Darling Downs Sport Aircraft Association Inc
Operating as “Lone Eagle Flying School”
ABN 47 865 769 573
DDSAA Policy Privacy
The privacy of Members is of utmost importance to Darling Downs Sport Aircraft Association (DDSAA).
DDSAA understands that members may have concerns about their privacy and the confidentiality and security of information that DDSAA may collect from time to time.
DDSAA, while not required to, chooses to apply the principles of the Privacy Act 1988 (the Privacy Act). The Privacy Act was amended by the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Privacy Amendment Act). The Privacy Amendment Act introduced many significant changes to the Privacy Act which commenced on 12 March 2014. One of the changes included consolidating the Information Privacy Principles (IPPs) and National Privacy Principles (NPPs) into one unified set of Australian Privacy Principles (APPs) applicable to both Australian government agencies and organisations.
DDSAA is committed to respecting your right to privacy and protecting your personal information in accordance with the Privacy Act and our policies and procedures.
This Policy will be reviewed and updated periodically to take into account any new laws or technology, and/or changes to DDSAAs’ functions, operations and practices.
CFI The person occupying the position of Chief Flying Instructor.
Committee DDSAAs’ governing body, elected from the membership.
DDSAA Darling Downs Sport Aircraft Association Ltd Operating as “Lone Eagle Flying School”
3. Scope and Application
4. Policy Statement
4.1. Types of personal information we collect and hold
In this policy, personal information has the same meaning as defined in Section 6 of the Privacy Act:
a. personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable:
i. whether the information or opinion is true or not; and
ii. whether the information or opinion is recorded in a material form or not.
The types of personal information we collect and hold will vary depending on your Membership, your dealings with DDSAA and, services and benefits we (or our agents, contractors and third parties) provide to you, or a request or inquiry you make in relation to the services.
Some examples of personal information include names, addresses, gender, contact telephone numbers, email addresses, date of birth or licence numbers. It may also include indirectly identifying information, such as the description of an event, where the identities of any persons involved in the event are apparent even though no names are used. Whether or not the description of the event contains personal information may depend on the context and who is reading the information.
4.1.1. Solicited personal information
DDSAA only collects personal information that is reasonably necessary for, or directly related to the functions or activities. The types of personal information that we generally collect and hold will include:
• Personal contact details
• Personnel/employee records including educational or professional qualifications
• Freedom of Information applications
• Details of persons who attended DDSAA training courses
• Mailing and subscription lists
• Financial payment records
• Records for legal proceedings
• Complaint and feedback information
• Records of notifications of accidents and incidents
• Next of kin contact details, and
• Age, health status and medical records supply by the member.
4.1.2. Sensitive information
Personal information that is ‘sensitive information’ is defined by section 6 of the Privacy Act to include information or opinion about:
• health or genetic information, and
• biometric information.
Sensitive information is afforded a higher level of protection under the Privacy Act, including limited circumstances in which it can be collected. DDSAA does not normally have a need to collect the majority of the sensitive information referred to in the definition. For the purpose of fulfilling its statutory functions, DDSAA may collect and hold sensitive personal information, including:
• medical reports
• physical and psychological profiles of persons involved in an occurrence, and
• criminal records.
4.1.3. Other information
We may also collect information from you that is not personal information because it does not identify you personally. This information is normally retained with your personal information and may include:
• information we require to deliver service.
• your marketing preferences, including the type of marketing materials you wish to receive and the method of delivery (email, SMS, direct mail, or other).
• if you are a member of DDSAA, your membership number and, transaction history.
• device identification information when you use a computer, mobile phone, smart phone, tablet.
4.2. Why DDSAA collects and holds personal information
4.2.1. Aircraft and Membership
Personal information is collected by DDSAA for the primary purpose of Membership requirements, services and benefits to Members relating to their Aircraft and Membership needs.
We also collect personal information to assist in identifying ways in which we can serve you better and to assist our internal administration and operations including accounting, risk management, record keeping, archiving, systems development and testing, and staff training.
