Our Privacy Commitment
Last updated 18.02.2021
- Radiology Across Borders Ltd, ACN 164 736 850 (RAB) is committed to managing your personal information openly and transparently and to keeping your personal information safe. We will take all necessary measures to fulfil this commitment, including to:
- comply with the Australian Privacy Principles (APPs);
- ensure that we manage your personal information openly and transparently;
- only collect personal information from you that we need in order to:
- provide you with our online services such as processing your applications for volunteering or mentoring opportunities with RAB and the provision of information, materials, resources or seminars (produced by RAB or third parties);
- to facilitate any payment of any access to services or courses provided by or endorsed by RAB, corporate sponsorships, donations or RAB merchandise;
- fulfil or respond to any of your queries, questions, requests or comments;
- offer you the best possible customer service and experience;
- tell you how we might use your personal information;
- let you know if we need to disclose your personal information to anyone else (including anyone overseas) and if so, in what circumstances this might occur;
- keep your personal information secure;
- respond promptly and appropriately to any incident where your personal information may be compromised, including where your personal information is lost, or subject to unauthorised access, modification, use or disclosure or other misuse;
- promptly respond to any request by you not to receive direct marketing material from us;
- make sure your personal information is kept accurate and up to date and to properly dispose of any personal information which is no longer required by us; and
- ensure that, where appropriate, you can access and correct your personal information.
About this Policy
- This policy is intended to explain clearly and in plain language some of the key processes and procedures that we have implemented to manage your personal information, to protect your privacy and to comply with the Privacy Act 1988 (Act) and the APPs.
- References to "RAB", "our", "us" and "we" in this policy are references to Radiology Across Borders Ltd, ACN 164 736 850.
- If you require further information regarding our privacy policies, you are welcome to contact us or to read any of the privacy statements or notices that will be issued to you as and when personal information is collected.
What sorts of personal information do we collect?
- We will only collect from you information that is necessary and relevant to our relationship with you, including to enable us to fulfil your request or to provide to you the best possible customer service and experience.
- Depending on the exact nature of our relationship with you and the type of services or products you request from us, we may request that you provide some or all of the following information:
- information that we may require to initially identify you, including but not limited: to your full name (or the name and identification details of your business), age, date of birth and job title;
- information that we can use to contact you, including but not limited to:
- personal or business telephone numbers, mobile numbers;
- personal or business email address;
- personal or business mailing address; and
- personal or business social media account names, such as your Instagram handle, Facebook username;
- information that we will require when registering you as a user of our website and opening an account on our website for you, including but not limited to:
- personal details, such as full name (or the name and identification details of your business), job title and any identification documents; and
- contact details, such as your telephone, mobile number, email address and mailing address;
- information that we may require when processing your volunteering or mentoring applications with RAB, such as work related details, including your qualifications and certifications and employment experience or history;
- information that may be relevant in processing sponsorship, donations and payments through our platform;
- any other information that may be relevant to processing your requests for our services or products or to answer any questions you may have in relation to our services or products including but not limited to information such as further contact details and your availabilities;
- information that may be used for statistical purposes, or to improve our performance, offering, social media accounts or the RAB Website, including but not limited to your IP address and the operating system and internet browser you are using to access the RAB Website, the date and time of your visit of the RAB Website, the actions and interactions undertaken on the RAB Website e.g. any shares or comments for posts, the pages you have accessed on the RAB Website, the previous searches conducted by yourself through the RAB Website (if any), and previous services or products provided to you through our RAB Website (if any).
- information that may be used to assess your suitability for a staff or contractor position that we have advertised or offered.
- The information we require from you will depend on the specific services or products that we are providing to you. We will only collect personal information from you that we reasonably require in order to fulfil your request or satisfactorily provide products or services that you require from us.
- The Act places restrictions on us collecting sensitive information about you (which includes information about your religion, political views, ethnicity, criminal records and sexual preferences). Generally we will not collect this type of information, however we may need to collect some sensitive information if you are applying for a volunteering opportunity with us, and you have provided us with your consent to do so.
Why do we require your personal information?
- There are various reasons why we might need to collect, hold, use or disclose your personal information and this will depend upon the specific products or services that we are providing to you but we will tell you the main reason for asking for your personal information at the time when we ask you to provide it.
- Usually, the main reason that we will need to collect your personal information will be relating to a product or service that we are providing to you or are about to provide to you and for contacting you in relation to those products or services. Our main reason for collecting your personal information will also revolve around providing support to you and/or processing any of your queries or requests for our services or products.
