Privacy

CRANAplus (referred to as ​“we”, ​“our“, ​”us”) is com­mit­ted to respect­ing your right to pri­va­cy and pro­tect­ing and safe­guard­ing per­son­al infor­ma­tion belong­ing to CRANAplus cus­tomers, employ­ees, mem­bers, clients, con­trac­tors, sup­pli­ers, and vol­un­teers (referred to in this doc­u­ment as our ​‘stake­hold­ers’).

This pol­i­cy pro­vides infor­ma­tion on how we col­lect, use, and man­age your per­son­al infor­ma­tion. It should be read in con­junc­tion with the CRANAplus Men­tal Health & Well­be­ing Pri­va­cy Pol­i­cy for stake­hold­ers engag­ing in Bush Sup­port Line services.

This pol­i­cy applies to all CRANAplus ser­vices and oper­a­tions and under­pins all pri­va­cy notices that are pub­lished online and that we pro­vide to you. It is reviewed reg­u­lar­ly to ensure it con­tin­ues to pro­tect the pri­va­cy of CRANAplus stakeholders.

By choos­ing to share your per­son­al data with us and using the ser­vices offered by CRANAplus, you’re acknowl­edg­ing you have under­stood and agreed to the terms of this Pri­va­cy Policy.

CRANAplus is com­mit­ted to pro­tect­ing the pri­va­cy of the per­son­al infor­ma­tion you pro­vide to us.

We are sen­si­tive to pri­va­cy issues and ful­ly com­mit­ted to com­ply­ing with our oblig­a­tions under the Pri­va­cy Act 1988 (Cth) (the ​“Pri­va­cy Act“), the Aus­tralian Pri­va­cy Prin­ci­ples (APPs) and any oth­er applic­a­ble State/​Territory pri­va­cy laws.

The APPs gov­ern the way in which we col­lect, use, dis­close, store, secure and dis­pose of your per­son­al infor­ma­tion. A copy of the APPs may be obtained from the web­site of the Office of the Aus­tralian Infor­ma­tion Com­mis­sion­er at www​.oaic​.gov​.au.

Engag­ing with ser­vices from CRANAplus is an accep­tance of our terms and con­di­tions. Where these apply, they are avail­able on the CRANAplus website.

In this pol­i­cy, ​“per­son­al infor­ma­tion” has the mean­ing giv­en to it in the Pri­va­cy Act. In gen­er­al terms, it is any infor­ma­tion that can be used to iden­ti­fy you per­son­al­ly. This may include your name, address, tele­phone num­ber, email address, occu­pa­tion, gen­der, pay­ment infor­ma­tion etc. If the infor­ma­tion we col­lect iden­ti­fies you per­son­al­ly or you are rea­son­ably iden­ti­fi­able from it, the infor­ma­tion will be con­sid­ered per­son­al information.

We only col­lect and hold per­son­al infor­ma­tion that is rea­son­ably nec­es­sary for the prop­er per­for­mance of our busi­ness func­tions, ser­vices, and activities.

By pro­vid­ing your per­son­al infor­ma­tion to us (by any means) and by using our web­site, you con­sent to CRANAplus col­lect­ing, stor­ing, using, main­tain­ing, and dis­clos­ing your per­son­al infor­ma­tion for the pur­pos­es set out in this Pri­va­cy Policy.

The infor­ma­tion we col­lect about you may vary, depend­ing on the cir­cum­stances of col­lec­tion, your pur­pose for engag­ing with CRANAplus, and our rela­tion­ship with you. Depend­ing on the cir­cum­stances, some types of per­son­al infor­ma­tion will be required, and oth­ers may be option­al for you to choose to pro­vide to us.

In most sit­u­a­tions, the per­son­al infor­ma­tion that we col­lect from you is pro­vid­ed by you directly.

