This policy relates to the operations of the Australian College of Pharmacy.
The Australian College of Pharmacy (THE COLLEGE) recognises the importance of privacy of all individuals interacting with our organisation and ensuring the security of personal information maintained with the organisation.
THE COLLEGE, including its employees, and all individuals and entities that act for or on our behalf, is subject to the Privacy Act 1988 (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.
2. Information we collect and why we use it?
What personal information do we collect?
'Personal information' means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained.
‘Sensitive information’ is personal information about an individual’s racial or ethnic origin, philosophical or political beliefs, religious beliefs, criminal record, membership of a professional or trade association or a trade union, sexuality, genetics, biometrics, disability, or health information.
THE COLLEGE is responsible for policies and programs that help members access quality and affordable continuing professional development (CPD) materials; post-registration, personal development and higher education; academic research and education events.
Generally, we collect personal information in order to properly and efficiently carry out one or more of our functions or activities. We only use personal information for the purpose(s) for which it was given to us and for directly related purposes (unless otherwise required or authorised by or under law); as consented by you or if a permitted general situation exists.
We will only collect personal information about you if you voluntarily submit it to us by:
- Providing your information by form, telephone or facsimile;
- Sending us an email;
- sending us information via the ‘Contact Us’ page on our websites; and/or
- Including personal information when using any part of our website.
The types of personal information we may collect include:
- Your name and birth date;
- Your contact information, including postal and residential addresses, telephone and
- Facsimile numbers, and email addresses;
- Where relevant your pharmacist registration details including post-nominals;
- Information for the purpose of obtaining a unique student identifier for vocational
- Students; and/or
- Where relevant to the services we are providing you, your financial information.
We may also store and maintain any content that you provide in connection with our website, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide.
We do not usually seek sensitive information for the provision of general member services and industry recognised training programs. Notwithstanding the information below, sensitive information about an individual will not be collected unless the individual has consented or the collection is required by law. We will, where necessary, obtain your explicit consent to collect and use such information.
We will generally hold your personal information as either physical record, records on our servers, and in some cases, records on third party servers, which may be located overseas.
We may collect and hold information about you that is not personal information, including:
- Data relating to your activity on our website via tracking technologies such as cookies;
- The identity of your internet browser, the type of operating system you use, your IP
- Address and the domain name of your internet service provider;
- Membership numbers allocated to you as identifiers of for the purposes of THE
- COLLEGE's operations; and
- Details of any survey responses you provide.
We may use this information for internal purposes, including administering our services, diagnosing problems, generating statistics and trends, and improving the quality of our products and services.
Personal information collected from participants of nationally recognised training programs
As a government registered training organisation, regulated by the Australian Skills Quality Authority, THE COLLEGE is required to collect a range of personal and sensitive information on participants in nationally recognised training programs. This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 as well as Standards for Registered Training Organisations (RTOs) 2015 and Data Provision Requirements 2012. The specific data required for collection is outlined in the Australian Vocational Education and Training
Management Information Statistical Standard (AVETMISS) data requirements as published by the National Centre for Vocational Education Research (NCVER).
It is also noted that THE COLLEGE is also bound by various State Government Acts requiring similar information collection relevant to state jurisdictions of our operations. The types of personal and sensitive information we may collect for these purposes includes:
- Identity and contact details;
- Employment details;
- Educational background;
- Demographic information;
- Course progress and achievement information;
- Financial billing information;
- Complaint or issue information;
- Disability status and other individual needs; and
- Indigenous status.
Individuals are advised that although this information is requested, individuals maintain the right to refuse provision of such without penalty.
Personal information collected during CPD accreditation activities
The Pharmacy Board of Australia, in partnership with the Australian Health Practitioner Regulation Agency (AHPRA), has authorised the Australian Pharmacy Council (APC) to accredit pharmacists Continuing Professional Development (CPD) activities. The APC has approval to undertake this role by accrediting organisations that meet strict criteria to accredit CPD on its behalf. Under the auspices of the APC the Australian College of Pharmacy may accredit CPD for pharmacists that is eligible to be used as supporting evidence of continuing competence.
