Privacy Policy

Introduction

The Australian Education Union (Union) is the union representing teachers and various other classes of education workers in government schools, TAFE institutions, early childhood education and care work locations and disability services centres. The Union collects personal information in order to conduct its business of representing, advocating and campaigning for the industrial, professional, social, political and economic interests of its members. The Union operates in the political, legal, industrial and social spheres. The Union is committed to protecting your privacy and providing you with information and services relevant to you. The Union complies with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs). This Privacy Policy (Policy) should be read in conjunction with the Privacy Act and the APPs.

In this Policy, the Union means the Australian Education Union and includes its Branches in each state and territory.

How this Policy applies

This Policy applies to personal information the Union collects from you:

  • via one of our websites
  • via social media
  • via telephone
  • via email
  • via fax
  • in person
  • in writing.

This Policy also applies to personal information the Union collects from the Australian Council of Trade Unions (ACTU) or any other third party, about you.

Union websites

The Union websites collect two types of information. The first type is anonymous information. The web server makes a record of your visit and logs the following information for statistical purposes:

  • the user's server address
  • the user's top level domain name (e.g. com, .gov, .net, .au, etc.)
  • the date and time of the visit to the site
  • the pages accessed and documents downloaded
  • the previous site visited; and
  • the type of browser used.

No attempt will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's logs.

Another way information may be collected is through the use of "cookies". A cookie is a small text file that the website may place on your computer. Cookies may be used, among other things, to track the pages you have visited, to remember your preferences and to store personal information about you.

You can adjust your Internet browser to disable cookies or to warn you when cookies are being used. However, if you disable cookies, you may not be able to access certain areas of the Website or take advantage of the improved web site experience that cookies offer.

Our websites, including campaign pages, may also contain links to other websites, social media pages such as Facebook or Twitter or other software programmes. We are not responsible for the privacy policies of the entities responsible for those websites and we recommend that you review the privacy policies applicable to any other websites you visit.

The Union may however collect information, including personal or sensitive information from these other websites or social media pages for the purpose of conducting its business as described above.

The kinds of information the Union may collect

From time to time you may voluntarily supply your personal information to the Union. The Union will record your e-mail address if you send us a message, subscribe to an email newsletter, or complete a form if this information is requested.

When you provide your personal information, it allows us, for example, to assist you with industrial relations and employment queries, inform you about and enable you to participate in industrial, social and political campaigns, and accept your application for membership. You may supply personal information to the Union by, for example, responding to a survey, filling in a meeting attendance sheet, taking part in a competition, completing a membership form, discussing your issues with a delegate, or signing up to a campaign. The Union only collects personal information that is necessary for the Union to perform its functions and/or activities.

Depending upon the circumstances, you may provide to the Union, and the Union may collect, information such as, but not limited to:

  • your name
  • your contact details
  • your social media details (e.g. blogs, twitter, Facebook, LinkedIn)
  • your gender
  • your marital status
  • your employment details
  • your educational qualifications
  • your inquiry or complaint details.

Additionally, some personal information is considered sensitive information and includes:

  • your political, religious or philosophical opinions
  • your political party membership (if any)
  • your union membership (if any)
  • your racial or ethnic origin
  • your sexual orientation
  • any disabilities, illnesses or injuries you may have
  • any other health information.

The Privacy Act allows the Union to collect sensitive information which relates solely to Union members or people who have regular contact with the Union if the sensitive information relates to the Union's activities. We will only collect sensitive information where we have received your consent to your personal information being collected, used, disclosed and stored by the Union in accordance with this Policy.

Where you provide information to the Union in relation to a job application the personal information you provide will only be collected, held, used and disclosed for the purposes of considering your potential employment with the Union. Where you provide the details of referees, you confirm that you have informed the referees that you are providing their contact information to the Union and they have consented to the Union contacting them and discussing the personal information you have provided in relation to the job application.

