The Board of the Australian College of Pharmacy approved this Privacy Policy on 15 May 2014.

This policy relates to the operations of the Australian College of Pharmacy.

The Australian College of Pharmacy (THE COLLEGE) recognises the importance of privacy of all individuals interacting with our organisation, and ensuring the security of personal information maintained with the organisation.

THE COLLEGE, including its employees, and all individuals and entities that act for or on our behalf, is subject to the Privacy Act 1988 (the Privacy Act) and to the requirements of the Australian Privacy Principles (APPs) contained in the Privacy Act.

This Privacy Policy details how we protect your privacy and how we comply with the requirements of the Privacy Act 1988 (Cth) (Privacy Act). Our Privacy Policy has been developed in accordance with the Australian Privacy Principles and embodies our commitment to protecting personal information. It sets out our approach to the collection, use, disclosure and disposal of personal information. This policy document is publicly available via the privacy link on the organisation’s website, and a hard copy will be provided to anyone who asks for it.

This Privacy Policy may be supplemented or amended from time to time, and may apply to privacy statements that are specific to certain areas of our website. The date of this Privacy Policy will inform you as to whether there have been updates since your last visit.

If you have any questions or concerns regarding this Privacy Policy, please contact the Privacy Officer using the contact details below.

• Collection of information
• Use and disclosure of information
• Access and correction
• Information security
• Retention and Destruction
• Questions and complaints
• Additional Information
• Definitions

2. Information we collect and why we use it?

What personal information do we collect?

'Personal information' means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained.

‘Sensitive information’ is personal information about an individual’s racial or ethnic origin, philosophical or political beliefs, religious beliefs, criminal record, membership of a professional or trade association or a trade union, sexuality, genetics, biometrics, disability, or health information.

THE COLLEGE is responsible for policies and programs that help members access quality and affordable continuing professional development (CPD) materials; post-registration, personal development and higher education; academic research and education events.

Generally, we collect personal information in order to properly and efficiently carry out one or more of our functions or activities. We only use personal information for the purpose(s) for which it was given to us and for directly related purposes (unless otherwise required or authorised by or under law); as consented by you or if a permitted general situation exists.

We will only collect personal information about you if you voluntarily submit it to us by:

• providing your information by form, telephone or facsimile;
• sending us an email;
• sending us information via the ‘Contact Us’ page on our websites; and/or
• including personal information when using any part of our website.

The types of personal information we may collect include:

• your name and birth date;
• your contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses;
• where relevant your pharmacist registration details including post-nominals;
• information for the purpose of obtaining a unique student identifier for vocational students; and/or
• where relevant to the services we are providing you, your financial information.

We may also store and maintain any content that you provide in connection with our website, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide.

We do not usually seek sensitive information for the provision of general member services and industry recognised training programs.  Notwithstanding the information below, sensitive information about an individual will not be collected unless the individual has consented or the collection is required by law.  We will, where necessary, obtain your explicit consent to collect and use such information.

We will generally hold your personal information as either physical record, records on our servers, and in some cases, records on third party servers, which may be located overseas.

We may collect and hold information about you that is not personal information, including:

• data relating to your activity on our website via tracking technologies such as cookies;
• the identity of your internet browser, the type of operating system you use, your IP address and the domain name of your internet service provider;
• membership numbers allocated to you as identifiers of for the purposes of THE COLLEGE's operations; and
• details of any survey responses you provide.

We may use this information for internal purposes, including administering our services, diagnosing problems, generating statistics and trends, and improving the quality of our products and services.

Personal information collected from participants of nationally recognised training programs

As a government registered training organisation, regulated by the Australian Skills Quality Authority, THE COLLEGE is required to collect a range of personal and sensitive information on participants in nationally recognised training programs.  This information requirement is outlined in the National Vocational Education and Training Regulator Act 2011 as well as Standards for NVR Registered Training Organisations 2012,  and Data Provision Requirements 2012.  The specific data required for collection is outlined in the Australian Vocational Education and Training Management Information Statistical Standard (AVETMISS) data requirements as published by the National Centre for Vocational Education Research (NCVER).

It is also noted that THE COLLEGE is also bound by various State Government Acts requiring similar information collection relevant to state jurisdictions of our operations. The types of personal and sensitive information we may collect for these purposes includes:

• Identity and contact details;
• Employment details;
• Educational background;
• demographic information;
• course progress and achievement information;
• Financial billing information;
• Complaint or issue information;
• Disability status and other individual needs; and
• Indigenous status.

Individuals are advised that although this information is requested, individuals maintain the right to refuse provision of such without penalty.

Personal information collected during CPD accreditation activities

The Pharmacy Board of Australia, in partnership with the Australian Health Practitioner Regulation Agency (AHPRA), has authorised the Australian Pharmacy Council (APC) to accredit pharmacists Continuing Professional Development (CPD) activities. The APC has approval to undertake this role by accrediting organisations that meet strict criteria to accredit CPD on its behalf.  Under the auspices of the APC the Australian College of Pharmacy may accredit CPD for pharmacists that is eligible to be used as supporting evidence of continuing competence.

