APP 1 |
Open and transparent management of personal information |
Ensure we manage personal information in an open and transparent way. This includes having a clearly expressed, and up to date, APP privacy policy. |
APP 2 |
Anonymity and pseudonymity |
Requires us to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply. |
APP 3 |
Collection of solicited personal information |
Outlines when we can collect personal information that is solicited. It means we apply higher standards to the collection of sensitive information. |
APP 4 |
Dealing with unsolicited personal information |
Outlines how we must deal with unsolicited personal information. |
APP 5 |
Notification of the collection of personal information |
Outlines when and in what circumstances we collect personal information must tell an individual about certain matters. |
APP 6 |
Use or disclosure of personal information |
Outlines the circumstances in which we may use or disclose personal information that we hold. |
APP 7 |
Direct marketing |
We may only use or disclose personal information for direct marketing purposes if certain conditions are met. |
APP 8 |
Cross-border disclosure of personal information |
Outlines the steps we must take to protect personal information before it is disclosed overseas. |
APP 9 |
Adoption, use or disclosure of government related identifiers |
Outlines the limited circumstances when we may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual. |
APP 10 |
Quality of personal information |
We must take reasonable steps to ensure the personal information we collect is accurate, up to date and complete. We must also take reasonable steps to ensure the personal information we use or disclose is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure. |
APP 11 |
Security of personal information |
We must take reasonable steps to protect personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, or disclosure. We have obligations to destroy or de-identify personal information in certain circumstances. |
APP 12 |
Access to personal information |
Outlines our obligations when you request to be given access to personal information held about you by us. This includes a requirement to provide you access unless a specific exception applies. |
APP 13 |
Correction of personal information |
Outlines our obligations in relation to correcting the personal information it holds about you. |