We will collect personal information directly from you unless:

  • you have consented to the Union's collection of your personal information from third parties - for example, from the ACTU, website platforms or your representatives; or
  • when we are legally required to do so; or
  • it is unreasonable or impractical to do so.

Where we have collected personal information about you either directly or by other means as set out above, we will notify you at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose.

You can choose to interact with us anonymously or by using a pseudonym where it is lawful and practicable. For example, you may wish to participate in a blog or enquire about a particular campaign anonymously or under a pseudonym. Your decision to interact anonymously or by using a pseudonym may affect the level of services we can offer you. For example, we may not be able to assist you with a specific industrial enquiry or investigate a privacy complaint on an anonymous or pseudonymous basis. We will inform you if this is the case and let you know the options available to you.

If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner as if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.

The purposes for which personal information is collected, held, used and disclosed

The Union collects, holds, uses and discloses your personal information to:

  • assist you with industrial relations and employment queries;
  • inform you about, and assist the Union in, industrial, social and political campaigns;
  • inform you about your rights at work;
  • inform you about changes to legislation;
  • refer you to a legal practitioner, accountant or other professional;
  • improve our service delivery;
  • manage our relationship with you;
  • conduct surveys and research;
  • provide educational services and professional development;
  • conduct Union elections;
  • enable a contractor engaged by the Union to provide bulk mail services, provided that the contractor may only use the information to give effect to the contract, and may not provide the information to any third party.

Using your information for direct marketing

You consent to our use and disclosure of your personal information for the purposes of direct marketing which may include providing you with information about events, products or services which may be of interest to you.

If you do not want us to use your personal information for direct marketing purposes, you may elect not to receive direct marketing at the time of providing your personal information.

Unsubscribing and opting out

If you no longer wish to receive direct marketing or other communications from the Union, you may request at any time to cancel your consent to such communications as follows:

  • If subscribing to an email newsletter you may "unsubscribe" at any time from the newsletter mailing list;
  • The Union may, from time to time, send you text messages about issues of importance such as events or campaigns. You may "opt out" by texting STOP in reply to a text message from the Union; or
  • You may contact us at any time by telephone, mail or email directed to our Privacy Officer.

Collection and Disclosure of your personal information

The Union may collect from and/or disclose your personal information, in connection with or to further the purposes outlined above, to:

  • the ACTU;
  • other Australian trade unions;
  • affiliated trades halls or labour councils;
  • government bodies or agencies (including the Fair Work Commission, the Fair Work Ombudsman, the Australian Tax Office, an anti-discrimination body, a work/occupational health and safety regulator);
  • organisations to whom we outsource functions (including information technology providers, print service providers, mail houses);
  • otherwise as you have consented; and/or
  • otherwise as required by law.

If any of these organisations are located outside Australia, you expressly consent to us disclosing your personal information to those organisations. These parties may be located in the following countries:

  • The United States of America

We take reasonable steps to ensure that each organisation from which we collect or to whom we disclose your personal information is committed to protecting your privacy and complies with the Australian Privacy Principles, or is subject to a law or scheme that is at least substantially similar to the way in which the Australian Privacy Principles protect information.

By providing your personal information to the Union, you consent to us transferring your personal information to such other organisations.

How the Union holds personal information

Wherever reasonably practicable the Union holds electronic personal information on data servers that are owned and controlled by the Union in Australia. The data servers are password protected and login secured. However, by providing personal information to the Union you consent to your information being stored and processed on a data server or data servers (e.g. cloud services) owned by a third party or third parties that may be located outside of Australia. The Union will take reasonable steps to ensure that any third party providers comply with the APPs. If personal information is only routed through servers located outside of Australia – this is not regarded as a disclosure.

Wherever reasonably practicable the Union holds physical personal information in access controlled premises.

When the Union no longer requires your personal information for a specific purpose and we are not required to keep it to comply with any laws, we will take such steps as are reasonable in the circumstances to destroy your personal information or to ensure that the information is de-identified.

Data Breaches

The Notifiable Data Breaches Scheme commenced on 22 February 2018.This affects breaches that occurred on or after this date.

