Privacy Statement

Road Safety Education Limited ABN: 17 110 667 706 (RSE)
Last updated: February 2024

© Copyright 2020 – 2024. Road Safety Education Limited. All Rights Reserved.

 

Privacy Statement

Road Safety Education Limited (Australia) and its subsidiary Road Safety Education Limited (New Zealand) (‘RSE’ or ‘our organisation’ or ‘we’ or ‘our’.)

Overview and Purpose

This Privacy Statement outlines how RSE collects, stores, uses and discloses personal information pursuant to the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs) and the New Zealand Privacy Act 2020 – ‘the legislation’.

RSE’s Privacy Statement may change from time to time to reflect the changing RSE environment, arising for example, from new laws, technology and changes to RSE’s operations and practices. Where there has been a material change to this Privacy Statement, we will notify you by email or by putting a notice on our website.

Questions about our privacy practices should be addressed to [email protected].

What is personal information?

In this Privacy Statement, the term ‘personal information’ has the meaning given to it in the legislation and means information we collect that identifies a specific individual or could be used to identify that individual, such as a home address.

Why do we collect personal information?

We need to collect personal information to enable us to provide our services and products – essentially in connection with the provision of our education programs.

What  type of personal information do we collect and how do we collect it?

(a) The types of personal information RSE collects and holds include (but are not limited to) contact details, dates of birth, gender, government identifiers such as driver’s license, and passport (and occasionally may include health and other sensitive information) from:

i. employees and candidates for employment;
ii. volunteers including persons acting pro bono (including prospects);
iii. contractors (facilitators) and candidates for contracting;
iv. schools – teachers, students and parents and/or guardians (‘parents’) – participating in a RSE education program and prospects;
v. funders/sponsors’ staff and prospects;
vi. suppliers and prospective suppliers, and
vii. others who may come into contact with RSE.

(b) The personal information may be collected from the above in several ways including:

  • personally, by video call, by over the phone;
  • from electronic and paper documentation such as, emails, RSE’s website, when prospectively or actually contracting with RSE (such as through booking forms), via social media and mail received;
  • newsletters, bulletins or other services;
  • taking part in a competition, prize draw or survey;
  • through online tools, such as apps and other software used by our organisation:
  • through third parties, such as referees, professionals or authorities working with our organisation; and,
  • through publicly available resources.
  • Exception in relation to employee records

(c) The legislation does not apply to an employee record.

As a result, this privacy policy does not apply to RSE’s treatment of an employee record where the treatment is directly related to a prospective, current or former employment relationship with RSE.

How will RSE use personal information?

RSE will use personal information it collects for the primary purpose of collection, which is discussed further in detail in points (a) to (f) below:

(a) Employees and candidates for employment

In relation to personal information of job applicants and staff members, RSE’s primary purpose of collection is to assess and (if successful) to engage the applicant or staff member. The purposes for which we use personal information of job applicants and staff members include administering the individual’s employment and satisfying RSE’s legal obligations, for example, in relation to child protection legislation.

(b) Volunteers including persons acting pro bono (including prospects)

RSE also obtains personal information about volunteers which includes others acting pro bono (such as directors, members of the Advisory Council and patrons) who assist RSE in its functions or conduct associated activities, such as volunteer engagement in the provision of RSE’s education programs to enable RSE and the volunteers to work together and meet their respective (including health and safety) obligations.

(c) Contractors (facilitators) and candidates for contracting

In relation to personal information of applicants for the role of facilitator and other contractor roles, RSE’s primary purpose of collection is to assess and (if successful) to engage the applicant or contractor. The purposes for which we use personal information of applicants is to help us determine the applicants suitability while for contractors (successful applicant) include administering the individual’s contract and satisfying RSE’s legal obligations, for example, in relation to child protection legislation.

(d) Schools – teachers, students and parents and/or guardians (‘parents’) – participating in a RSE education program and prospects

In relation to personal information of teachers, students and parents, RSE’s primary purpose of collection is principally for the provision of our education programs to students and also to parents and corporates. This includes meeting the needs of each school, their teachers, their students and parents and the needs of RSE during the period RSE is engaged with each school in the provision of RSE’s education programs. The purposes for which RSE uses personal information of teachers, students and parents include:

  • identifying schools for prospective engagement in RSE’s education programs;
  • the day to day administration of RSE including the contracting, planning, organising and managing in connection with the development, maintenance and provision of RSE’s education programs;
  • to keep schools variously informed about RSE’s education programs as well as matters that relate to the provision of those programs to their school;
  • looking after students’ educational and social wellbeing while attending an RSE educational program (workshop);
  • to maintain and nurture the association between the school, students, parents and RSE, including promoting the program;
  • to satisfy RSE’s legal obligations as a participating PCBU (person conducting a business undertaking) with other participating PCBUs such as schools and venues.

RSE may also collect personal information to enable it to provide education programs to parents and staff of corporates.

