Australian Pork Limited (ABN 83 092 783 278)
A. Privacy Statement
The Privacy Act 1988 (Cth) (“Privacy Act”) defines personal information as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not (“Personal Information”). The Privacy Act imposes obligations on Australian Pork Limited (“APL”, “we”, “us” or “our”) relating to the collection, storage, access, use and disclosure of Personal Information. In general terms, Personal Information is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered Personal Information.
By providing Personal Information to APL about any other person, you agree that:
- you have made that person aware of the matters of which they are entitled to be made aware under the Privacy Act or the Privacy Principles contemplated by the Privacy Act;
- APL may contact that person without notifying you; and
- APL may disclose to that person your identity, and the fact that you have disclosed personal information about that person to APL.
1 Means of collecting Personal Information
- APL collects information directly from you, including by collecting information directly from you during your transactions with us.
- APL collects information when you contact us by telephone, by email, through the “contact us” electronic form on our websites, at APL events, complete APL application forms, or enter into licensing, contracting or other arrangements with APL, such as for PigPass and PigPass NVDs, APIQü®, MI Pork, and other APL programs.
- We may obtain information from other sources, such as people or organisations involved in the pork industry and State, Territory and Commonwealth government departments and agencies, but only where it is unreasonable or impracticable to obtain the information from the individual concerned. We may obtain personal information from government departments and agencies when they have already collected and aggregated the personal information of a number of individual’s as part of their responsibilities.
2 Types of Information that APL collects and holds
APL may collect the following Personal Information about you:
- your name;
- your mailing or street address;
- your email address;
- your telephone number;
- your facsimile number;
- your age or birth date; and
- your occupation or connection to the pork industry.
The types of persons that APL may collect Personal Information about includes:
- the contact details and other information (specific to pork cooking and purchasing behaviours) of pork consumers, preparers and people likely to purchase pork in the future;
- butchers, TAFEs, suppliers of butchers, and other people related to the meat butchering industry;
- chefs, waiters, suppliers and other people related to the foodservice sector;
- journalists, media personalities and food industry personalities;
- the legal owners of pigs;
- persons responsible for husbandry of pigs;
- persons in charge of the pigs while they are in transport;
- the receivers of a consignment of pigs;
- individuals who make a declaration about pigs, such as by signing a PigPass NVD or an APIQü® certification;
- quality assurance practices, NVD transactions, licenses or certification of any of the above mentioned individuals,
- the contact details of any the above mentioned individuals;
- levies paid and other transactions made by any of the above mentioned individuals;
- areas of interest to receive additional information (for example staff training, WH&S, industrial relations , food safety) of any of the above mentioned individuals; and
- businesses involved or otherwise connected with the pig industry including commercial information.
3 Purpose of collection
APL collects information for the purposes of:
- providing individuals and organisations with services and information about APL programs and activities;
- developing and delivering APL programs, including programs such as PigPass, APIQü® and MI Pork;
- conducting APL activities relating to quarantine and biosecurity, trade and market access, diseases and chemicals, environment, labour market, food safety and product integrity, animal health and welfare, including where these relate to national and international standards;
- enhancing the traceability of pigs from any point in the processing line back to their farm of origin;
- undertaking research, innovation, marketing, industry development, product development and policy development to further the Australian pork industry; and
- supporting the long term viability and otherwise providing services and support to members of the Australian pork industry.
4 Consequences of not providing information
If you do not provide the information referred to above APL may not be able to assist you by providing information, delivering services and/or including you in APL programs and activities.
5 Use of personal information
APL may use the information it collects:
- for the purposes for which the information was collected as identified in paragraph 3;
- to contact and disseminate information on the pig industry or pork products to you;
- for purposes reasonably related to those set out in paragraph 3;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and research purposes;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.
6 Disclosure of personal information
APL may disclose personal information to:
- our employees, contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you;
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes;
- any organisation for any authorised purpose with your express consent;
- the Australian Government’s Department of Agriculture;
- Commonwealth and State departments, and national and international bodies concerned with primary industries, agriculture, disease control, food quality, biosecurity and livestock traceability, animal welfare, environment, food safety and regulatory compliance;
- independent auditors that are engaged to audit and review pig producers’ compliance with APIQü® standards;
- certain members of the Australian pork industry where necessary (for example, the personal information of a breeder may be disclosed to other persons as part of the supply chain);
- organisations providing services to members of the Australian pork industry for the purposes of enabling such organisations to contact you in relation to products and services which may be of value to you. You may contact us, using the details listed below (under the heading “E – Further information”), if you do not wish to receive marketing offers from third party organisations; and
- APL’s service providers and advisers (on a confidential basis and use of the information will be limited to the purpose of APL’s business only) , including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants.
- use that personal information for the purposes for which it was disclosed;
- protect it at all times against unauthorised disclosure; and
7 Working with the Department of Agriculture
Personal Information collected by APL and provided to the Department is collected for the purposes of:
- the PigPass, APIQü® and MI Pork programs;
- conducting regulatory activities relating to quarantine and biosecurity, trade and market access, diseases and chemicals, environment, food safety and product integrity, animal health and welfare, including where these relate to national and international standards; and
- traceability of pigs from any point in the processing line back to their farm of origin.
Personal Information provided by APL to the Department may be used by the Department for these purposes and purposes reasonably related to those set out in section 3.
In addition to the list of recipients specified in section 6, Personal Information provided by APL to the Department may be disclosed by the Department to other Commonwealth, State or Territory agencies and relevant regulatory bodies.
If you would like to access Personal Information held by the Department, please contact the Department at Privacy, Department of Agriculture, GPO Box 858, Canberra ACT 2601.