- We may also use your personal information for other reasons, including:
- to register you as a user of the RAB Website and to open an account on the RAB Website for you;
- to contact you in relation to information, materials, resources or seminars (produced by RAB or third parties) or a new range of services or products which you may be interested in;
- to email any news, updates, notifications or marketing material related to RAB;
- to enforce any of our other RAB policies;
- preventing fraud and other criminal activities;
- to assist us to run our business and to improve our performance, offering, social media accounts or the RAB Website including for staff training, accounting and auditing, risk management, record keeping, archiving, systems development, developing new products and services and undertaking planning, research and statistical analysis and data analytics; and
- to comply with our legal obligations.
- There is no obligation for you to provide us with any of your personal information but if you choose not to provide us with your personal information, we may not be able to satisfy any requests or to provide the information or the products or services that you require.
How do we collect your personal information?
- The means by which we collect your personal information will depend on the nature of the services that we are providing to you.
- We may collect your personal information:
- directly from you, either in person, via email or our RAB Website or any other social media platforms or over the phone; and
- from publicly available sources, for example, the professional registration bodies, the telephone directory or from third parties including but not limited to third party service providers or other third party websites, social media accounts or apps.
- We will always collect your personal information directly from you unless it is impracticable to do so.
Collecting and disclosing personal information about others
- Wherever possible, we will collect personal information directly from the relevant individual to whom that information relates.
- You represent and warrant to us that where you provide personal information to us about another person:
- you are authorised to provide that information to us;
- you have obtained the express consent of the individual to disclose their personal information to us for the use of that personal information by us, including for the purposes outlined in this policy;
- you have complied with the Privacy Act, including the APPs in collecting that personal information, including by making all relevant notifications required under APP 5 in relation to our use of their personal information; and
Unsolicited personal information
How do we use or disclose your personal information?
- We may use and disclose your personal information for the purposes for which it was collected or for a related purpose such as:
- to consider your request for our services or products;
- to enable us to provide our services or products to you;
- to carry out, or respond to, your requests or questions;
- to enforce our policies;
- to our third party service providers, including but not limited to:
- any third party suppliers or couriers who we may engage to procure the services or products requested by you;
- any third party payment platform integrated via the RAB Website and which will assist with facilitating, processing and collecting payments from you; and
- any other third party service providers who assist us in providing, and improving, our services to you, and to analyse market trends and better understand your needs or to develop, improve and market our products and services to you;
- for regulatory reporting and compliance with our legal obligations;
- to relevant third parties to undertake checks, including but not limited to fraud and police checks;
- to various courts, tribunals, regulatory bodies and law enforcement officials and agencies as required by law, including but not limited to protecting against fraud and for related security purposes, or to establish or exercise our right to defend against legal claims;
- to respond to any claims that content which you submitted violates the rights of any other person;
- to protect the rights of any person;
- to perform administrative and operational tasks (including risk management, systems development and testing, staff training and collecting debts);
- to use in direct marketing of promotions, offers, deals, products and services that we, or our third party service providers, think may be of interest to you;
- to seek your feedback in relation to our products or services, customer satisfaction and our relationship with you and to manage any customer complaints;
- to companies or entities related to us for any of the purposes referred to in this policy;
- to our partners, where from time to time, we may partner with other companies, not for profit organisations or associations to provide co-sponsored or co-branded services or products and may share your information with our co-sponsor;
- to any third party suppliers who we engage to assist with providing our services or products to you;
- to another company and its related entities, in the event that we, our social media accounts, our RAB Website or a related asset or line of business is acquired by or transferred to that other company;
- to monitor or improve the quality and standard of products and services that we provide to you;
- to consider any concerns or complaints you may raise against us;
- to our employees, insurer, third party contactors or to our sponsors on a confidential basis;
- to our agents, successors and/or assigns;
- to companies or entities who we are acting as agent or publisher, such as societies or our affiliated companies;
- to any person as authorised by you;
- to better understand your preferences; and
- where such a disclosure is permitted under the Act.
Do we share your personal information with others?
- We deal with third party service providers who may assist us with a variety of functions including but not limited to research and marketing, mail and delivery, security, insurance, professional advisory (including legal, accounting and auditing advice), banking, payment processing, checks conducted regarding individuals, e.g. fraud or police checks, or technology services.
- Wherever possible, we will limit the information provided to independent third parties to that information required for those third parties to properly perform their functions.
Do we use your personal information for marketing purposes?
- As part of the products or services that we provide to you, we may:
- use personal information that we have collected about you to identify services or product that may benefit you;
- contact you from time to time to let you know about a service or product or event that we believe you might be interested in; and
- disclose your personal information to any third parties or to any entities or companies related to us to enable them to tell you about a product or service that you might be interested in.
- Where we intend to use your personal information for direct marketing purposes, we will seek your consent to do so prior to using your personal information.