Per­son­al infor­ma­tion that may be col­lect­ed by CRANAplus can include, but is not lim­it­ed to:

• con­tact and iden­ti­ty detail such as: name, address, email, tele­phone num­ber, year of birth, gen­der, birth country.
• edu­ca­tion and qualifications.
• infor­ma­tion such as dietary require­ments, aller­gies, or rel­e­vant med­ical his­to­ry (if you choose to dis­close) if attend­ing a CRANAplus course.
• atten­dance on CRANAplus courses.
• details that are rea­son­ably pro­vid­ed or request­ed as part of an employ­ment or vol­un­teer application.
• per­son­al infor­ma­tion which will enable CRANAplus to process your appli­ca­tion for course enrol­ment, mem­ber­ship, and/​or CRANAplus awards, schol­ar­ships, or grants.
• trans­ac­tion details about any pur­chas­es from us.
• oth­er per­son­al infor­ma­tion as appro­pri­ate to oth­er CRANAplus ser­vices or functions.

We may also col­lect infor­ma­tion about the devices you use to access the CRANAplus web­site, such as IP address and time/​date of access.

We col­lect any pref­er­ences you select (such as sub­scrip­tions and mar­ket­ing), as well as oth­er per­son­al infor­ma­tion you dis­close to us.

There may be times when an indi­vid­ual is reg­is­tered onto a CRANAplus edu­ca­tion course or nom­i­nat­ed for an Award or Schol­ar­ship by an employ­er or oth­er organisation/​individual. In this case, we rely on the provider of that infor­ma­tion to have informed those indi­vid­u­als that you are shar­ing their per­son­al infor­ma­tion for this pur­pose and have obtained their consent).

Sen­si­tive information

If it is rea­son­ably nec­es­sary in the cir­cum­stances, CRANAplus may also col­lect sen­si­tive infor­ma­tion (as defined in the Pri­va­cy Act), where you choose to pro­vide it, such as nation­al­i­ty, eth­nic back­ground, cul­tur­al diver­si­ty, or rel­e­vant health information.

Any sen­si­tive infor­ma­tion col­lect­ed by CRANAplus is received because you have pro­vid­ed it to us direct­ly. For exam­ple, you have filled in an online form and elect­ed to dis­close rel­e­vant aller­gies, dietary require­ments or med­ical con­di­tions that may be rel­e­vant to you attend­ing a course. We do not col­lect sen­si­tive infor­ma­tion with­out you know­ing and direct­ly pro­vid­ing it to us.

Your con­sent to the col­lec­tion of sen­si­tive infor­ma­tion will be assumed when you pro­vide your infor­ma­tion to CRANAplus for use in accor­dance with this Pri­va­cy Policy.

Deal­ing with us anony­mous­ly or via a pseu­do­nym will lim­it how you can par­tic­i­pate in CRANAplus activ­i­ties (for exam­ple, CRANAplus ser­vices and cours­es, mem­ber­ship, or apply­ing for employ­ment or vol­un­teer posi­tions with us). If you choose not to pro­vide cer­tain per­son­al infor­ma­tion to us, we will be pre­vent­ed from pro­vid­ing you with a ser­vice or sat­is­fy­ing your request or enquiry.

Exam­ples where it may be pos­si­ble for you to engage with CRANAplus anony­mous­ly or with a pseu­do­nym can include:

• Call­ing the Bush Sup­port Line
• Attend­ing a Well­be­ing Workshop
• Annu­al Mem­ber­ship Surveys
• Sub­mit­ting online surveys

CRANAplus will only col­lect and record per­son­al infor­ma­tion by fair, law­ful and unob­tru­sive means.

CRANAplus may col­lect infor­ma­tion from a vari­ety of sources. CRANAplus acknowl­edges that you may choose to pro­vide some per­son­al infor­ma­tion on a vol­un­tary basis (for exam­ple, cur­rent employ­ment details, skills/​areas of inter­est, lan­guages spo­ken, etc.) to assist in admin­is­ter­ing and pro­vid­ing qual­i­ty ser­vices and out­comes on your behalf.