Some of the information we collect is for the purpose of improving our interaction with Members and their involvement with DDSAA.
Failure to provide the information sought by DDSAA for the purposes detailed may not enable the company to complete the membership process or any specific service requested.
4.2.2. If we are unable to collect your personal information
If we are unable to collect your personal information, some or all of the following may occur:
• we may be unable to provide products or services to you, to the requested standard or at all
• we may be unable to communicate with you to provide information about products and services that you have purchased from us, or may intend to purchase in the future
• your experience when interacting with us may be delayed or not as efficient as you may expect.
4.3. How we collect your personal information
Normally we collect information from you directly, unless it is unreasonable or impracticable to do so. Collection of your personal information can occur through the following interactions:
• when you register with us by creating an account, or subscribe to our marketing programs
• when you access and use our website, or interact with us via social media or digital media
• when you provide information to our team members
• when you communicate with us directly (by email, telephone, direct mail or any other means)
We use strict security measures to safeguard and protect your information. This includes taking reasonable steps to ensure your personal information is protected from misuse, loss, unauthorised access, modification or disclosure.
5.1. How we hold your personal information
We may hold your personal information in either electronic or hard copy form.
If you provide information to us electronically we retain this information in our computer systems and databases. This includes computer software programs, internet servers, and hosted internet solutions provided by third parties.
If you provide information to us in hard copy (paper) this information is normally retained in our files and a copy is made to our electronic files.
5.2. Storage and protection of personal information
DDSAA stores all personal information securely and restricts access to a limited number of staff that need access in order to perform their duties or assist individuals. Most personal information held by DDSAA is stored electronically such as on databases, shared drives or in emails, or on hard copy files.
DDSAA takes all reasonable steps to ensure that personal information is protected from misuse, loss and interference.
When information is no longer required it is securely destroyed in accordance with the Archives Act 1983 and relevant disposal authorities.
5.3. Use and disclosure of personal information
DDSAA will only use and/or disclose personal information for the purposes for which it was collected (the primary purpose), unless an individual has consented to another use.
There are certain limited circumstances in which DDSAA may use or disclose information for a different purpose (a secondary purpose) without consent, such as where the secondary purpose is:
• directly related to the primary purpose for which the information was collected
• required or authorised under an Australian law or has been ordered by a court or tribunal
• necessary to lessen or prevent an immediate and serious threat to the life, safety of air navigation, health or safety of any individual, or public health or safety
• to facilitate the investigation of an occurrence involving an DDSAA registered aircraft and the death or serious injury of one or more persons
• a permitted general situation or health situation, as defined by the Privacy Act
• an enforcement related activity and the use or disclosure of the information is reasonably necessary or
• for the purposes of collecting fees associated with airport use and access.
If DDSAA uses or discloses personal information for a purpose other than what it was originally collected for, DDSAA will keep a written notice of that use or disclosure as required by the APPs.
5.4. Overseas disclosure
DDSAA does not routinely disclose personal information to overseas recipients. However, there may be occasions related to DDSAA’ safety investigation function where this is necessary. In some circumstances there may be parties overseas who are connected with the occurrence of the accident in which case there may need to be a cross border flow of information. In these cases DDSAA complies with APP 8, including seeking to provide assurances that the information will be protected in accordance with the APPs.
5.5. Access to personal information
Under APP 12, individuals may make a request to access personal information held by DDSAA. DDSAA will process the request and provide access to the information within 30 days after the request is made. If DDSAA decides not to grant access to the information, a written statement of reasons will be provided.
This mechanism operates alongside the Freedom of Information Act 1982 (the FOI Act) under which an individual may request access to personal information held by DDSAA.
To assist DDSAA in locating any information held more quickly, an individual is encouraged to provide as much information as possible, such as, dealings they have had with DDSAA.
