Please note – this policy applies to Renovators Discount Depot Online only for Renovators Discount Depot store policy’s please see in store.
Principle 1 – Collection
Personal information shall not be collected for inclusion in a record or in general available notes unless:
- a) The information is collected for a reason that is lawful purpose directly related to a function or activity for which the purpose is meant for; and
- b) The collection of the information is necessary for its activities.
Personal information shall not be collected by unlawful or unfair means.
Principle 2 – Use & Disclosure
Steps are to be taken to ensure that before information is collected the individual concerned is aware of:
- a) The purpose for which the information is being collected;
- b) The reasons the collection of the information is authorised or required;
- c) Persons or agencies to which the personal information is disclosed to.
Principle 3 – Data Quality
Where personal information is collected for inclusion in a record or disclosed steps are to be taken to ensure:
- a) The information is relevant to the purpose and is up to date and complete; and
- b) The information does not intrude to an unreasonable extent upon the personal affairs of the individual concerned.
Principle 4 – Data Security
The authorised persons who have possession or control of a record that contains personal information shall ensure:
- a) The information is protected by such security safeguards to prevent against loss, unathorised access, modification, disclosure and other misuse; and
- b) Everything reasonably is done to prevent unauthorised use or disclosure of information contained in the records.
Principle 5 – Openness
The authorised persons of the company who have possession or control of personal information shall take such steps as are reasonable to enable any person to ascertain:
- a) That records contain personal information; and
- b) If records contain such information : as
- The nature of the information; ii. The main purposes for which that information is used; and iii. What steps the person should take to obtain access to the records.
The authorised persons of the company who have possession of personal information are able to refuse to give the information to the person under the provisions of any applicable law of the Commonwealth.
The authorised persons of the company shall maintain records setting out:
- a) The purpose and nature of the records of personal information is kept;
- b) The sections of individuals about whom records are kept;
- c) The period for which each type of record is kept;
- d) The persons who are entitled and conditions under which they are entitled to have that access to personal information of an individual.
The authorised persons of the company shall:
Make the record maintained under clause 3 available for inspection by members of the public and the Commissioner.
Principle 6 – Access and Correction
Where the authorised persons of the company have possession or control of a record that contains personal information shall give access to the individual to all personal information.
The authorised persons of the company who have possession or control of personal information shall take such steps by way of making appropriate corrections, deletions and additions to ensure the records:
- a) Is accurate; and
- b) Is relevant to the purpose of its use, up to date, complete and not misleading.
The authorised persons of the company shall, if so requested by the individual, attach to the record any statement provided by the individual of the correction, deletion or addition sought.
Principle 7 – Identifiers
The company and its authorised persons will not adopt as its own identifier of an individual that has been assigned by:
- a) An agent or agent of an agency; or
- b) A contracted service provider for a Commonwealth acting as a service contracted person.
Principle 8 – Anonymity
The company and its authorised persons will allow wherever lawful and practicable, individuals to have the option of not identifying themselves when entering transactions with the company.
Principle 9 – Trans Border Data Flows.
The company and its authorised persons may transfer personal information about an individual to someone in a foreign country only if:
- a) The individual consents to the transfer; or
- b) That the recipient of the information has similar privacy principles.
Principle 10 – Sensitive Information
The company or its employees must not collect sensitive information about an individual unless:
- a) The individual has consented; or
- b) The collection is required by law.
Note: sensitive information includes Racial or ethnic origin, political opinions, religious beliefs Health information including the health or disability of an individual.
Any complaints received must be reported to the company’s privacy officer who shall inform the company’s directors of such actions taken.