The Notifiable Data Breaches Scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.The notification must include recommendations about the steps taken in response to the breach.The Australian Information Commissioner must be notified of an Eligible Data Breach.

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.

An eligible data breach arises when the following three criteria are satisfied:

  1. There is unauthorised access to, or unauthorised disclosure of, personal information, or a loss of personal information, that an entity holds;
  2. This is likely to result in serious harm to one or more individuals; and
  3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

Where Union staff believe a data breach may have occurred they must immediately report the breach to the Federal or Branch Privacy Officer who will determine the next steps in line with

Appendix A – Data Breach Procedure.

Government Identifiers

We will not adopt as our own identifier a government related identifier of an individual, such as a tax file number or Medicare card number and will only use or disclose a government related identifier where the use or disclosure:

  • is reasonably necessary for the Union to verify your identity for the purposes of our activities or functions;
  • is reasonably necessary for the Union to fulfil its obligations to an agency or a State or Territory authority;
  • is required or authorised by or under an Australian law; or
  • is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

How you may seek access and/or correction to personal information held by the Union

You have the right to request access to your personal information and request that it be updated or corrected. In most cases you can gain access to your personal information that the Union holds. To request access to, correction of, or updating of any personal information held about you, please write to the Privacy Officer at the following address:

Privacy Officer, Australian Education Union, PO Box 1158, South Melbourne, VIC, 3205

Email: privacyofficer@aeufederal.org.au

General enquiries can be made via telephone by calling the following number: (03) 9693 1800

The Union requires that you provide proof of identity in order to seek access to your personal information. The Union may charge a reasonable fee where access is provided. The Union may refuse to provide access if permitted to do so by law or under the APPs. The Union will seek to provide you with access to your personal information within 30 days of receipt of a valid request and may charge you a reasonable fee for doing so.

You should contact the Union when your personal information details change. It is important that we keep our membership details up to date. Please contact Membership or the Privacy Officer to update any personal information. The Union may also take steps to update your personal information by reference to publicly available sources such as telephone directories or electoral rolls.

Membership can be contacted at the following address:

AEU ACT Branch

Phone: (02) 6272 7900

Email: aeuact@aeuact.org.au

Fax: (02) 6273 1828

Post: PO Box 3042, Manuka 2603

Visit: 40 Brisbane Avenue, Barton ACT 2600

AEU NT Branch

Phone: (08) 8948 5399

Email: admin@aeunt.org.au

Fax: (08) 8948 2577

Post: PO Box 41863, Casuarina NT 0811

Visit: Unit 3, 8 Totem Road, Coconut Grove NT

AEU SA Branch

Phone: (08) 8172 6300

Email: membership@aeusa.asn.au

Fax (08) 8172 6390

Visit: 163 Greenhill Rd, Parkside, SA 5063

AEU Tasmanian Branch

Phone: (03) 6234 9500

Email: support@aeutas.org.au

Fax: (03) 6234 3052

Visit: 1/32 Patrick Street, Hobart, 7000

AEU Victorian Branch

Phone: (03) 9417 2822

Email: melbourne@aeuvic.asn.au

Fax: (03) 9417 6198

Post: PO Box 363, Abbotsford Vic 3067

Visit: 126 Trenerry Crescent, Abbotsford VIC 3067

NSW Teachers Federation Branch

Phone: (02) 9217 2100

Email: mail@nswtf.org.au

Fax: (02) 9217 2470

Post: Locked Bag No: 3010, Darlinghurst, NSW, 1300

Visit: Teachers Federation House, 23-33 Mary Street, Surry Hills, NSW 2010

Queensland Teachers Union

Phone: (07) 3512 9000

Email: qtu@qtu.asn.au

Fax: (07) 3512 9050

Post: PO Box 1750, Milton LPO, QLD, 4064

Visit: 21 Graham Street, Milton, QLD, 4064

State School Teachers Union of WA

Phone: (08) 9210 6000

Email: enquiries@sstuwa.org.au

Fax; (08) 9210 6001

Post: PO Box 212 West Perth WA 6872

Visit: 1 West Street West Perth WA 6005

How you may complain about a breach of the APPs

To make a complaint about an alleged breach of the APPs please write to or email the Privacy Officer at one of the following addresses:

Privacy Officer, Australian Education Union, PO Box 1158, South Melbourne, VIC, 3205

Email: privacyofficer@aeufederal.org.au

All complaints must be written. Please provide all details about your complaint as well as any supporting documentation to the Privacy Officer.

