Privacy Policy

February 2019

1. Purpose and Scope

The Royal Australasian College of Dental Surgeons recognises the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our Privacy Policy and it tells you how we collect and manage your personal information.

We respect your rights to privacy under the Privacy Act 1988 (Cth) (Privacy Act) and we comply with all of its requirements in respect of the collection, management and disclosure of your personal information.

For purposes of this policy:
‘Candidates’, used collectively, means duly subscribed candidates of the Royal Australasian College of Dental Surgeons;

‘Board’ means some or all of the Directors acting as the Board of Directors of the College;

‘Constitution’ means constitution of the Royal Australasian College of Dental Surgeons;

‘Director’ means an individual elected or appointed from time to time to the office of director of the College in accordance with this Constitution;

‘Members’, used collectively, means Fellows, Members and Associates of the Royal Australasian College of Dental Surgeons;

‘RACDS’, ‘College’, ‘we’, ‘us’ or ‘our’ means the company limited by guarantee named Royal Australasian College of Dental Surgeons (ABN 97 343 369 579);

‘You’, used collectively, means Members, non-members and the general public interacting with the Royal Australasian College of Dental Surgeons;

2. Background

This Privacy Policy is intended to enable Members and others who interact with RACDS to understand what types of personal information are collected and what is done with such information in performing its functions and in light of privacy obligations.

RACDS respects your privacy and is committed to protecting the privacy, confidentiality and security of personal information it collects and receives. This Privacy Policy seeks to explain how RACDS collects, uses, discloses and otherwise handles personal information. It also seeks to explain how you can access and correct the personal information RACDS holds about you or complain about any suspected privacy breach.

A copy of this Privacy Policy is available on RACDS’ website https://www.racds.org

3. Policy Statement

RACDS may collect, hold, use and disclose personal information about its Members, Candidates, enrollees, volunteers, delegates, suppliers, employees and other individuals to effectively carry out its purposes as outlined in its Constitution and as an employer.

3.1 Sources of Privacy Laws and Exemptions

3.1.1
RACDS is required to comply with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility
and disposal.

3.1.2
In Australia, RACDS is generally exempt from the Privacy Act when it collects and handles employee records. However, it is RACDS’ policy to protect the personal information of its employees.

3.1.3
The Office of the Australian Information Commissioner (OAIC) is the independent statutory agency within the Attorney General’s portfolio responsible for privacy functions that are conferred by the Privacy Act and other laws.

3.1.4
RACDS is also required to comply with other laws, including more specific privacy legislations in some circumstances and in some jurisdictions (where applicable), such as:

  • applicable data protection and privacy legislation of the other national and international jurisdictions in which the RACDS operates (e.g. Privacy Act 1993 (NZ), Hong Kong’s Personal Data (Privacy); European Union’s General Data Protection Regulation (GDPR), etc.);
  • applicable Australian State and Territory health privacy legislations when the College collects and handles certain health information (note: this Privacy Policy is principally focussed on privacy law requirements imposed by the Commonwealth Parliament);
  • Spam Act 2003 (Cth);
  • Do Not Call Register Act 20016 (Cth); and
  • Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act.

European Union’s General Data Protection Regulation (GDPR)

3.1.5
RACDS complies with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. Under these principles:

  • We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
  • We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
  • We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
  • We will also process your personal information if it is necessary for our legitimate interests or to fulfil a contractual or legal obligation.
  • We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
  • We do not collect or process any personal information from you that is considered sensitive personal information under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent or it if being collected subject to and in accordance with the GDPR.
  • You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.

Your Rights Under the GDPR

3.1.6
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. RACDS complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU. Except as otherwise provided in the GDPR, you have the right:

  • to be informed as to how your personal information is being used;
  • to access your personal information;
  • to correct your personal information if it is inaccurate or incomplete;
  • to delete your personal information (also known as the ‘right to be forgotten’);
  • to restrict processing of your personal information;
  • to retain and reuse your personal information for your own purposes;
  • to object to your personal information being used; and
  • to object against automated decision making and profiling.

Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy. We may ask you to verify your identity before acting on any of your requests.

3.2 Types of Information

Personal Information

3.2.1
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

3.2.2
Personal information can be:

  • true or false;
  • verbal, written or photographic; or
  • recorded or unrecorded

3.2.3
Personal information includes:

  • name;
  • mailing address;
  • email address;
  • telephone or facsimile;
  • age or date of birth;
  • profession, occupation or job title;
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries;
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives of otherwise; and,
  • information you provide to use through customer or member surveys from time to time.