Gen­er­al­ly, most per­son­al infor­ma­tion held by CRANAplus is col­lect­ed direct­ly from indi­vid­u­als (or from time to time through their appoint­ed rep­re­sen­ta­tives), for exam­ple, where you:

• become a CRANAplus mem­ber (via the CRANAplus web­site or over the phone).
• cre­ate a CRANAplus online pro­file account (via CRANAplus web­site or mobile site).
• sub­mit an online enquiry form via our web­site or mobile site.
• con­tact CRANAplus via email, tele­phone or mail.
• apply for employ­ment or as a volunteer.
• pro­vide details to CRANAplus in an appli­ca­tion form, sur­vey, or feed­back form.
• pur­chase, enrol in, or par­tic­i­pate in any CRANAplus course, ser­vice or activity.

Like most oth­er web­sites, we may auto­mat­i­cal­ly record details about any com­put­er or device used to access our web­site such as the date and time of access, the IP address, domain name, and details of the infor­ma­tion accessed.

Infor­ma­tion may also be col­lect­ed from third par­ties, such as statu­to­ry bodies/​government agen­cies or pub­lic sources of infor­ma­tion (such as Pro­fes­sion­al Reg­is­tra­tion status).

If we hold per­son­al infor­ma­tion about you that has been col­lect­ed from dif­fer­ent sources, we may com­bine this per­son­al infor­ma­tion into a sin­gle record.

You may pur­chase prod­ucts and ser­vices via CRANAplus through our web­site or over the phone.
When mak­ing pay­ments over the phone relat­ing to your CRANAplus account, you will be asked to con­firm your iden­ti­ty, to the sat­is­fac­tion of CRANAplus.

We utilise a third-par­ty provider that com­plies with the Pay­ment Card Indus­try (PCI) require­ments to safe­guard the secu­ri­ty of any cred­it card details pro­vid­ed and pay­ments processed. The pay­ment infor­ma­tion that is entered on the web­site is sent secure­ly to our proces­sor and processed direct­ly by our processor.

CRANAplus does not col­lect or store details of your pay­ment infor­ma­tion (but will col­lect and store infor­ma­tion about the trans­ac­tion). Your pay­ment infor­ma­tion will be col­lect­ed and used for the pur­pos­es of pro­cess­ing your trans­ac­tion, refunds and inves­ti­ga­tion of incor­rect pay­ment or fraud­u­lent activities.

At the time of col­lect­ing per­son­al infor­ma­tion pro­vide you with notice of this Pri­va­cy Pol­i­cy and any rel­e­vant Terms and Con­di­tions. Infor­ma­tion rel­e­vant to how to con­tact us is avail­able at crana​.org​.au.

Where you con­tact us via phone to pro­vide infor­ma­tion for the pur­pose of pur­chas­ing a mem­ber­ship, enrolling in a course, etc., the infor­ma­tion col­lect­ed is the same as what you would be pro­vid­ing via the web­site. Infor­ma­tion pro­vid­ed to us over the phone is treat­ed as con­fi­den­tial, secure, and adheres to this Pri­va­cy Policy.

Use
Unless oth­er­wise dis­closed dur­ing the col­lec­tion process, per­son­al infor­ma­tion that we col­lect from you is used only for the pur­pos­es con­sis­tent with the rea­sons it was pro­vid­ed, for a rea­son­ably relat­ed pur­pose, or where oth­er­wise per­mit­ted by law.

