Divers Alert Network (DAN) is required to comply with the Information Privacy Act 2000 and the Health Records Act 2001.
The purpose of this procedure is to establish a sound privacy foundation and framework in accordance with relevant legislation and to ensure that all personal information collected, held or shared by DAN is done so in accordance with this procedure and related legislative requirements.
Both Acts are based on similar privacy principles. These privacy principles regulate the way in which DAN should collect, use, keep secure and disclose personal information. These privacy principles also regulate an individuals right of access to their personal information and provide for remedies for any interference with the information privacy of an individual.
Under this procedure DAN will:
- Ensure that the collection of personal information, including an individual’s health information, is fair, lawful, justified and not intrusive;
- Provide access to personal information as required by the relevant legislation;
- Use or disclose personal information in accordance with the relevant legislation;
- Take reasonable steps to protect the personal information held from misuse, loss and from unauthorised access, modification or disclosure;
- Have an effective incidents/complaints handling process in place to manage privacy risks and issues; and
- Ensure as a minimum that DAN Institute will comply with the relevant privacy principles.
What is personal information?
This is information about individuals where the individual can be identified. It may include information such as your name, contact details, age, insurance history or financial details.
What is sensitive information?
This is a particular kind of personal information and includes information about an individual’s health; racial or ethnic origins; membership of political, professional or trade associations; political opinions or philosophical or religious beliefs; criminal record; or sexual preferences.
How is Employee information affected?
Employee records are currently exempt from the privacy principle, but we nonetheless afford appropriate levels of confidentiality to this information.
Why do we collect personal and sensitive information?
We may directly or indirectly collect this information to enable us to provide our clients with membership and dive injury insurance, training certifications, or for dive accident data collection purposes.
What we do with the personal and sensitive information we collect
Unless you tell us not to, we may disclose this information to other organisations where we believe it is necessary to assist us and them in providing their services. Recipients will typically be insurers, other insurance intermediaries, health workers, researchers or investigators, in Australia and overseas. These organisations in turn may need to disclose the i nformation to other such third parties, but we limit their use and disclosure to the purpose or purposes for which we supplied it (unless you or we consent).
We also use the information for administrative purposes such as processing applications for insurance and certifications.
We may also use your information to let you know about our range of products and services unless you advise us otherwise.
We may sometimes be required by law, such as under legislation or by court order, to disclose some of your personal information.
If you do not provide the required information, it may not be possible to provide appropriate products or services to you.
We take reasonable steps to ensure that whenever we collect, use or disclose personal information it is accurate, complete, and up-to-date.BACK