3.2.4
Personal information does not include:

  • anonymous information (e.g. anonymous answers to surveys);
  • aggregated information (e.g. data about how users use our website that reflects trends without identifying the sample);
  • de-identified information; or
  • information about companies or other entities which does not identify individuals

Sensitive Information

3.2.5
Sensitive information is a special category of personal information and is subject to stricter legal requirements for collection, storage, use and disclosure.

3.2.6
Under the Privacy Act, information will be considered sensitive information where it is information or an opinion about a person’s:

  • racial or ethnic origin;
  • political opinions;
  • membership of a political association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association;
  • membership of a trade union;
  • sexual preferences or practices, or
  • criminal record

3.2.7
RACDS only collects sensitive information where it is reasonably necessary for its functions or activities and either the individual has consented and is required or authorised by or under law (including applicable privacy legislation) to do so. For example, we may collect:

  • information about your membership of other professional associations;
  • information about dietary requirements or mobility needs when we conduct events such as convocations, courses, lectures and workshops;
  • for purposes of application for special consideration, copies of medical reports/certificates and psychiatric assessments (i.e. medical grounds); bereavement notice, police incident report and statutory declaration (i.e. compassionate grounds); medical report/certificate confirming the nature of disability (i.e. disability grounds); or
  • identification as Aboriginal, Torres Strait Islander or Maori

Health Information

3.2.8
Health information (or genetic information or biometric information) is also a form of sensitive information. This includes information or opinion about a person’s:

  • physical and mental health;
  • disability (at any time);
  • health preferences (including future provision of health services);
  • use of health services;
  • bodily donations (e.g. blood, organs); or
  • genetics

3.3 Purposes for Which Personal Information is Collected, Held and Disclosed

General

3.3.1
RACDS collects personal information to be able to perform its core functions, including but not limited to, administration of the various College programs (e.g. education, training assessment and examination), membership administration, professional development, publications, surveys and research, scientific and educational meetings, tutorials, regional committee meetings, social functions and networking events among others.

3.3.2
The main purposes for which RACDS collects, holds, uses and discloses personal information are: to provide quality services and benefits to its Members; to alert Members to issues, opportunities and updates in which they might be interested in; and to maintain and extend its membership.

3.3.3
RACDS also interacts with non-members (both prospective members and the general public) and personal information is collected and used for those processes stated above.

3.3.4
RACDS’ policy is to provide individuals with the option of not identifying themselves or of using a pseudonym when dealing with the College if it is lawful and practicable to do so. A pseudonym is a name or other descriptor that is different to an individual’s actual name. For example, the College’s policy is to enable you to access our website and make general phone queries without having to identify yourself and to enable you to respond to our surveys anonymously.

3.3.5
In some cases, however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are requesting. For example, you must identify yourself to become a Member of the College; if you sit an exam, we will check your photo ID to confirm that you are the person who is entitled to sit for the exam.

For those above-stated purposes, RACDS’ activities include:

Program Administration via Education, Training, Assessment, Examination and Professional Development

3.3.6
Administering various programs includes, but not limited to:

  • recording and updating candidate details and profile information;
  • sending notices about courses, lectures, workshops and examinations;
  • distributing program updates and changes to regulations, handbooks and policies; and
  • promoting and conducting CPD events for members and non-members.

Membership Administration

3.3.7
Administering membership includes, but not limited to:

  • recording and updating membership details and profile information;
  • sending notices of College meetings;
  • distributing annual reports; and
  • sending out renewal notices and advertising.

Services and Publications Administration

3.3.8
Administering the College’s services and publications include, but not limited to:

  • corresponding with Members and affiliated persons on issues of mutual interest;
  • conducting Member surveys and market research for product and service improvement purposes and to compile statistics and analyse trends;
  • distributing College publications (including College News), newsletters and bulletins;
  • provision of other professional information and materials to Members and non-members; and
  • providing Members with access to and

General Office Administration

3.3.9
Administering general office processes include, but not limited to:

  • recruiting office staff;
  • processing payments and refunds;
  • answering queries and resolving issues; and
  • using aggregated information for business intelligence and analysis

Email Communications

3.3.10
RACDS communicates frequently with its Members and non-members by email and other means (e.g. mobile messaging and post).

