to information according to the Associations Incorporations Reform Act 2012 and associated Regulations, as well as Golf Australia, GolfLink and Micropower agreements. - Provide members with the opportunity to correct their own information.

Responsibilities

The Board of Directors of BGC is responsible for developing, adopting, reviewing and overseeing the implementation of this policy. Additionally, the Board is also responsible for monitoring changes in Privacy and other legislation, and for advising on the need to review or revise this policy as and when the need arises.

Processes: Collection

BGC will: - only collect information that is necessary for the performance and primary function of the Club. - notify members and stakeholders about why we collect the information and how it is administered. - notify members and stakeholders that certain information is accessible to them - collect personal information from the person themselves wherever possible. - if collecting personal information from a third party, be able to advise the person whom the information concerns, from whom their personal information has been collected. - collect sensitive information only with the person’s consent. (Sensitive information includes health information and information about religious beliefs, race, gender and others). - determine, where unsolicited information is received, whether the personal information could have collected it in the usual way, and then if it could have, it will be treated normally. (If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information). - in relation to personal information of job applicants, staff members and contractors, BGC primary purpose of collection is to assess and (if successful) to engage the applicant, staff member or contractor as the case may be. - the purposes for which BGC uses personal information of job applicants, staff members and contractors include: - to assess and possibly engage the applicant. - for insurance purposes. - to satisfy the BGC legal obligations towards employees. Where BGC receives unsolicited job applications these will usually be dealt with in accordance with the unsolicited personal information requirements of the Privacy Act (Cth), and the Associations Incorporations Reform Act 2012 (Vic) and Regulations.

Processes: Use and Disclosure

BGC will: - only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose. - for other uses, BGC, will obtain consent from the person concerned. - in relation to a secondary purpose, use or disclose the personal information only where: - the person has consented; or - certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health or safety. - not use personal information in marketing without the consent of the person concerned, - use members personal information according to the Associations Incorporation Reform Act 2012 (Vic) and Regulations, the Club Constitution, and as per the Club’s legal agreements with Golf Australia, Golf Link and Micropower. - provide members access to personal information or not according to Associations Incorporation Reform Act 2012 (Vic) and Regulations.

Processes: Storage

BGC will: - implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorized access, interference, unauthorized modification or disclosure. - before BGC discloses any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant. The Club will have systems which provide sufficient security. - ensure that BGC data is up to date, accurate and complete. - secure employees’ personal details.

Processes: Destruction and de-identification

BGC will: - destroy personal information according to Associations Incorporation Reform Act 2012 (Vic) and Regulations. - destroy personal information once is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones. - change information to a pseudonym or treat it anonymously if required by the person whose information BGC holds and will not use any government related identifiers unless they are reasonably necessary for Club functions.

Processes: Data Quality

BGC will: - take reasonable steps to ensure the information BGC collects is accurate, complete, up to date, and relevant to the functions the Club performs. - on a regular basis, request that members update their personal details.

Processes: Data Security and Retention

BGC will: - retain business and other documents as required by law and by Associations Incorporation Reform Act 2012 (Vic) and Regulations and the Club’s Constitution. - destroy records in accordance with the organisation’s Privacy Policy and Procedures and as required law and by Associations Incorporation Reform Act 2012 (Vic) and Regulations and the Club’s Constitution.

Processes: Openness

BGC will ensure members and stakeholders are aware of this Privacy Policy and Procedures and its purposes.

Processes: Access and Correction

BGC will ensure and operationalise members right to seek access to information held about them and to correct inaccurate, incomplete, misleading or not up to date details, according to Associations Incorporation Reform Act 2012 (Vic) and Regulations.

Processes: Anonymity

BGC will allow members from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis.

Processes: Making information available to other organisations

BGC can release information to third parties where it is requested by the person concerned.

Related Documents

- Acceptable use of Social Media Policy and Procedure - Confidentiality Policy and Procedures - Child Protection Policy and Procedures - Code of Conduct Policy and Procedures - Disciplinary processes as per BGC Constitution - Email Retention and Archiving Policy and Procedures - Staff Disciplinary Policy and Procedures