In order to assess applications for accreditation of CPD materials the APC Accreditation Standards for CPD Activities (the Accreditation Standards) states in the performance criteria of element 2.1 for Standard 2: “There must be significant pharmacist and/or other subject matter expert (SME) involvement in the development of the activity” and that “Pharmacists and SMEs involved in the activity development must be able to demonstrate they are suitably qualified and/or experienced”.

In order to determine the qualifications and experience of the developer of CPD activities for accreditation THE COLLEGE requires applicants to submit a copy of their resume. They must also disclose any financial and/or proprietary interests in relation to the sponsor or content of the CPD activity as determined by the performance criteria of APC Accreditation Standards element 2.4 for Standard 2: “All parties involved in development, including expert reviews, must disclose conflicts of interest whether actual or perceived”.

The resume and disclosure are used by College staff only to assess the appropriateness of the developers against the APC standards. Resumes are not given to any parties outside of College staff. Disclosures of interests are communicated to the participants of the CPD activity who may be College members or other associates.

What will we tell you when we collect your personal information?

Whenever we collect information from you, we will do everything we can to let you know:

• how to contact us;
• why we are collecting the information;
• the organisation or types of organisations to which we usually disclose that kind of information;
• if we are required by law to collect the information;
• the consequences (if any) for you if the information is not provided;
• how you may access and correct the information;
• how to complain about a breach of the Australian Privacy Principles; and
• whether we will disclose your information to overseas recipients, and the countries in which such recipients are likely to be located.

When reasonable and practicable to do so, we will collect personal information directly from you or someone authorised by you and not from third parties.

Wherever it is lawful and practicable, you have the option of not identifying yourself or using a pseudonym when entering into transactions with THE COLLEGE.

Electronic Communication

There are inherent risks associated with the transmission of information over the internet, including via email. You should be aware of this when sending personal information to us via email or via our website or social media platforms. If this is of concern to you then you may use other methods of communication with us, such as mail, fax or telephone (although these also have risks associated with them).

We will record your email address when you become a member, send a message to us, undertake a CPD course or assessment, enrol in an education course, conference or event or subscribe to one of our mailing lists. Any personal information, including email addresses, will only be used or disclosed for the purpose for which it was provided.  

Dealing with unsolicited information

From time to time THE COLLEGE may receive unsolicited personal information.  Where this occurs we will promptly review the information to decide whether or not we could have collected the information for the purpose of our business activities.  Where this is the case, we may hold, use and disclose the information appropriately as per the practices outlined in this policy.

Where we would not have collected this information (by law or for a valid business purpose) we immediately destroy or de-identify the information, unless it would be unlawful to do so.

Collection of information from third parties

Where THE COLLEGE collects personal information from another organisation, we:

• Confirm whether the other organisation has provided the relevant notice to you; or
• Whether you were otherwise aware of these details at the time of collection; and
• If this has not occurred, we will undertake to notify you to ensure you are fully informed of the information collection.

3. Use and disclosure of information

When will we use and disclose your information?

In general, we will collect, hold, use and disclose personal information for the purposes of providing or offering goods and services to you, any purposes that you may reasonably expect, for any other purpose authorised by law, or for any other purposes disclosed to or authorised by you. This may include disclosures to organisations that provide us with technical and support services, and professional advice.

By providing us with your personal information, you also consent to us using and disclosing your personal information for:

• providing you with news and information about our goods and services;
• purposes necessary or incidental to the provision of our goods and services;
• providing you with the functionality on our website, and customising and improving your online experience with us;
• personalising your experience with our products and services, for example, via connectivity with social media services;
• sending you marketing and promotional material that we believe you may be interested in, either from any of our related entities or a third party business which we consider may be of interest to you; and
• seeking your feedback on our services, or for planning or market research purposes.

We will provide a simple method for you to ‘opt out’ of future communications, and you may at any time request that we discontinue sending you emails or other communications.

Your personal information may also be used and disclosed to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosures to law enforcement, regulatory or government agencies.

Use of personal information for direct marketing

As a member’s organisation, THE COLLEGE does not consider information about our products and services as direct marketing.  Notwithstanding the information above, we will not disclose your personal information to facilitate marketing directly from third party organisations.

Disclosure of information to third parties

Personal information may also be disclosed to other third parties in order to respond to your requests or inquiries, as part of a corporate transaction such as a sale, divestiture, merger or acquisition, or where those parties handle information on our behalf or if the information is required by a contractor to carry out a service for us.

We take contractual measures to ensure that where we have given personal information to a contractor (that carries out a service for us); the contractor complies with the APPs.

