Versions Compared

Version Old Version 14 New Version 15
Changes made by

Sasanka Gayan

Sasanka Gayan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

APP 6 — Use or disclosure of personal information

Comments

(Yes/No)

6.1

Does APP entity ensure that entity use or disclose personal data for the primary purpose for which it was collected?

6.2

Does entity disclose personal data for any secondary purpose?

If so, does entity check to see if entity hold the individual’s consent for the use and disclosure their personal data for the secondary purpose?

or

If else, does entity considered if the individual would reasonably expect entity to disclose the data for a secondary purpose? and, is that secondary purpose related to the primary purpose?

Chapter 7: APP 7 — Direct marketing

Comments

(Yes/No)

7.2

Option 1

Does APP entity collected personal data from the individual following requirements?

  • Would the individual not reasonably expect APP entity to use or disclose their personal data for marketing purposes?

AND

  • Have APP entity provided the individual with a simple and easy means by which they can opt-out from receiving marketing communications?

AND

  • Have APP entity checked to ensure that the individual has not opted out of receiving marketing communications?

7.3

Option 2

Does APP entity collected personal data from the individual following requirements?

  • Would the individual not reasonably expect APP entity to use or disclose their personal data for marketing purposes?

AND

  • Has the individual consented to the use or disclosure of their personal data for marketing purposes? OR

    • Is it impracticable to obtain the individual’s consent?

AND

  • Have APP entity provided the individual with a simple and easy means by which they can opt-out from receiving marketing communications?

  • Have APP entity ensured that the opt-out is included within each marketing communication to the individual OR

    • Have you included a statement within the marketing communication that makes the individual aware that they can make an opt out request?

  • Have APP entity checked to ensure that the individual has not opted out of receiving marketing communications?

7.3

Option 3

Does APP entity collected personal data from the individual following requirements?

  • Has the individual consented to the use or disclosure of their personal data for marketing purposes? OR

    • Is it impracticable to obtain the individual’s consent?

AND

  • Does APP entity provided the individual with a simple and easy means by which they can opt-out from receiving marketing communications?

  • Does APP entity ensured that the opt-out is included within each marketing communication to the individual? OR

    • Does APP entity included a statement within the marketing communication that makes the individual aware that they can make an opt out request?

  • Does APP entity checked to ensure that the individual has not opted out of receiving marketing communications?

7.4

Does APP entity use an individual’s sensitive data for marketing purposes? If so does APP entity obtained the consent of the individual before using their sensitive data for marketing purposes?

7.6

Does APP entity use or disclose personal data to facilitate direct marketing by third parties?

If so, does APP entity ensure the individual may:

  • Request not to receive any marketing communications from you

AND

  • Requests that APP entity not use or disclose their personal data to third parties

AND

  • Request that APP entity provide the source of that information

7.7

  • When an individual requests not to receive direct marketing communications from ;

    • Does APP entity ensure that APP entity do not apply a fee?

    • Does APP entity comply with the individual’s request within a reasonable period?

  • When an individual requests that APP entity to not use or disclose their personal data to other organisations for marketing purposes;

    • Does APP entity ensure that you do not apply a fee?

    • Does APP entity comply with the individual’s request within a reasonable period?

Where an individual requests that APP entity provide the source from which APP entity obtained their personal information, does APP entity notify them within a reasonable period of time?

APP 8 — Cross-border disclosure of personal information

Comments

(Yes/No)

8.1

Does APP entity discloses personal information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information?

8.2

APP entity does not need to take reasonable steps to ensure the overseas entity does not breach the APPs if you can satisfy either of the following:

  • APP entity reasonably believe the overseas recipient is subject to similar laws as the APPs in order to protect the individuals personal data;

AND

  • There are mechanisms that an individual can use to enforce the protection of the overseas laws.

Does APP entity informed the individual that APP entity will be disclosing their personal data to an overseas party? If so has the individual then consented to the disclosure of their personal data to an overseas party?

APP 9 — Adoption, use or disclosure of government related identifiers

9.2

Does APP entity collect any government related identifiers from individuals?

APP 10 — Quality of personal information

10.1

An APP entity must also take reasonable steps to ensure that the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant

10.2

Does APP entity take reasonable steps to ensure that the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant?

APP 11 — Security of personal information

11.1

Does APP entity take reasonable steps to protect the personal information that holds, from misuse, interference and loss, as well as unauthorised access, modification or disclosure

11.2

Does APP entity take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs?

APP 12 — Access to personal information

12.1

Upon request, Does APP entity able to readily provide an individual with access to their personal data?

12.8

Does APP entity apply a fee for any request by an individual?

Does APP entity declined an individual access to their personal data? if so entity have provided written notice include following?

  • the reasons for the refusal, except to the extent that it would be unreasonable to do so, having regard to the grounds for refusal

  • the complaint mechanisms available to the individual, and

  • any other matters prescribed by regulations made under the Privacy Act

APP 13 — Correction of personal information

13.1

Does APP entity take reasonable steps to correct personal information it holds, to ensure it is accurate, up-to-date, complete, relevant and not misleading, having regard to the purpose for which it is held?

13.2

Does APP entity will upon request by an individual whose personal information has been corrected, take reasonable steps to notify another APP entity of a correction made to personal information that was previously provided to that other entity.

13.3

Does APP entity give a written notice to an individual when a correction request is refused, including the reasons for the refusal and the complaint mechanisms available to the individual?

13.5

Does APP entity respond in a timely manner to an individual’s request to correct personal information or to associate a statement with the personal information?