In order to assess applications for accreditation of CPD materials the APC Accreditation Standards for CPD Activities (the Accreditation Standards) states in the performance criteria of element 2.1 for Standard 2: “There must be significant pharmacist and/or other subject matter expert (SME) involvement in the development of the activity” and that “Pharmacists and SMEs involved in the activity development must be able to demonstrate they are suitably qualified and/or experienced”.
In order to determine the qualifications and experience of the developer of CPD activities for accreditation THE COLLEGE requires applicants to submit a copy of their resume. They must also disclose any financial and/or proprietary interests in relation to the sponsor or content of the CPD activity as determined by the performance criteria of APC Accreditation Standards element 2.4 for Standard 2: “All parties involved in development, including expert reviews, must disclose conflicts of interest whether actual or perceived”.
The resume and disclosure are used by College staff only to assess the appropriateness of the developers against the APC standards. Resumes are not given to any parties outside of College staff. Disclosures of interests are communicated to the participants of the CPD activity who may be College members or other associates.
What will we tell you when we collect your personal information?
Whenever we collect information from you, we will do everything we can to let you know:
- How to contact us;
- Why we are collecting the information;
- The organisation or types of organisations to which we usually disclose that kind of
- If we are required by law to collect the information;
- The consequences (if any) for you if the information is not provided;
- How you may access and correct the information;
- How to complain about a breach of the Australian Privacy Principles; and
- Whether we will disclose your information to overseas recipients, and the countries in which such recipients are likely to be located.
When reasonable and practicable to do so, we will collect personal information directly from you or someone authorised by you and not from third parties.
Wherever it is lawful and practicable, you have the option of not identifying yourself or using a pseudonym when entering into transactions with THE COLLEGE.
There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as mail, fax or telephone (although these also have risks associated with them).
We will record your email address when you become a member, send a message to us, undertake a CPD course or assessment, enrol in an education course, conference or event or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.
Dealing with unsolicited information
From time to time THE COLLEGE may receive unsolicited personal information. Where this occurs we will promptly review the information to decide whether or not we could have collected the information for the purpose of our business activities. Where this is the case, we may hold, use and disclose the information appropriately as per the practices outlined in this policy.
Where we would not have collected this information (by law or for a valid business purpose) we immediately destroy or de-identify the information, unless it would be unlawful to do so.
Collection of information from third parties
Where THE COLLEGE collects personal information from another organisation, we:
- Confirm whether the other organisation has provided the relevant notice to you; or
- Whether you were otherwise aware of these details at the time of collection; and
- If this has not occurred, we will undertake to notify you to ensure you are fully informed of the information collection.
3. Use and disclosure of information
When will we use and disclose your information?
In general, we will collect, hold, use and disclose personal information for the purposes of providing or offering goods and services to you, any purposes that you may reasonably expect, for any other purpose authorised by law, or for any other purposes disclosed to or authorised by you. This may include disclosures to organisations that provide us with technical and support services, and professional advice.
By providing us with your personal information, you also consent to us using and disclosing your personal information for:
- Providing you with news and information about our goods and services;
- Purposes necessary or incidental to the provision of our goods and services;
- Providing you with the functionality on our website, and customising and improving your online experience with us;
- Personalising your experience with our products and services, for example, via connectivity with social media services;
- Sending you marketing and promotional material that we believe you may be interested in, either from any of our related entities or a third party business which we consider may be of interest to you; and
- Seeking your feedback on our services, or for planning or market research purposes.
We will provide a simple method for you to ‘opt out’ of future communications, and you may at any time request that we discontinue sending you emails or other communications.
Your personal information may also be used and disclosed to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosures to law enforcement, regulatory or government agencies.
Use of personal information for direct marketing
As a member’s organisation, THE COLLEGE does not consider information about our products and services as direct marketing. Notwithstanding the information above, we will not disclose your personal information to facilitate marketing directly from third party organisations.