Exam­ples of how we may use your per­son­al infor­ma­tion include:

• admin­is­ter, man­age, and improve our prod­ucts and ser­vices to you.
• per­form iden­ti­ty-relat­ed checks.
• to have you enrol, reg­is­ter and par­tic­i­pate in CRANAplus ser­vices (e.g. edu­ca­tion courses).
• process your pay­ments or refunds.
• pro­vide effec­tive ser­vices to consumers.
• main­tain mem­ber­ship lists and activities.
• man­age con­tact and sup­pli­er lists.
• per­form audits to ensure valid­i­ty and accu­ra­cy of infor­ma­tion and processes.
• man­age inci­dent and Duty of Care reporting.
• coor­di­nate and man­age volunteers.
• use pho­tographs in CRANAplus pub­li­ca­tions (with consent).
• pro­vide infor­ma­tion to the Aus­tralian Tax­a­tion Office in accor­dance with our oblig­a­tions to advise of salary and tax­a­tion payments.
• under­take ref­er­ences from pre­vi­ous employ­ers, edu­ca­tion­al organ­i­sa­tions or oth­er agen­cies or per­sons as part of a pre-employ­ment check.
• assist con­trac­tors, ser­vice providers and oth­er organ­i­sa­tions work­ing with or for CRANAplus to man­age and/​or deliv­er ser­vices (e.g. cred­it card pay­ment providers, IT consulting).
• keep you informed of news and infor­ma­tion relat­ing to CRANAplus activ­i­ties and oppor­tu­ni­ties via var­i­ous mediums.
• com­pile and pro­vide sta­tis­ti­cal and demo­graph­ic infor­ma­tion for report­ing purposes.

Uniden­ti­fied per­son­al infor­ma­tion in aggre­gate or sum­ma­ry form may be utilised for the fol­low­ing purposes:

• analyse data, eval­u­ate, and report.
• pre­vent and detect secu­ri­ty threats, fraud, and oth­er mali­cious activity.
• com­ply with our legal oblig­a­tions, resolve dis­putes, and enforce our agreements.
• use infor­ma­tion gath­ered to review and /​or improve the over­all qual­i­ty of our services.
• help us man­age and enhance our ser­vice standards.
• use non-iden­ti­fi­able sum­ma­ry infor­ma­tion to iden­ti­fy and advo­cate for the rur­al and remote health work­force and for report­ing purposes.

CRANAplus only uses and dis­clos­es per­son­al infor­ma­tion about you for the purpose/​s it was intend­ed for (or rea­son­ably expect­ed sec­ondary pur­pos­es), where we have your con­sent to do so, or as oth­er­wise required or per­mit­ted by law.

We do not sell or trade your per­son­al infor­ma­tion with third par­ties for mar­ket­ing purposes.

We may, how­ev­er, dis­close your per­son­al infor­ma­tion to:

• our trust­ed ser­vice providers or per­sons who per­form func­tions on our behalf (for exam­ple, but not lim­it­ed to mail­ing ser­vices, pay­ment pro­cess­ing provider, IT ser­vices, data analy­sis, con­trac­tors deliv­er­ing ser­vices, event ser­vice providers).
• law enforce­ment agen­cies or oth­er gov­ern­ment and reg­u­la­to­ry bod­ies as required or autho­rised by law.
• any­one else to whom you autho­rise us to dis­close it.

Our trust­ed providers are required to demon­strate they com­mit to and uphold the Aus­tralian Pri­va­cy Prin­ci­ples, inclu­sive of a Pri­va­cy Agreement.

We may also use de-iden­ti­fied and/​or aggre­gat­ed sum­ma­ry per­son­al infor­ma­tion to pre­pare sub­mis­sions to Gov­ern­ment or oth­er reg­u­la­to­ry or fund­ing bod­ies, or to plan events and activities.

We want to com­mu­ni­cate with you only if you want to hear from us. If you pre­fer not to receive email newslet­ters from us, you can update your pref­er­ences on your CRANAplus online dash­board or click on the unsub­scribe link at the bot­tom of any of our com­mu­ni­ca­tions. To unsub­scribe from print edi­tions of CRANAplus Mag­a­zine, please sub­mit a client enquiry.

The stor­ing of online per­son­al infor­ma­tion held by our trust­ed third-par­ty providers are pri­mar­i­ly held in Aus­tralian data centres.

Where a third-par­ty provider stores per­son­al infor­ma­tion in an over­seas data cen­tre, any per­son­al infor­ma­tion held over­seas is lim­it­ed (for exam­ple, your name and email address).