3.3.11
To ensure that communications are effective, RACDS employs software which reports deliverability rates, open rates, click through rates, unsubscribers, hard and soft bounces. RACDS sees this information at individual record level (if required), but only engages that functionality in very unusual circumstances.

Opting Out

3.3.12
Subject to the above, where you have consented to receiving direct marketing communications from RACDS, your consent will remain current until you advise us otherwise. However, you can, at no cost, opt out at any time, in the following ways:

  • Fellows, Members, Associates and Candidates can update their communication preferences by updating their profiles online;
  • send a letter to the RACDS at Level 13 37 York St SYDNEY NSW 2000 Australia; email [email protected]; or ring the College office at 1800 688 339 or +61 2 9262 6044; or
  • use the unsubscribe facility that is included in electronic messages (i.e. emails and SMS) to opt out of receiving those messages.

3.3.13
The following are mandatory RACDS communications and are excluded from the opt out provision:

  • Notice of Annual General Meeting;
  • Annual Report; and
  • Annual Fee Renewal Notice.

3.4 Kinds of Personal Information We Collect and Hold

The type of personal information RACDS collects and holds about you depends on the type of dealings that you have with the College. For example, if you:

3.4.1
Are admitted as a Fellow/Member/Associate, we collect information including your name, date of birth, email address, contact number/s (i.e. home, work, mobile), mailing address, principal work address, details of academic qualifications, principal area/s of practice, honours and awards, particulars of academic achievements (i.e. research, publications, scholarships and prizes), other training and experience, professional and membership qualifications, photo IDs, passport size photo and signature on declaration;

3.4.2
Are a prospective Director of RACDS, we collect your signed declaration of eligibility and fit and proper person test and consent to act as a director as required by the Corporations Act 2001 (Cth);

3.4.3
Are a non-member and involved on Board, Boards of Studies, College committees and working parties as an advisor, examiner or lecturer, we obtain your name, address, contact numbers, email address and professional credentials;

3.4.4
Undertake an RACDS program as a Candidate, we collect the same type of information as Fellows, Members and Associates, as well as recent copies of photo ID (i.e. driver’s license or passport) and passport size photo to identify you for examinations;

3.4.5
Contact RACDS with an enquiry, and, if you do not take advantage of the option to use anonymity or pseudonymity and depending on the nature of the enquiry, we record details about you and relating to the enquiry;

3.4.6
Attend a College convocation, course, workshop, masterclass or lecture, we collect your contact details, address, membership number (if applicable), payment details and any dietary and accessibility requirements;

3.4.7
Join the College’s student volunteer network, we collect information including your name, and shirt size (for allocation of free College shirts during student volunteer work at convocation);

3.4.8
Are a supplier to the College, we collect contact address details, usually including but not limited to, all forms of contact and address, billing information and information about the goods or services you supply;

3.4.9
Are a sponsor of the College, we collect contact address details, usually but not limited to all forms of contact and address and information about the sponsorship;

3.4.10
Buy or otherwise obtain professional information/materials and merchandise, we collect contact address details and billing information including credit card or other payment details; and,

3.4.11
Apply for a job in the College, we collect the information you include in your application for employment, including your cover letter, resume, contact details and referee reports;

Use of Government-Related Identifiers

3.4.12
It is RACDS’ policy not to: use a government-related identifier of an individual (e.g. Medicare number or driver’s license number) as our own identifier of individuals; otherwise use or disclose such a government-related identifier; and unless permitted by the Privacy Act (e.g. where the use or disclosure is required or authorised by or under an Australian law or a court or tribunal order).

3.5 How We Collect and Hold Personal Information

Method of Collection

3.5.1
RACDS is required by the Privacy Act to collect personal information only by lawful and fair means. If it is reasonable and practicable, we will collect personal information we require directly from you, including:

  • by email;
  • over the telephone;
  • through written correspondences (e.g. letters, faxes);
  • when you complete and application or purchase order whether on hard copy forms or otherwise (i.e. event registration forms, competition entry forms);
  • in person during conversations between you and our representatives (e.g. job interviews, exams);
  • through your access and use of our website;
  • at events such as convocation, courses, lectures and workshops (e.g. survey forms);
  • during assessments and examinations as part of our educational programs;
  • electronic systems such as applications;
  • through surveillance cameras in our building premises (which we use for security purposes);
  • cookies (for more information, see RACDS’ Terms of Use of Website); and,
  • from third parties, including but not limited to: educational providers that assist us in running our educational programs; government bodies; insurers in relation to professional indemnity insurance, public sources (e.g. telephone directories, membership lists of business, professional and trade associations, public websites, ASIC/ABN searches, bankruptcy searches, searches of court registries).

