Taronga Privacy Statement
Taronga Conservation Society Australia (Taronga) takes the privacy of our people, students, guests, donors and digital community seriously. We must comply with the NSW Privacy and Personal Information Protection Act 1998 (PPIPA) and the NSW Health Records and Information Privacy Act 2002 (HRIPA) which establish legal obligations and standards for collecting and dealing with personal information to minimise the risk of misuse of that information. The principles outlined in the PPIPA and HRIPA inform when and how personal information is collected, stored, accessed, amended, used and disclosed by Taronga. Taronga also has an obligation to destroy information that is no longer required for the purpose for which it was collected.
In accordance with Section 33 of the PIPPA, Taronga has a Privacy Management Plan. The Plan:
- details Taronga’s commitment to protecting the privacy of our staff, students, guests, donors, digital community and others about whom Taronga holds personal and health information
- informs Taronga staff about how to manage and protect personal and health information
- describes how a person can request access to and/or amendment of their personal or health information held by us
- establishes a framework for integrating the principles in the PPIPA and HRIPA into existing and future policies, guidelines and procedures that address information issues
- details complaint handling and internal review procedures including how to make a compliant or request an internal review
- explains the right and process of applying to the NSW Civil and Administrative Tribunal, in cases where a person remains dissatisfied with internal review findings.
Key information is also summarised below.
1. Personal information
Personal information is defined as ‘information or an opinion about an individual whose identity is apparent or can be reasonably ascertained from the information or opinion’ (PPIPA, Section 4). Personal information is information that identifies a person and could be:
- a written record which may include a person’s name, address and other details about a person
- electronic records, photographs, images, video or audio footage and maps
- biometric information such as fingerprints, blood, and records of genetic material.
Some exceptions apply as detailed in the Privacy Management Plan.
2. Collection of personal information
Taronga collects personal information only for a lawful purpose that is directly related to our work, and is reasonably necessary for that work. A summary of the types of information collected is included in the Privacy Management Plan.
We only collect personal information directly from a person, unless the person has authorised someone else to give it to us; or, if the person is under 16 years of age, the parent or guardian has provided it.
3. Storage of personal information
Each of Taronga’s business units apply appropriate security to protect personal information. The security of information extends to all stages of the information life cycle, from the time of creation, while it is actively used, to archiving and destruction.
4. Accessing or amending personal information
A person can ask for access to and/or amendment of personal information held about them. To make an access or amendment request, contact the business area holding the information (if known) or contact the Privacy Officer.
5. Use of personal information
Taronga only uses personal information for the purposes for which it was collected. If there is a need to use the information for another purpose, Taronga is required to ask for the person’s consent except in specific circumstances detailed in the Privacy Management Plan. Consent is only genuine if a person has the capacity to give or withhold consent. For consent to be valid it must be voluntary, informed, specific and current.
6. Disposal of personal information
Taronga does not keep personal information any longer than is necessary. Once personal information is no longer required, our staff ensure it is securely disposed of and protected against misuse. Taronga’s Records Management Policy and the State Records Act 1998 provide guidance on how to do this.
7. Complaints and internal review
If a person believes that Taronga may have breached their privacy, or have not complied with a request for access or amendment, they can:
- raise an informal complaint;
- raise a formal complaint; or
- submit an application for internal review of conduct with us.
In each case, the person should contact the relevant area, if known, to discuss their issue in the first instance.
A complaint can also be lodged with the Information and Privacy Commission.
For further information or to provide feedback on Taronga’s Privacy Management Plan, please contact the Privacy Officer.
Taronga Conservation Society Australia,
PO Box 20,
osman, NSW 2088
Phone: +61 (0)2 9969 2777