Disclosure of information to third parties
Personal information may also be disclosed to other third parties in order to respond to your requests or inquiries, as part of a corporate transaction such as a sale, divestiture, merger or acquisition, or where those parties handle information on our behalf or if the information is required by a contractor to carry out a service for us.
We take contractual measures to ensure that where we have given personal information to a contractor (that carries out a service for us); the contractor complies with the APPs.
Disclosure of information collected from participants of nationally recognised training programs
As a government registered training organisation, regulated by the Australian Skills Quality Authority, THE COLLEGE is required to disclose information collected and held on individuals for valid purposes to a range of entities including:
- Governments (Commonwealth, State or Local);
- Employers (and their representatives);
- Service providers such as credit agencies and background check providers
Where possible, THE COLLEGE will de-identify the information disclosed. However, there are some circumstances where this is not possible, such as in the provision of Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS) data on all individuals enrolled in nationally recognised training programs. This is a Condition of Registration for all RTOs under the National Vocational Education Training Regulator Act 2011.
In the event that THE COLLEGE ceases to operate as a Registered Training Organisation, we are required by law to transfer student records to the Australian Skills Quality Authority. This includes records of individuals who are currently, or who have in the past 30 years, participating in nationally recognised training with us.
Cross border disclosures of information
At present we do not disclose your information to overseas recipients and have no plans to do so at this time. If in future we wish to disclose personal information to overseas recipients, we will only do so with your consent or otherwise in compliance with the Australian Privacy Principles.
4. Access and correction
Who will see or have access to your personal information?
Unless we are required to provide your personal information to others for purposes of public safety and law enforcement, your information will only be seen or used by persons working with us or for us, including our contracted service providers.
Accessing and checking the personal information we hold about you
You have a right under the Privacy Act to access personal information we hold about you.
You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
We will take reasonable steps to ensure that your personal information is accurate, complete, up to date, and relevant whenever it is used, collected or disclosed.
You may request access to your personal information by contacting the Chief Executive Officer. Subject to any legal restrictions we would be happy to advise you what personal information we hold about you if you request this. We will respond to all requests within a reasonable period.
There may be some cost to you to cover the cost of retrieving and processing the information if it requires a significant amount of time to locate or collect your information or to present it in an appropriate form. We will let you know in advance if any charges will apply.
We rely on the accuracy of the information you provide to us. If you think that we may hold information about you that is incorrect in any way, please contact us and we will correct any errors or inaccuracies where required.
If we are unable to provide you with access to your information, or make any amendments which you have requested, we will advise you of our reasons. If at any time you wish to know what information we are holding about you, you are welcome to request your details by contacting the Chief Executive Officer.
5. Information security
We have in place reasonable commercial standards of technology and operational security to protect all personal information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure.
Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Archives Act 1983.
6. Retention and destruction of information
Reasonable steps will be taken to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.
7. Questions and complaints
We take all complaints seriously, and will respond to your complaint within a reasonable period. If you believe that we have not adequately handled your complaint, you may complain to the Office of the Australian Information Commissioner.
8. Responding to a privacy breach
In the event of a privacy breach, The College will manage the breach by:
- Containing the breach
- Evaluate the associated risks
- Consider notifying affected individuals and the Office of the Information Commissioner (OIC)
- Prevent a repeat
9. Additional information
Anonymity and pseudonymity
THE COLLEGE recognises that in some circumstances, when dealing with us individuals may not wish to identify themselves or wish to use a pseudonym and will effectively support this when practical. This includes dealings in cases of general enquiries and other situations when we do not require your personal information to provide information or to complete a request.
When accessing any public component, such as member forums and group activities, THE COLLEGE will provide the option of using a pseudonym or remaining anonymous. THE COLLEGE will only store and link pseudonyms to individual personal information in cases where this is required for service delivery.
There will be occasions within our service delivery where THE COLLEGE must confirm the identity of individuals, such as for nationally recognised course programs. We are authorised by Australian law to deal only with individuals who have appropriately identified themselves. That is, it is a Condition of Registration for all RTOs under the National Vocational Education and Training Regulator Act 2011 that we identify individuals and their specific individual needs on commencement of service delivery.