6. Dealing with DDSAA anonymously
The identity of an individual is typically relevant and necessary in order to achieve DDSAA’ purpose for collecting, using, holding or disclosing personal information. It is therefore unlikely to be practicable for DDSAA to deal with individuals who have not identified themselves or who have used a pseudonym. If an individual is concerned about not being able to deal with DDSAA anonymously, they may contact the CFI and discuss the circumstances.
7. Direct marketing
We collect personal information so that we can provide our members with useful and relevant information about our service and products.
Generally, DDSAA collects this information directly from you. In some circumstances, however, we may collect personal information from third parties, including from our service providers and social media platforms such as Facebook. We use the information we, or our service providers, collect to assist us to determine how we can best engage with our members about our service and products. To this end, we, or our service providers, may collect information about your social media preferences and activities so that we can engage with our members on social media sites.
At times, we use tools that enable us to identify the online sources of the telephone enquiries that we receive. The information we collect through these tools includes the time and date of the call, the telephone number of the caller (unless withheld), and the IP address of the device the caller used to arrive at your website. The collection of this information helps us to determine the effectiveness of our marketing campaigns by identifying whether the calls we receive were generated by Google AdWords click throughs, or by Facebook ad click throughs (for example).
If we do not collect information in the ways described above, we may not be able to let you know about our products and services in the most effective way.
We may use and disclose the information we collect for the purpose of providing you with tailored marketing communications about our goods and services, or to conduct market research. Typically, we send these communications to your email address or mailing address. Occasionally, we may also send marketing communications to your social media accounts, including, for example, your Facebook account as well as a text message to your mobile phone
7.1. Website cookies and digital services
Information is also generated and collected whenever a page is accessed on our website that records information such as the time, date and specific page. We collect such information for statistical and maintenance purposes that enables us to continually evaluate our website performance. Some parts of our websites also use "cookies". A "cookie" is a small text file that is placed on your computer's hard drive by a web page server. Cookies store information about the use of our website and are used to identify new or previous visitors to the website and what pages have been accessed. Most web browsers are set to accept cookies, but this function can usually be disabled if you wish. Please note that if you do disable this, not all functionality on our websites will be available to you.
We also use Google Analytics features on our website, which uses both first party and third party cookies to record standard internet traffic information. We, and some third parties (including Google), also use the information to optimise ad selection for groups of individuals based on age, gender, interests and past visits to our site. The cookies allow us and other third parties (including Google) to evaluate your interactions with ad services on our site and serve targeted advertising on sites across the Internet. We have enabled Google Analytics for Display Advertising, which allows Google and other third parties to advertise to you on our site and across the Internet.
We also use (along with third parties including Google) first party cookies (such as Google Analytic cookies) to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our website. In addition, we use data from Google's Interest-based advertising or third party audience data (such as age, gender, and interests) with Google Analytics to help us understand how user activity varies based on these factors.
Importantly, we do not combine the anonymous information collected through Google Analytics with personally identifiable information.
In addition to Google Analytics, we use a range of web analytics tools to help us understand consumer behaviour and use of our website. In particular, these tools enable us to deliver cookies, count visits and understand usage and campaign effectiveness. This data helps us to stay connected and relevant to our Members and customers.
8. Making a privacy complaint to the DDSAA
An individual may complain about the way DDSAA has handled their personal information. Complaints should be in writing and sent to the CFI using the contact details provided firstname.lastname@example.org
The complaint should provide sufficient detail so the issues and concerns can be investigated. Notification of an outcome will be provided as soon as possible and individuals will be kept up-to- date as to the progress of their complaint.
DDSAA applies the principles of the Privacy Act 1988 (the Privacy Act).
10. Code of Professional Conduct
11. Breaches of this Policy
Breaches of the policy and procedures may result in disciplinary action being taken, up to and including dismissal.
Policy Approval: DDSAA Committee
Implementation: DDSAA Committee
Review: DDSAA Committee
Improvement: DDSAA Committee
13. Review Schedule
This policy will be reviewed every two years.
14. Lapse Date
This policy does not have a lapse date.