- You can opt-out, unsubscribe or make a request not to receive direct marketing communications from us, by calling. Additionally, each direct marketing communication will include an opt-out or "unsubscribe" option which will immediately indicate to us that you no longer wish to receive communications of this kind. Once you have made a request or indicated that you no longer wish to receive any direct marketing communications from us, we will remove you as soon as practicable from our mailing lists.
- You may make a request that we do not disclose your personal information to facilitate direct marketing by another organisation and you may request that we provide you with the source of any personal information we use for direct marketing purposes. Any such requests will be actioned within a reasonable period of time and there will be no charges to you for making, or to you from us actioning, such requests.
How do we store your personal information?
- We have implemented appropriate processes and techniques to protect personal information from loss, misuse and interference and from unauthorised access, modification or disclosure. In addition, access to your personal information is limited to those who specifically need it to conduct their responsibilities.
- We take all necessary steps to destroy or permanently de-identify your personal information where it is no longer required and to protect your personal information from loss, misuse and interference and from unauthorised access, modification or disclosure.
- While care is taken to protect your personal information, unfortunately no data transmission over the internet is guaranteed as 100% secure. Accordingly, we cannot ensure or warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email as we have no way of protecting that information until it reaches us. Once we receive your personal information, we are required to protect it in accordance with the Act.
What if there is a breach in relation to my personal information?
- We take breaches of your privacy very seriously. In the event that there is a data breach relating to personal information that we hold about you, such as loss of, unauthorised access to, or unauthorised disclosure of, the information (Data Breach), we will take immediate steps to contain and remedy any effects of the Data Breach in consultation with the RAB Board. Where required under the Act, we will notify both you and the Office of the Australian Information Commissioner (OAIC) of the Data Breach.
Maintaining your personal information
- We take reasonable steps to ensure that:
- the information that we collect about you is accurate, complete and up-to-date at the time of collection;
- when we use your personal information, it is accurate, up-to-date, complete and accurate at the time of use; and
- if we disclose your personal information, it is accurate, up-to-date, complete and accurate at the time of disclosure.
- You warrant that all information that you provide to us is accurate, complete and up to date at the relevant time.
Will we disclose your personal information to anyone overseas?
- There may be circumstances where we need to disclose your personal information to a third party located overseas (Overseas Recipient). This may occur, for example, where we engage service providers located overseas and they require your personal information to assist us.
- Prior to disclosing your personal information to an Overseas Recipient, APP 8.1 requires that we will take all reasonable steps to ensure that the third party recipient of your information complies with the APPs (other than APP 1) in relation to your information, or that the third party recipient is bound by laws that offer you at least as much protection as the APPs and that you are able to enforce your rights under those international laws in the event of any breach unless an exception applies (the Overseas Disclosure Obligations).
- We will take all reasonable steps to satisfy our Overseas Disclosure Obligations.
How can you access your personal information?
- Where you request access to your personal information, we will respond to any such request in accordance with the Act.
- We may recover from you our reasonable costs of supplying you with access to your personal information but we will not charge you for any request you might make to access your information.
How can you seek to correct your personal information?
- We will respond to any requests regarding the correction of your personal information within a reasonable period after the request is made and in accordance with the Act.
- We will not charge you for any request to correct your personal information, nor will we pass on to you any costs incurred by us in correcting your personal information or for associating a statement with your personal information.
What if you want to make a complaint about some aspect of our privacy procedures?
- If your personal information has not been handled in an appropriate way, we will do our best to remedy your concerns as quickly as possible.
- If your complaint is not satisfactorily resolved, you may approach an external dispute resolution service or apply to the OAIC to have the complaint heard and determined.
Protecting your identity
- Wherever it is practicable, we will always provide you with the option not to identify yourself when dealing with us. Alternatively, you may elect to use a pseudonym to protect your identity. However, if you choose not to identify yourself or to use a pseudonym, it may be more difficult or impossible for us to assist you with your enquiry.
Changes and exemptions to this policy
How can you contact us?
- Please find below our contact details. Please do not hesitate to contact us in relation to any privacy-related concerns and we will use our best endeavours to address any such concerns thoroughly and in a timely manner.
- If it is practical to do so, you can contact us without identifying yourself. However, if you choose not to identify yourself, it may be more difficult or impossible for us to assist you with your enquiry. This will depend on the nature of your enquiry.
Express consent to collection, storage, use and disclosure
Additional information and rights for individuals located in the European Union
- The GDPR has harmonised data privacy laws of each individual European Union country. Australian entities, including RAB, may also be required to comply with the GDPR if they offer services or products in the European Union, or if they monitor behaviour of individuals in the European Union.
This means that if you are located within the EU and are accessing the RAB Website or any of the services or products provided by RAB via the RAB Website, RAB is required to provide you with additional information about how we collect, use, share and store your personal information as well as advising you of your rights under the GDPR.