(e) Funders/sponsors’ staff and prospects

We may obtain personal information in relation to the staff of prospective or actual funders and sponsors. We obtain this information for the purpose of organisation sustainability and growth to enable the provision of RSE’s education programs.

(f) Suppliers and prospective suppliers.

We may obtain personal information in relation to the staff of suppliers and prospective suppliers for the ordinary purposes of day-to-day RSE administration.

In addition to the primary purpose, we may use your information for a secondary purpose which will be a reason other than the primary purpose and may be related to the primary purpose. The sharing of your information for secondary purposes must comply with the Legislation or have your explicit consent. Under the Legislation, disclosure for a Secondary Purpose is generally not allowed unless an exception applies. Exceptions may include:

  • where you would reasonably expect RSE to use or disclose your personal information for a secondary purpose and for the provision of its services and products;
  • where you have given your consent for your personal information to be used for a secondary purpose;
  • where the secondary use or disclosure is required or authorised by law or court or tribunal order; and
  • where a permitted general situation or health situation exists in relation to the secondary use or disclosures.

Who might RSE disclose personal information to?

RSE may disclose personal information, including sensitive information, held about an individual to:

  • schools;
  • government departments;
  • third parties providing services to RSE;
  • recipients of RSE publications, such as newsletters, bulletins and annual reports;
  • anyone you authorise RSE to disclose information to; and
  • anyone to whom RSE is required to disclose the information by law.

Transfer of personal information overseas

We may store personal information within services provided by offshore cloud service providers.

Some of the recipients of your personal information referenced above may be based in countries or regions outside of Australia and New Zealand.

In addition, RSE operates in both Australia and New Zealand. The Australian organisation may disclose personal information about an individual to the New Zealand organisation and vice versa in the ordinary course of RSE’s business.

We will ensure that any such transfer of personal information will only be undertaken in compliance with the Legislation.

How does RSE treat sensitive information?

In referring to ‘sensitive information’, RSE means:  information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, philosophical beliefs, sexual orientation or practices or criminal record, that is also personal information; health information and biometric information about an individual. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where the use or disclosure of the sensitive information is required or allowed by law.

Management and security of personal information

We want you to have continuing trust in RSE and its services, so we have established reasonable physical, electronic, and managerial procedures to safeguard and secure your personal information. We have implemented strict confidentiality practices for directors, employees, contractors, and service providers and invested in security software to protect against the possibility of cyber attacks or other external threats.

RSE’s staff, volunteers and contractors (facilitators) are required to respect the confidentiality of students’ and parents’ personal information and the privacy of individuals.

How to access personal information or ask for a correction

Access

We take reasonable steps to ensure that the personal information we collect and hold is accurate, complete, and up to date. However, we rely on you to advise us of any changes to your personal information to help us maintain accurate, complete, and up-to-date information.

You can access your personal information by contacting us in writing. We will ensure that the personal information provided goes to the correct person and that personal information is not accessed incorrectly or fraudulently.

Correction

You are entitled to request a correction of your personal information if you consider it inaccurate, outdated, incomplete, irrelevant, or misleading. After receiving your request, we will take reasonable steps to correct your personal information, and we can notify any past recipient of your personal information of the correction.

How long do we retain your personal information?

Retention periods

We will only keep your personal information for as long as necessary and as required by law. The retention periods we apply to personal information consider:

  • legal and regulatory requirements and guidance;
  • limitation periods that apply in respect of taking legal action;
  • our ability to defend ourselves against legal claims and complaints;
  • good practice; and
  • the operational requirements of RSE.

Personal information obtained by mistake or indirect collection

Personal information collected by mistake or indirectly and not required by RSE to carry out its services will be handled according to applicable data protection laws.

Lodging a complaint and complaint handling

Complaints to RSE

If you wish to make a complaint about a breach of this Privacy Statement or the Legislation, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint as well as any supporting evidence and information.

Your complaint will be referred to our Privacy Officer. The Privacy Officer will investigate the issue and determine our steps to resolve your complaint. You can contact the Privacy Officer using the details set out below. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation.

Complaints to the OAIC

If you are not satisfied with our response or we fail to respond to your complaint within 30 days of receipt of your complaint, you can lodge a privacy complaint with the Office of the Australian Information Commissioner (OAIC) or the New Zealand Privacy Commissioner. The contact details are set out below:

(OAIC)

Post:         GPO Box 5288, Sydney NSW 2001
Ph:             1300 363 992
Fax:           (02) 9284 9666
Websitehttps://www.oaic.gov.au/

Privacy Commissioner

Post:         PO Box 10 094, Wellington 6143.
Ph:             0800 803 909
Email:      [email protected]
Websitehttps://www.privacy.org.nz/

How to contact RSE

If you have any other questions, concerns or complaints about our Privacy Statement or its implementation, please contact our Privacy Officer:

Att:             The Privacy Officer
Ph:              1300 127 642
Email:       [email protected]
Websitehttps://rse.org.au/