PURPOSE & SCOPE
Diversity Australia (DA) is committed to protecting the personal information of clients, participants, employees, contractors, and partners. This policy sets out how DA collects, uses, stores, and protects personal data in compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to all aspects of DA’s operations, including facilitation of training, consulting services, events, and online learning platforms. The policy ensures that DA handles information responsibly, transparently, and with respect for the rights of individuals.
LEGISLATIVE ALIGNMENT
This policy is guided by the Privacy Act 1988 (Cth), which includes the Australian Privacy Principles, the Notifiable Data Breaches (NDB) scheme, and relevant provisions of the Spam Act 2003 (Cth) and Competition and Consumer Act 2010 (Cth). It reflects DA’s responsibility to ensure secure, lawful, and ethical management of data across all jurisdictions in which we operate.
COLLECTION AND USE OF PERSONAL INFORMATION
DA collects personal information only when it is reasonably necessary for service delivery. This may include participant enrolment details, learning analytics, evaluation feedback, or client reporting data. Individuals are informed at or before the time of collection why the information is being collected, how it will be used, and the consequences of not providing it. Personal data is used solely for the primary purpose for which it was collected or for a directly related secondary purpose where the individual would reasonably expect it. Sensitive information, such as health data, racial or cultural identity, or other protected characteristics, is collected only with explicit consent or where required by law.
STORAGE AND SECURITY
DA takes all reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes secure physical storage, password protection, encryption of electronic records, and role-based access restrictions. Third-party service providers, such as learning management systems and cloud storage platforms, are required to comply with privacy and security obligations through binding contractual arrangements. Staff and contractors must follow DA’s information security standards at all times.
ACCESS AND CORRECTION
Individuals have the right to access their personal information and request corrections if it is inaccurate, incomplete, or out of date. Requests should be made in writing to DA’s Privacy Officer, and responses will be provided within a reasonable timeframe. Where requests are refused under lawful exceptions, DA will provide reasons and outline available review mechanisms.
COMPLAINTS
Individuals may make complaints about privacy practices directly to DA. Complaints should be submitted in writing to info@diversityaustralia.com.au and will be addressed within a reasonable timeframe. If an individual is dissatisfied with DA’s response, they may escalate the matter to the Office of the Australian Information Commissioner (OAIC).
DIRECT MARKETING
DA may use personal information for direct marketing purposes only with consent or where otherwise permitted by law. Individuals will always have the option to opt out of marketing communications, and DA must ensure all electronic communications comply with the Spam Act 2003 (Cth).
DATA RETENTION AND DISPOSAL
Personal information is retained only for as long as necessary to fulfil its purpose or to meet legal and contractual obligations. Unless otherwise specified, personal information will be kept for a minimum of seven years. When information is no longer required, it will be securely destroyed or permanently de-identified.
DATA BREACH RESPONSE
In the event of a suspected or actual data breach, DA will promptly investigate and assess the incident. Where the breach is likely to result in serious harm to individuals, DA will comply with the Notifiable Data Breaches (NDB) scheme, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals. DA will maintain a breach register, document lessons learned, and implement corrective measures to prevent recurrence.
ROLES AND RESPONSIBILITIES
The Chief Executive Officer is accountable for privacy governance within DA. The Chief Executive Officer is the first point of contact for individuals seeking to exercise their rights or raise concerns about DA’s handling of their information.