Disclosure of information collected from participants of nationally recognised training programs

As a government registered training organisation, regulated by the Australian Skills Quality Authority, THE COLLEGE is required to disclose information collected and held on individuals for valid purposes to a range of entities including:

• Governments (Commonwealth, State or Local);
• Employers (and their representatives);
• Service providers such as credit agencies and background check providers

Where possible, THE COLLEGE will de-identify the information disclosed.  However, there are some circumstances where this is not possible, such as in the provision of Australian Vocational Education and Training Management of Information Statistical Standard (AVETMISS) data on all individuals enrolled in nationally recognised training programs.  This is a Condition of Registration for all RTOs under the National Vocational Education Training Regulator Act 2011.

In the event that THE COLLEGE ceases to operate as a Registered Training Organisation, we are required by law to transfer student records to the Australian Skills Quality Authority.  This includes records of individuals who are currently, or who have in the past 30 years, participating in nationally recognised training with us.

Cross border disclosures of information

At present we do not disclose your information to overseas recipients and have no plans to do so at this time.  If in future we wish to disclose personal information to overseas recipients, we will only do so with your consent or otherwise in compliance with the Australian Privacy Principles.

4. Access and correction

Who will see or have access to your personal information?

Unless we are required to provide your personal information to others for purposes of public safety and law enforcement, your information will only be seen or used by persons working with us or for us, including our contracted service providers. 

Accessing and checking the personal information we hold about you

You have a right under the Privacy Act to access personal information we hold about you.

You also have a right under the Privacy Act to request corrections to any personal information that we hold about you if you think the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date, and relevant whenever it is used, collected or disclosed.

You may request access to your personal information by contacting the Privacy Officer. Subject to any legal restrictions we would be happy to advise you what personal information we hold about you if you request this. We will respond to all requests within a reasonable period.

There may be some cost to you to cover the cost of retrieving and processing the information if it requires a significant amount of time to locate or collect your information or to present it in an appropriate form. We will let you know in advance if any charges will apply.

We rely on the accuracy of the information you provide to us. If you think that we may hold information about you that is incorrect in any way, please contact us and we will correct any errors or inaccuracies where required.

If we are unable to provide you with access to your information, or make any amendments which you have requested, we will advise you of our reasons.

If at any time you wish to know what information we are holding about you, you are welcome to request your details by contacting the Privacy Officer.

5. Information security

We have in place reasonable commercial standards of technology and operational security to protect all personal information provided to us from misuse, interference, loss, unauthorised access, modification or disclosure.

Storage of personal information (and the disposal of information when no longer required) is managed in accordance with the Archives Act 1983.

6. Retention and destruction of information

Reasonable steps will be taken to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.

7. Questions and complaints

If you have any questions or concerns regarding your privacy, or if you would like to make a complaint about a possible breach of this Privacy Policy or the Australian Privacy Principles, you may direct your correspondence to our Privacy Officer at privacy@acp.edu.au.

We take all complaints seriously, and will respond to your complaint within a reasonable period.

If you believe that we have not adequately handled your complaint, you may complain to the Office of the Australian Information Commissioner.

8. Additional information

Anonymity and pseudonymity

THE COLLEGE recognises that in some circumstances, when dealing with us individuals may not wish to identify themselves or wish to use a pseudonym, and will effectively support this when practical.  This includes dealings in cases of general enquiries and other situations when we do not require your personal information to provide information or to complete a request.

When accessing any public component, such as member forums and group activities, THE COLLEGE will provide the option of using a pseudonym or remaining anonymous.  THE COLLEGE will only store and link pseudonyms to individual personal information in cases where this is required for service delivery.

There will be occasions within our service delivery where THE COLLEGE must confirm the identity of individuals, such as for nationally recognised course programs.  We are authorised by Australian law to deal only with individuals who have appropriately identified themselves.  That is, it is a Condition of Registration for all RTOs under the National Vocational Education and Training Regulator Act 2011 that we identify individuals and their specific individual needs on commencement of service delivery.

Adoption, use or disclosure of government related identifiers

THE COLLEGE does not adopt, use or disclose a government related identifier related to an individual except:

• In situations required by Australian law or other legal requirements; or
• Where reasonable necessary to verify your identity; or
• Where reasonable necessary to fulfil obligations to an agency, state or Territory authority; or
• As prescribed by regulators.

Specifically, THE COLLEGE may collect your pharmacist registration identifier. 

From 1 January 2015 we will also collect your Unique Student Identifier if you are participating in nationally recognised training with THE COLLEGE.

For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au

Statement to Members – Collection of Information

On membership application and renewal forms, the following statement will be included:

The Australian College of Pharmacy (THE COLLEGE) maintains a database of names, addresses and other information relevant to membership of THE COLLEGE. This data is accessed by THE COLLEGE staff to mail information including publications and member services. It is made available to companies and organisations which provide member services and benefits. This includes mailing houses that provide these services. Members may request that personal information not be passed onto a third party. However, this will result in the member being unable to receive information from THE COLLEGE. A member may request, at any time, a copy of their personal information held by THE COLLEGE.

9. Definitions

This policy was last updated in April 2015.