How the Union will deal with complaints

The Union will seek to deal with privacy complaints as follows:

  • complaints will be treated seriously;
  • complaints will be dealt with promptly;
  • complaints will be dealt with confidentially;
  • complaints will be investigated by the Privacy Officer; and
  • the outcome of an investigation will be provided to the complainant where the complainant has provided proof of identity. The Union will seek to respond within 30 days of receipt of a valid complaint.

Variations to the Policy

This Policy may be varied from time to time and an updated version will be posted on the Union's websites. Please check our websites regularly to ensure that you have the most recent version of the Policy.


Appendix A – Data Breach Procedure

The Union’s first step is to contain a suspected or known breach where possible. This means taking immediate steps to limit any further access or distribution of the affected personal information, or the possible compromise of other information.

Where possible, the Union will take steps to reduce any potential harm to individuals. This might involve taking action to recover lost information before it is accessed or changing access controls on compromised customer accounts before unauthorised transactions can occur. If remedial action is successful in making serious harm no longer likely, then notification is not required, and entities can progress to the review stage.

Notifiable/eligible data breach

A notifiable/eligible data breach occurs when the following criteria are satisfied

  • There is unauthorised access to, or unauthorised disclosure of, personal information, or a loss of personal information, that an entity holds.
  • This is likely to result in serious harm to one or more individuals.
  • The entity has not been able to prevent the likely risk of serious harm with remedial action.
  • Where serious harm is likely, the Union will prepare a statement for the Privacy Commissioner that contains:
  • the Union’s identity and contact details
  • a description of the breach
  • the kind(s) of information concerned and
  • recommended steps for individuals.

This can be done using the OAIC’s Notifiable Data Breach form.

The Union will notify affected individuals and inform them of the contents of the statement via one of three options:

  • Option 1: notify all individuals
  • Option 2: notify only those individuals at risk of serious harm.

If neither of these options are practicable:

  • Option 3: publish the statement on the Union website and publicise it.

When a breach requiring notification has occurred, the Union will undertake a review and take action to prevent future breaches. This may include:

  • fully investigating the cause of the breach
  • developing a prevention plan
  • conducting audits to ensure the plan is implemented
  • updating the security/response plan
  • considering changes to policies and procedures
  • revising/providing staff training.

The Union may also consider reporting the incident to other relevant bodies, such as:

  • police or law enforcement
  • various professional bodies
  • the Australian Tax Office
  • the Australian Cyber Security Centre
  • the Union’s financial services provider.

Deciding whether “serious harm is likely”

If the Union only has grounds to suspect that the data breach will result in serious harm, then it must conduct an assessment process. As part of the assessment, the Union will consider whether remedial action is possible.

If an assessment is required, the Union will follow a four-stage process for assessment as follows:

  1. initiate - plan the assessment and assign a team or person
  2. investigate - gather relevant information about the incident to determine what has occurred
  3. evaluate - make an evidence-based decision about whether serious harm is likely
  4. document the evidence and decision.

The Union will conduct this assessment expeditiously and, where possible, within 30 days. If it can’t be done within 30 days, the Union will include in the documentation why this is the case.

Other data breaches

When a breach does not require notification, the Union will undertake a review and take action where reasonable to prevent future breaches. This process may include:

  • fully investigating the cause of the breach
  • developing a prevention plan
  • conducting audits to ensure the plan is implemented
  • updating the security/response plan
  • considering changes to policies and procedures
  • revising/providing staff training.