Under Aus­tralian pri­va­cy laws, we must take rea­son­able steps in the cir­cum­stances before per­son­al infor­ma­tion is dis­closed to an over­seas recip­i­ent to ensure that the over­seas recip­i­ent does not breach Aus­tralian pri­va­cy laws in rela­tion to your information.

CRANAplus takes the pro­tec­tion and secu­ri­ty of per­son­al infor­ma­tion seri­ous­ly. All rea­son­able steps are tak­en to pro­tect per­son­al infor­ma­tion against mis­use, inter­fer­ence, loss, unau­tho­rised access, mod­i­fi­ca­tion, and dis­clo­sure. This includes suit­able phys­i­cal, elec­tron­ic, and man­age­r­i­al pro­ce­dures to safe­guard and secure the infor­ma­tion we col­lect from you.

Elec­tron­ic data is retained and safe­guard­ed by our IT secu­ri­ty sys­tems, and any phys­i­cal records are retained and dis­posed of secure­ly as required (e.g. via the use of secured doc­u­ment destruc­tion services).

The pro­tec­tive steps we take include:

• Con­fi­den­tial­i­ty require­ments are placed on our employ­ees and con­trac­tors, ser­vice part­ners, etc., via con­tracts and policies.
• Lim­it­ing access to your infor­ma­tion only to employ­ees who require it, based on their roles and responsibilities.
• Edu­cat­ing our employ­ees and con­trac­tors in rela­tion to oblig­a­tions under the rel­e­vant leg­is­la­tion and eth­i­cal codes of con­ducts for health practitioners.
• Per­son­al infor­ma­tion is con­tained in either our Cus­tomer Rela­tion­ship Man­age­ment Sys­tem (CRM), and/​or elec­tron­ic file on our secure net­work with appro­pri­ate access permissions.
• Any phys­i­cal records con­tain­ing per­son­al infor­ma­tion are held in secured premis­es, with access to those records only per­mit­ted by those autho­rised to do so.
• The web­site con­tains secure areas, indi­cat­ed by a pad­lock sym­bol in the brows­er. CRANAplus uses SSL (Secure Sock­ets Lay­er) for trans­mit­ting pri­vate infor­ma­tion by encrypt­ing the data trans­ferred over the Inter­net. This pro­to­col is a stan­dard used by many web­sites when you sub­mit con­fi­den­tial infor­ma­tion, such as cred­it card num­bers and oth­er per­son­al data. We will nev­er store your cred­it card details on our servers.

CRANAplus takes rea­son­able steps to ensure per­son­al infor­ma­tion held by us is retained, secured, and where applic­a­ble, destroyed in accor­dance with leg­isla­tive requirements.

We will retain your infor­ma­tion only for as long as is rea­son­ably nec­es­sary for the pur­pos­es set out in this pol­i­cy and/​or to ful­fil our legal oblig­a­tions. How­ev­er, we may retain some of your infor­ma­tion after you cease to use our ser­vices to meet our legal oblig­a­tions, such as retain­ing the infor­ma­tion for tax and account­ing purposes.

When deter­min­ing the rel­e­vant reten­tion peri­ods, we will con­sid­er var­i­ous fac­tors includ­ing, but not lim­it­ed to:

• our con­trac­tu­al oblig­a­tions and rights in rela­tion to the infor­ma­tion involved.
• legal obligation(s) under applic­a­ble law to retain data for a cer­tain period.
• statute of lim­i­ta­tions under applic­a­ble law(s).
• (poten­tial) disputes.
• guide­lines issued by rel­e­vant data pro­tec­tion authorities.
• employ­ee record exemp­tions are man­aged in line with Fair Work Act (2009) legislation.

When your per­son­al infor­ma­tion is no longer need­ed for the pur­pose for which it was obtained, we will take rea­son­able steps to destroy or per­ma­nent­ly de-iden­ti­fy the records.