Collection Notices

3.5.2
Where RACDS collects personal information directly from you, our policy is to take reasonable steps to notify you, at or before the time of collection, or as soon as practicable afterwards, including:

  • our identity and how to contact us;
  • the purposes for which we are collecting the information;
  • whether the collection is required or authorised by or under an Australian law or a court or a tribunal order;
  • the third parties to whom we would normally disclose information of that kind;
  • whether any of those third parties are located overseas and if practicable to specify, the countries in which they are located; and
  • the fact that this Privacy Policy contains information about how to access and correct personal information and make privacy complaints and how we deal with those complaints.

3.5.3
RACDS will generally include these matters in a collection notice. For example, where personal information is collected on a paper or online form, we will generally include a collection notice or a clear link to it.

3.5.4
Collection notices may provide more specific information than this Privacy Policy in relation to particular collections of personal information. The statements in this Privacy Policy are subject to any specific provisions contained in collection notices and in the terms and conditions of particular offers, products and services. We encourage you to read those provisions carefully.

3.5.5
Where RACDS collects information about you from a third party, our policy is to take reasonable steps to make sure that you are made aware of the collection details listed above and, if you may not be aware

Unsolicited Information

3.5.6
Unsolicited personal information is personal information RACDS receives that we have taken no active steps to collect (e.g. employment application sent to us by an individual on their own initiative rather than a response to a job advertisement; personal information provided via user comments or blogs on RACDS’ social media platforms).

3.5.7
RACDS may keep records of unsolicited personal information if the Privacy Act permits it (e.g. if the information is reasonably necessary for one or more of our functions or activities). If not, the College’s policy is to destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

3.6 Disclosure of Personal Information to Third Parties

3.6.1
Personal information may be disclosed to the following third parties where appropriate for the purposes set out above:

  • financial institutions for payment processing;
  • insurers;
  • persons involved in external dispute resolution involving the College;
  • universities and other educational services providers involved with or engaged by the College for its educational programs and other professional programs;
  • Member’s employer or prospective employer (e.g. to confirm membership status);
  • international colleges (e.g. to confirm membership status);
  • members of College committees;
  • regulatory bodies for Anti-Money Laundering and Counter Terrorism and combating fraud and other crime in compliance with legislative requirements;
  • bodies such as Australian Health Practitioner Regulation Agency (AHPRA); Dental Board of Australia (DBA); Australian Medical Council (AMC); Australian Dental Council (ADC); Dental Council of NZ (DCNZ) and other regulatory bodies;
  • Australian Securities and Investments Commission (ASIC), Australian Taxation Office (ATO), Australian Charities and Not-for-profits Commission (ACNC), Revenue NSW and similar bodies to comply with our legal obligations;
  • in the context of assistance with visa applications, to government and regulatory bodies such as the Department of Home Affairs (DHA);
  • referees whose details are provided to us by job applicants;
  • third parties who have complained about Members (including to advise them of the conduct and outcome of the complaints);
  • the College’s contracted service providers, including but not limited to: information technology service providers; publishers of our newsletters, magazines, handbooks and course material; conference organisers; marketing and communication agencies; companies that conduct member surveys and electronic voting on our behalf; mailing houses, freight and courier services; printers and distributors of direct marketing material; and, external business advisers (e.g. recruitment advisers, auditors and lawyers);
  • law enforcement and regulatory bodies as required by law or authorised by or under an Australian law or the order of an Australian court or tribunal; and,
  • other professional bodies of which a Member is also a member in relation to disciplinary proceedings.

3.6.2
In the case of contracted service providers, RACDS may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

3.6.3
RACDS holds numerous events such as the biennial convocation. Third party sponsors and exhibitors help us defray the costs of staging such events. Commonly, such sponsors and exhibitors conduct competitions and similar activities at those events. Where attendees indicate their consent expressly or by their actions, the College may facilitate the process by which information (e.g. name and contact details) of consenting participants is provided to sponsors and exhibitors for follow up marketing.

Cross Border Disclosure of Personal Information

3.6.4
RACDS has members is more than 25 countries, including New Zealand, Hong Kong, Singapore, Malaysia and the United Kingdom. Disclosure of personal information to these countries may occur in the normal course of College business.

