This is the Privacy Policy standard to be achieved, or exceeded, by all employees and Office Bearers of the HISA and for others providing services to or on behalf of HISA including those providing web sites within the HISA.org.au domain.

Protecting personal information is important to HISA and personal information will be held in strictest confidence.

Personal information will only be used for the purposes it was collected or in any way that the provider gives HISA permission to use it.

Collection

"Personal Information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

HISA collects personal information for the purpose of providing members with a comprehensive range of membership services and with valuable information regarding relevant products and services from the HISA and appropriate HISA contracted third parties. When collecting personal information by whatever means HISA will ensure that appropriate notices are given and consents obtained in accordance with the National Privacy Principles. Most information is collected directly from the individual concerned. HISA also obtains some personal information from third party sources. In such cases HISA will require a warranty from the third party that the information has been collected in accordance with National Privacy Principles 1, including notification that the information may be disclosed to organisations like HISA.

Disclosure of personal information

Personal information provided to HISA will not be disclosed to other organisations or individuals without the provider's express permission or when obliged to provide such information by lawful authority.

HISA may from time to time enter into contractual agreements with other organisations to provide services/benefits to HISA members. On occasion, personal information on HISA members will be released to those contracted organisations for the purposes that the contract was entered into. Members will be given the opportunity of opting out of receiving communications from these organisations when applying for membership and when renewing membership, or at any time by contacting HISA or by amending their details on the HISA member web site.

HISA will never sell, trade, lease or rent any personally identifiable information to other companies except as stated and agreed when collecting information from members or other persons.

HISA reserves the right to communicate with members about the essential affairs of the Society.

All HISA employees, Office Bearers and other authorised persons are required to sign an undertaking that they will protect personal information on HISA members that they collect or have access to in the course of their duties.

HISA Web sites

Visitors may remain anonymous when visiting an HISA website. HISA will not collect any personal information about individuals unless that information is required to provide a particular service such as when a visitor completes a membership application form or a conference registration online.

HISA will not intentionally collect personally identifiable information about visitors to its web sites. Like most web sites, when accessing HISA's web site log files can and will be generated by the web servers that show the IP address of the visitor, date, time, and pages visited.

HISA may review the information in the web sites logs from time to time and the logs may be periodically deleted. Information in web logs will be used in the aggregate to generate statistics about access to HISA sites.

Cookies will not be used for general tracking purposes but may be used where functionality requires it, i.e. in the intranet or members areas of websites. No attempt will be made to observe the use of the site by individuals except in the course of investigating any abuse.

E-Mail Lists

HISA also maintains in-house email lists and Branches should ensure they accord with the data protection standards in this document.

Security of personal information

HISA will maintain all personal information, including its membership and 'in-house mailing list subscriber details and web server logs, in controlled environments that are secured against unauthorised access. Proof of identity is to be required before information is released to any person, including a member.

Correct, update or delete personal information

Every effort is to be made to ensure that personal information held on members is current, accurate and complete.

The Society must provide the opportunity and means for personal information to be accessed on request by the individual concerned and amended where appropriate. When a request is made, it must be acted upon in an expeditious manner.

Mailing List Subscription Providers and owners/administrators/moderators of contact lists other than the basic membership records must respond without unnecessary delay to any request to remove or edit the contact details of a list subscriber.

Member Access to His/Her Information

A member's identity needs to be validated before his/her personal information is divulged when requested.  If a request is received by telephone a minimum of three (3) ‘matches' of information held on the member is needed for validation [normally name, date of birth or place of work, mobile phone number]. If in doubt do not divulge any information.

A member wishing to sight all the information that the HISA has collected on him/her can do so by, either in writing or by email, making a request to the HISA Privacy Officer Dr Brendan Lovelock, 413 Lygon Street Brunswick East, Victoria 3057, brendan.lovelock@hisa.org.au .

Such information can be provided by faxing, posting or emailing a ‘snapshot' of the member's record or by making arrangements for the member to inspect his/her record in person.

A member attending an HISA office by arrangement to sight his/her information will need to prove his/her identification which should include some photographic identity such as a driver's licence or passport.

Contracted Service Providers

Contracts with all service providers/consultants whose service involves access to personal information must be subject to contract terms that include compliance with the HISA Privacy Policy. Specifically, third parties, such as mailing houses, which receive personal information in order to provide a service for HISA are required to sign an undertaking that the information will only be used for the purpose for which the information was provided.

Privacy Officer

The HISA Privacy Officer is Dr Brendan Lovelock, CEO
( Ph: +613 9388 0555; email: brendan.lovelock@HISA.org.au)