Adoption, use or disclosure of government related identifiers
THE COLLEGE does not adopt, use or disclose a government related identifier related to an individual except:
- In situations required by Australian law or other legal requirements; or
- Where reasonable necessary to verify your identity; or
- Where reasonable necessary to fulfil obligations to an agency, state or Territory authority; or
- As prescribed by regulators.
Specifically, THE COLLEGE may collect your pharmacist registration identifier.
From 1 January 2015 we will also collect your Unique Student Identifier if you are participating in nationally recognised training with THE COLLEGE.
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
Statement to Members – Collection of Information
On membership application and renewal forms, the following statement will be included:
The Australian College of Pharmacy (THE COLLEGE) maintains a database of names, addresses and other information relevant to membership of THE COLLEGE. This data is accessed by THE COLLEGE staff to mail information including publications and member services. It is made available to companies and organisations which provide member services and benefits. This includes mailing houses that provide these services. Members may request that personal information not be passed onto a third party. However, this will result in the member being unable to receive information from THE COLLEGE. A member may request, at any time, a copy of their personal information held by THE COLLEGE.
10.1 THE COLLEGE is the Australian College of Pharmacy Limited
10.2 The Chief Executive Officer (CEO) is the Registrar and of THE COLLEGE.
10.3 Collection is the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means, and does not include the receipt of unsolicited information.
10.4 Consent is a free and informed agreement with what is being done or proposed. Consent can be either express or implied. Express consent is given explicitly, either orally or in writing. Express consent is unequivocal and does not require any inference on the part of the organisation seeking consent. Implied consent arises where consent may reasonably be inferred from the action or inaction of the individual.
10.5 Correct means, in relation to personal information, to alter that information by way of amendment, deletion or addition.
10.6 Disclosure is the making available of personal information to others outside the organisation, other than the subject or the information. Disclosure includes publication of personal information through any medium.
10.7 Enforcement agency means a police force or service of a State or Territory, an agency, to the extent that it is responsible for administering, or performing a function under a law imposing a penalty or sanction, or an agency, to the extent that it is responsible for the administration of a law relating to the protection of the public revenue.
10.8 Generally available publication means a publication (whether in paper or electronic form) that is generally available to members of the public.
10.9 Health information is a subset of sensitive information and relates to any details of the health or medical condition of the individual.
10.10 Identifier means an identifier (usually a number) assigned by an organisation to an individual uniquely to identify that individual for the purposes of the operations of the organisation but does not include the individual’s name.
10.11 Individual means a natural person.
10.12 Organisation means an association, business, charitable organisation, club, government body, institution, professional practice, union, corporation, group of bodies corporate that are related within the meaning of the Corporations Law, or any other collective entity. ‘Organisation’ includes a sole trader or other individual (for example, a professional or freelance consultant) in his or her business capacity.
10.13 Personal Information is information (whether fact, opinion or evaluative material), that is recorded in any form including information or an opinion forming part of a database, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion, but does not include information contained in a generally available publication. Personal information does not include information about corporate entities such as businesses, firms or trusts.
10.14 Reasonable steps are such steps (if any) as are, in the circumstances, reasonable.
10.15 Registrar is the CEO of THE COLLEGE.
10.16 Sensitive Information is information or an opinion about an individual’s racial or ethnic origin, philosophical or political beliefs, religious beliefs, criminal record, membership of a professional or trade association or a trade union, sexuality, genetics, biometrics, disability, or health information about an individual. To be categorised as sensitive information the information must also be personal information.
10.17 Seriously improper conduct means corruption, a serious abuse of power, a serious dereliction of duty, or any other seriously reprehensible behaviour.
10.18 Subject of the information, in relation to personal information, means the individual to whom the information relates.
10.19 Third party, in relation to personal information, means a person or body other than THE COLLEGE and the individual who is the subject of the information 10.20 Unsolicited personal information is information that has been provided to THE COLLEGE without being directly requested by us. This policy was last updated in July 2020.