3.6.5
RACDS sets out a wide variety of situations in which personal information may be disclosed. In some of those situations, the disclosure may be to parties located overseas, for example:

  • to international colleges (e.g. to confirm member’s status);
  • to Members of College committees who are located overseas; and,
  • to referees whose details are provided to us by job applicants.

3.6.6
Likewise, where examinations are conducted overseas, personal information about Candidates may be disclosed to a third party contracted to conduct such examinations.

3.6.7
We may disclose personal information to our contracted information technology service providers that are hosted off-shore.

3.6.8
In each case, the College’s policy is to comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information, as well as with any legal requirements applicable in the relevant jurisdiction.

3.7 Data Quality and Security

General

3.7.1
RACDS holds personal information in a number of ways, including in electronic databases, email contact lists and paper files held in drawers and cabinets (secured and locked where appropriate). Paper files may also be archived in boxes and stored offsite in secure facilities. The College’s policy is to take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, up-to-date, complete and relevant; and
  • protect the personal information that we hold from misuse, interference and loss from unauthorised access, modification or disclosure.


3.7.2
You can help us keep your information up-to-date by letting us know about any changes to your personal information, such as your email address or phone number, or where applicable, you can easily review and update your information on an on-going basis online by logging in to your account.

3.7.3
The steps we take to secure the personal information we hold include securities such as encryption, firewalls, anti-virus software, login and password protection, secure office access, personnel security and training and workplace policies.

Payment Security

3.7.4
RACDS processes payments using EFTPOS and online technologies and ensures that all transactions processed meet industry security standards to ensure payment details are protected.

Website Security

3.7.5
While RACDS strives to protect the personal information and privacy of website users, we cannot guarantee the security of any information that you disclose online. You disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact the College.

3.7.6 You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.

Third Party Websites

3.7.7
Links to third party websites that are not operated or controlled by RACDS are provided for your convenience. The College is not responsible for the privacy or security practices of those websites which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

Access and Correction of Your Personal Information

3.7.8
Individuals have a right to request access to the personal information that RACDS holds about them and to request its correction.

3.7.9
If you ask RACDS to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, irrelevant or misleading, the College’s policy is to take reasonable steps to correct that information to ensure that having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

3.7.10
If RACDS corrects personal information about you and you have previously disclosed that information to another organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, the College’s policy is to take reasonable steps to do so, unless this would be impracticable or unlawful.

3.7.11
Except in the case of more complicated requests, RACDS will endeavour to respond to access and correction requests within thirty (30) days.

3.7.12
If RACDS refuses your access or correction request or if we refuse to give you access in the manner you requested, the College’s policy is to provide you with written notice setting out: the reasons for our refusal (except to the extent that it would be unreasonable to do so); and, available complaint mechanisms.

3.7.13
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading and we will take reasonable steps to associate the statement in such a way that will make it apparent to users of the information.

3.7.14
To the extent that we are governed by the European General Data Privacy Regulation (GDPR), you have the ‘right to be forgotten’.

3.8 Complaints Process

3.8.1
RACDS will ensure a designated employee is appropriately trained in privacy legislation and will act as Privacy Officer in order to be the primary source of information regarding privacy matters.

3.8.2
If you have a complaint about how RACDS has collected or handled your personal information, please contact our Privacy Officer (see details below).

3.8.3
In most cases, we expect that complaints will be investigated and a response provided within thirty (30) days of receipt of such complaint. If the matter is more complex and our investigation may take longer, we will write and let you know, including when we expect to provide our response.

3.8.4
Our response will set out: whether in the Privacy Officer’s view there has been a breach of this Privacy Policy or any applicable privacy legislation; and, what action, if any, the College will take to rectify the situation.

3.8.5
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) or, in some instances, other regulatory bodies.

3.9 Retention of Personal Data

3.9.1
All personal data that has been collected from you by RACDS will only be kept for a limited duration that is relevant to the purpose for which your personal data is to be used and for as long as required by applicable law.

3.10 Further Information

3.10.1
Please contact RACDS if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details for privacy queries and complaints are set out below.

Privacy Officer
Royal Australasian College of Dental Surgeons (RACDS)
Level 13 37 York St SYDNEY NSW 2000
E: [email protected]
P: + 61 2 9262 6044 | 1800 688 339

3.11 Changes to this Privacy Policy

3.11.1
RACDS may amend this Privacy Policy from time to time. The current version will be posted on our website and a copy may be obtained free of charge from our Privacy Officer.