What Personal Data do we collect?
How do we collect and use your Personal Data?
- Please refer to:
The GDPR only permits RAB to collect and use your Personal Data if we have a valid and lawful reason to do so. These valid and lawful reasons are outlined below.
- Contractual obligation
We may use your Personal Data to fulfil a contract with you. For example, this may include:
- where you purchase RAB merchandise; or
- where you sign up and wish to pay for courses which are provided by RAB or endorsed by RAB.
- In connection with our legitimate interests in carrying on our business
We may use your Personal Data for our legitimate interests. Our legitimate interests may include:
- to manage RAB's business and commercial risks;
- to enable us to provide services and products requested by you, such as the access of resources materials and seminars available on the RAB website or to process applications submitted by you in relation to volunteering or mentoring opportunities offered by RAB;
- to enable our partners or any third party members to deliver services and products to you;
- identifying opportunities to improve RAB's service or products to you and improving our service or products to you; or
- to contact you regarding your Personal Data (e.g. to verify you prior to making request changes to your Personal Data, to ask for your consent regarding the collection of your Personal Data or to ensure our records of your Personal Data are up-to-date).
- Under a legal obligation
We may also use your Personal Data where RAB is required by applicable laws, regulations or codes. This may include laws and regulations regarding the screening of professionals and their relevant credentials/qualifications or past work experiences/history prior to accepting your volunteering application (e.g. working with children checks or police checks).
- With your consent
The GDPR provides additional protections for special categories of Personal Data e.g. racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, biometric data, data related to your health, sex life or sexual orientation. We will only collect and process such personal data with your explicit consent (unless otherwise permitted under the GDPR).
How do we store your data?
- The Personal Data held by us will be stored electronically in cloud based data delivery networks owned by Google, Google Cloud (located in Sydney) and Amazon (AWS).
- If any Personal Data is located outside the European Union, RAB will ensure that your Personal Data is protected to an equivalent or higher standard than the GDPR e.g. by entering into model contractual clauses (recommended by the European Commission) with the recipient of your Personal Data outside of the European Union.
- RAB will keep your personal data submitted via web forms or emails for up to 10 years. Once this time period has expired, RAB will delete your Personal Data by removing any personal information held for longer than 10 years on an annual basis. You may at any time request that we delete your Personal Data held by us (please refer to paragraph 69 to 76 - "What are your data protection rights as a Data Subject").
What are your data protection rights as a Data Subject?
- Right of access by the data subject
- You may request access to any of your Personal Data held by RAB. Unless otherwise requested by you, we will provide your Personal Data in an electronic form. If you require further copies of your Personal Data, we may charge a reasonable fee based on administrative costs for providing those additional copies.
- RAB is not required to provide access to your Personal Data if it will adversely affect the rights and freedoms of others. If this occurs, we will write to you to explain why we are unable to provide you with access to your Personal Data.
- Right to rectification
- You have the right to rectification of your Personal Data held by RAB which is inaccurate or incomplete.
- We will notify you once your Personal Data has been rectified.
- Right to erasure ("Right to be forgotten")
- You may request the erasure of your Personal Data held by RAB, under certain conditions (e.g. if the Personal Data is no longer required, if you revoke your consent).
- We will notify you once your Personal Data has been erased.
- There may be situations where we are required to hold your Personal Data (e.g. for reasons of public interest or for compliance with a legal obligation). RAB will let you know if any one of these situations apply.
- Right to restriction of processing
You have a right to ask RAB to restrict our use of your Personal Data, in certain circumstances (e.g. if the accuracy of the Personal Data is contested or if the processing of the Personal Data is unlawful).
- Right to data portability
- In certain circumstances you have a right to request for a copy of your Personal Data in a structured, commonly used and machine read-able format (e.g. where the processing of your Personal Data is by automated means).
- RAB is not required to provide access to your Personal Data if it will adversely affect the rights and freedoms of others. If this occurs, we will write to you to explain why we are unable to provide you with access to your Personal Data.
- Right to object
In certain circumstances you also have the right to object to the processing of your Personal Data.
- Rights in relation to automated decision making and profiling
We are unlikely to use systems which will make automated decisions based on Personal Data we have collected from you or other sources. However, in the event that we do, you have the right to ask that we do not make decisions based on an automated score or an automated decision and that a person reviews the Personal Data.
- If you have a complaint regarding how we handle your Personal Data, please refer to our process outlined paragraph 48 to 50.
- If your complaint is not satisfactorily resolved, as an individual located in the European Union, you are entitled to make a complaint to the relevant data protection authority in the place you reside or where you believe we may have breached your rights.