FAIL (the browser should render some flash content, not this).
privacy policy

PRIVACY STATEMENT
ECAAS acknowledges and takes seriously its obligations under the Privacy Act 1998 (as amended by the Privacy Amendment Private Sector Act 2000). ECAAS is committed to the protection of personal privacy and has adopted a set of privacy principles based on the National Privacy Principles.

"ECAAS respects stakeholders' privacy at all times. When processing your application we may collect personal information for the primary purposes of providing a high level of customer service and assisting in the identification of other related products and services that may be required and are available from ECAAS.

As we value your privacy we do not make your personal information available to other organisations without your explicit consent, and you have the right to gain access to your information at any time. For more information please feel free to Contact Us."

POLICY
This policy sets out the ECAAS Privacy Protection Principles. These are the principles that ECAAS has adopted in order to protect information about companies, organisations and party's. These principles deal with the collection, use and disclosure of personal information, as well as access to information and intrusion issues. It also sets out the principles that ECAAS will adopt when considering the introduction of new technology or services.
The principles comply with the National Privacy Principles.
Where ECAAS agents or contractors are required to refer to this document, references to 'ECAAS' are to be taken to include references to those agents or contractors.
The ECAAS Privacy Protection Principles are:

Principle 1 - Collection
ECAAS will only collect personal information that is necessary for one or more of its functions or activities.
ECAAS will only collect information by lawful and fair means.
At or before the time (or, if that is not practicable, as soon as practicable thereafter), ECAAS collects personal information about any party; ECAAS will take reasonable steps to ensure that the party is aware of:
1. the identity and contact details of ECAAS;
2. the fact that the party is able to gain access to the information;
3. the purposes for which the information is collected;
If is reasonable and practicable to do so, ECAAS will collect information about any party only from that party.
If ECAAS collects information about any party from a third party, ECAAS will take reasonable steps to ensure that the party is or has been made aware of the matters listed above except to the extent that making the party aware of the matters would pose a serious threat to the life or health of any party.

Principle 2 - Use & Disclosure
ECAAS will only use or disclose information about any party for a purpose other than the primary purpose of collection (a secondary purpose) if:
1) both of the following apply:
a. the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; b. the party would reasonably expect ECAAS to use or disclose the information
2) the party would reasonably expect ECAAS to use or disclose the information for the secondary purpose; or
3) the party consented to the use or disclosure; or
4) the information is not sensitive information, the use of the information is for the secondary purpose of direct marketing and the party has not made a request to ECAAS not to receive direct marketing.
5) ECAAS reasonably believes that the use or disclosure is necessary to lessen or prevent:
a. a serious and imminent threat to a party's life, health or safety; or
b. a serious threat to public health or public safety; or
6) the use or disclosure is required or authorised by or under law; or
7) ECAAS reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or
on behalf of an enforcement body:
a. the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a low imposing a penalty or sanction or breaches of a prescribed law;
b. the enforcement of laws relating to the confiscation of the proceeds of crime;
c. the protection of the public revenue;
d. the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
e. the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.

Principle 3 - Date Quality
ECAAS will take reasonable steps to make sure that the information it collects, uses or discloses is accurate, complete and up-to-date.

Principle 4 - Data Security
ECAAS will take reasonable steps to protect the information it holds from misuse and loss and from unauthorised access, modification or disclosure.
ECAAS will take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.

Principle 5 - Openness
ECAAS will make this document available to any party. On request by any party, ECAAS will take reasonable steps to let the party know, generally, what sort of information is held, for what purposes, how it is collected, uses and disclosures of that information.

Principle 6 - Access and Correction
If ECAAS holds personal information about any party, it will provide the party with access to the information on request by the party, in a form or manner suitable to the party's reasonable needs, except to the extent that:
a) in the case of personal information other than health information, providing access would pose a serious and imminent threat to the life or health of any party; or
b) in the case of health information - providing access would pose a serious threat to the life or health of any party; or
c) providing access would have an unreasonable impact upon the privacy of other parties; or
d) the request for access is frivolous or vexatious; or
e) the information related to existing or anticipated legal proceedings between ECAAS and the party, and the information would not be accessible by the process of discovery in those proceedings; or
f) proving access would reveal the intentions of ECAAS in relation to negotiations with the party in such a way as to prejudice those negotiations; or
g) proving access would be unlawful; or
h) denying access is required or authorised by or under law; or
i) proving access would be likely to prejudice an investigation of possible unlawful activity; or
j) proving access would be likely to prejudice:
i. the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
ii. the enforcement of laws relating to the confiscation of the proceeds of crime; or
iii. the protection of the public revenue; or
iv. the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
v. the preparation for, or conduct of its orders; by or on behalf of an enforcement body; or
k) an enforcement body performing a lawful security function asks ECAAS not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
If ECAAS holds personal information about any party and the party is able to establish that the information is not accurate, complete and up-to-date, ECAAS will take reasonable steps to correct the information so that it is accurate, complete and up-to-date.
If the party and ECAAS disagree about whether the information is accurate, complete and up-to-date, and the party asks ECAAS to associate with the information a statement claiming that the information is not accurate, complete or up-to-date, ECAAS will take reasonable steps to do so.
ECAAS will provide reasons for denial of access or a refusal to correct personal information.

Principle 7 - Identifiers
Except as specifically authorised under the Privacy Act, ECAAS will not adopt as its own identifier of any party an identifier of the party that has been assigned by:
a) an agency; or
b) an agent of an agency in its capacity as agent; or
c) a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.

Principle 8 - Anonymity
Wherever it is lawful and practicable, parties will have the option of not identifying themselves when entering transactions with ECAAS. However, in most cases it will not be practicable for ECAAS to provide products and services without requiring customer identification.

Principle 9 - Transborder Data Flows
ECAAS will transfer personal information about a party to someone (other than ECAAS or the party) who is in a foreign country only if:
a) ECAAS reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to ECAAS's Privacy Protection Principles; or
b) the party consents to the transfer; or
c) the transfer is necessary for the performance of a contract between the party and ECAAS, or for the implementation of pre-contractual measures taken in response to the party's request; or
d) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the party between ECAAS and a third party; or
e) all of the following apply:
i. the transfer is for the benefit of the party; and
ii. it is not practicable to obtain the consent of the party to that transfer; and
iii. if it were practicable to obtain such consent, the party would be likely to give it; or
f) ECAAS has taken reasonable steps to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with ECAAS' Privacy Protection Principles.

Principle 10 - Sensitive Information
ECAAS will not collect Sensitive Information about any party unless:
a) the party has consented; or
b) the collection is required by law; or
c) the collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any party, where the party whom the information concerns:
i. is physically or legally incapable of giving consent to the collection; or
ii. physically cannot communicate consent to the collection; or
d) the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.

New Services and Developments
ECAAS will consider the privacy impact of new business processes and services before they are introduced.

Compliance Audit
ECAAS will maintain a periodic review process to ensure its Privacy Protection Principles and policies remain appropriate and the ECAAS operated in compliance with those Principles and policies.

Policy Complaints
All complaints under this policy will be treated seriously, dealt with promptly in a confidential manner and may not be used to affect the provision of any goods or services either requested or contracted to be supplied to the complainant.
Complaints under this policy are those that relate to collection of personal information or how it is collected, stored, used or disclosed. All staff undertake training on privacy and the person receiving the complaint will attempt to resolve the complaint, forwarding information on actions taken to the Director. Complaints will be recorded and reported in the Compliance Report to the Board.
Complaints concerning the privacy practices or about how personal information is managed may be forwarded at any time to the Director.

Copyright 2001. All Rights Reserved. ECAAS.