Your trust is very impor­tant to us and CRANAplus takes rea­son­able steps to ensure the per­son­al infor­ma­tion we col­lect, use and dis­close is accu­rate in all respects.

Under the Pri­va­cy Act, you have a right to seek access to the infor­ma­tion we hold about you.

Some of the per­son­al infor­ma­tion we hold about you is infor­ma­tion pro­vid­ed direct­ly by you and is acces­si­ble by log­ging into your online CRANAplus pro­file through the CRANAplus Web­site and Dash­board. Sit­u­a­tions include if you have enrolled in a CRANAplus edu­ca­tion course, hold a CRANAplus mem­ber­ship, or have cre­at­ed an online pro­file with CRANAplus.

In cir­cum­stances where you do not have direct access to view or adjust the infor­ma­tion we hold about you, you have the right to ask us to cor­rect infor­ma­tion about you that is inac­cu­rate, incom­plete or out of date or request for your per­son­al infor­ma­tion to be deleted:

• You can put your request in writ­ing or email and send it to us using the con­tact details below. We will com­ply with any such request except where the Pri­va­cy Act allows us to refuse to do so (such as a legal or legit­i­mate rea­son to not release the information).
• We will respond to your request for access with­in a rea­son­able time, and usu­al­ly with­in 10 busi­ness days, and may request addi­tion­al infor­ma­tion to clar­i­fy such requests.
• To pro­tect your per­son­al infor­ma­tion, we may require iden­ti­fi­ca­tion ver­i­fi­ca­tion before tak­ing the request­ed action.
• If you have engaged with us via the use of a pseu­do­nym or anony­mous­ly, CRANAplus will not be able to ver­i­fy your iden­ti­fy and there­fore not be able to respond to requests.
• In cir­cum­stances where the record can­not be altered or removed, we will pro­vide a rea­son for this in writ­ing to you and place a note on file of your objection.

CRANAplus wel­comes feed­back con­cern­ing our Pri­va­cy Pol­i­cy and pri­va­cy prac­tices. We are com­mit­ted to pro­vid­ing a fair and respon­sive sys­tem for han­dling and resolv­ing complaints.

If you have any ques­tions or con­cerns about this Pri­va­cy Pol­i­cy, or how your per­son­al infor­ma­tion has been han­dled by CRANAplus, you can con­tact our Pri­va­cy Offi­cer using the con­tact details set out below.

Tele­phone: (07) 4047 6400
Email: privacy@​crana.​org.​au
Mail: Office of the CEO, CRANAplus, PO Box 7410, Cairns QLD 4870

In line with our Feed­back, Com­plaints or Com­pli­ments Pol­i­cy, CRANAplus will make ini­tial con­tact with you with­in 10 days of receipt and respond to your enquiry with­in a rea­son­able peri­od, but no lat­er than 30 days. Dur­ing this time, we may dis­cuss the sub­ject of your enquiry, com­plaint, or con­cern with you.

If you are not sat­is­fied with the way in which we han­dle your enquiry or com­plaint, you can con­tact the Office of the Aus­tralian Infor­ma­tion Com­mis­sion­er (OAIC). You can con­tact OAIC by:

• Vis­it­ing www​.oaic​.gov​.au;
• for­ward­ing an email to enquiries@​oaic.​gov.​au
• tele­phon­ing 1300 363 992; or
• writ­ing to OAIC at GPO Box 5218, Syd­ney NSW 2001

This is our cur­rent Pri­va­cy Pol­i­cy out­lin­ing the man­age­ment of your per­son­al infor­ma­tion. To improve our ser­vice to you and ensure the high­est lev­el of com­pli­ance with the Aus­tralian Pri­va­cy Prin­ci­ples, we may revise this pol­i­cy from time to time.

To ensure that you are view­ing cur­rent infor­ma­tion, please check that you are aware of the con­tent of the cur­rent pol­i­cy when vis­it­ing our web­site or engag­ing in ser­vices from CRANAplus.