8 Direct marketing materials
We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
9 Use and disclosure for other purposes
APL may use and disclose information:
- to lessen or prevent a serious threat to public health, public safety, animal heath, animal welfare, environment, biosecurity or food safety; or
- for the prevention, investigation, prosecution of criminal offences or seriously improper conduct; or
- where the disclosure is required or authorised by or under applicable laws.
10 Storage of personal information overseas
We generally store any personal information that we collect in electronic format on servers located within Australia.
However, if you are an APIQü® auditor and you use our ‘Muddy Boots’ system, then we may disclose your personal information to our third party supplier of this system, who is located in the United Kingdom. We only disclose your personal information to the extent necessary for you to be able to access and use the ‘Muddy Boots’ system. We take reasonable steps to ensure that our third party supplier does not breach privacy obligations relating to your personal information.
11 Our website
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
12 Information Security and data quality
Our website uses Google Analytics to collect information on visitor patterns for the purpose of improving our website and services. The information gathered from Google Analytics is not used to identify any personal information about visitors.
APL takes all reasonable technical and physical security measures to protect information from loss, unauthorised access, modification, disclosure or other misuse. We strive to ensure the security, integrity and privacy of personal information that you submit to us through our website. Unfortunately, no data transmission over the Internet can be guaranteed to be totally secure. We endeavour to take all reasonable steps to protect the personal information you may transmit to us or from our online products and services. Once we do receive your transmission, we will also make our best efforts to ensure its security on our systems.
In addition, our employees and the contractors who provide services related to our information systems are obliged to respect the confidentiality of any personal information held by us.
We may hold your information in either electronic or hard copy form. APL will take all reasonable steps to destroy or permanently de-identify personal information it holds, if it considers that the information is no longer needed for its business purposes, to ensure that the information is not illegally accessible. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact APL (see details below).
13 Access to your personal information
If you wish to access your personal information held by APL, you may contact APL (see details below) to request access. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
14 Accuracy of your information
APL takes all reasonable steps to ensure that the information held by it is accurate, complete and up to date. If you believe that any of your personal information is inaccurate, please contact APL (see details below) to request the correction of your personal information. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it. .
15 What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact us using the contact information below and provide details of the incident so that we can investigate it. We will treat your complaint confidentially, investigate your complaint and aim to ensure that we contact you and your complaint is resolved within a reasonable time (and in any event within the time required by the Privacy Act, if applicable).
16 Sensitive Information
APL does not generally collect any sensitive information as that term is used in the Privacy Act (information relating to racial or ethnic origin, membership of political bodies, religion or trade unions, sexual preferences or activities, criminal record, state of health or medical history). APL will only collect sensitive personal information where required by law or where consent is given. Where any sensitive personal information is held by APL that information will only be used and disclosed by APL for the purposes for which it was provided. If APL asks for sensitive personal information, APL will explain that it is requesting the provision of such information.
B. Commercial Information
Some information collected by APL is of a commercial rather than personal nature. That is, it may include the name of a business or company rather than an individual, and/or refer to the size and/or quality assurance practices of that business or company.
APL publishes commercial financial information aggregated from a number of industry sources, often as industry averages. APL will maintain the confidentiality of any commercial information, subject to the terms of any applicable confidentiality agreement.
C. Notifiable Data Breaches
1 Eligible Data Breach
The Privacy Amendment (Notifiable Data Breaches) Act 2017 (the Amendment Act) defines an “eligible data breach” as unauthorised access or disclosure of information, or loss of information, that a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates.
To determine whether access, disclosure or loss of information would likely result in serious harm to any of the individuals involved, we will consider factors such as:
- the kind of information;
- the sensitivity of the information;
- whether the information is protected by one or more security measures;
- if the information is protected by one or more security measures – the likelihood it could be overcome;
- the kind of persons who could obtain the information;
- if a security technology or methodology was used in relation to the information and designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information;
- the likelihood that persons who obtained the information are likely to have the intention of causing harm to any of the individuals to whom the information relates in the form of circumventing the security technology or methodology; and
- the nature of the harm.
2 Suspected Eligible Data Breach
There may be reasonable grounds for us to suspect there has been a data breach and we will take all reasonable steps to carry out an assessment as soon as practicable (and within 30 days after we become aware of the suspected breach) as to whether or not the data breach is an eligible data breach.
3 Notification of Eligible Data Breach
If there are reasonable grounds for us to believe that there has been an eligible data breach, and no exception under the Assessment Act applies, then we will prepare a written statement including:
- a description of the eligible data breach;
- the kinds of information concerned; and
- recommendations about the steps that individuals should take in response to the eligible data breach.
If there is an eligible data breach of more than one entity, we will set out the details of those other entities in the manner described above.
We will provide this statement to the Office of the Australian Information Commissioner (the Commissioner) and (if required by the Amendment Act) we will then notify the contents of the statement to:
- each of the individuals to whom the relevant information relates; and
- individuals who are at significant risk from the eligible data breach.
If it is not practical to contact you in this way, we may publish the statement on our website.
4 Exceptions to an Eligible Data Breach
There are exceptions under the Amendment Act which may not require us to notify an individual/s of an eligible data breach. Examples include:
- where we have taken action before any serious harm occurs and, as a result of the action, a reasonable person would conclude the access or disclosure will not be likely to result in any serious harm;
- (if information is lost) where we have taken action before any unauthorised access or disclosure; or
- where the Commissioner has declared that we are not required to give any notification.
E. Further Information
For further information on APL’s privacy practices, or if you wish to access your personal information, have a complaint as you believe your privacy has been breached, or wish to update your details, please contact:
General Manager – Policy
Australian Pork Limited (ABN 83 092 783 278)
Ph: 02 6285 2200 (Toll Free: 1800 789 099)
F: 02 6285 2288