The RISQ Group has adopted the National Privacy Principles contained in the Privacy Amendment (Private Sector) Act 2000 ("the Act"), as a basis in which it collects, uses and disposes of personal information that comes into its possession.

Collection

RISQ will only collect personal information that is needed for it to operate its business activities effectively. RISQ will always endeavour to obtain personal information directly from the individual concerned. When this is impracticable or not reasonable, it will collect personal information fairly and by lawful means and without being unreasonably intrusive. In collecting personal information, RISQ will take reasonable steps to ensure the individual knows:

• that it is RISQ that is collecting the information
• why the information is being collected
• who will receive the information in normal circumstances
• any legal requirements governing the information
• how they can access the information held on them by RISQ
• and what the consequences would be if the individual did not provide the information sought unless precluded from doing so under the provisions of the Act or by any other law.

Use and Disclosure

RISQ will only use or disclose personal information for the purpose(s) originally explained when the information was collected and for any related purpose that would reasonably be expected by both the individual concerned and RISQ. If RISQ uses personal information it holds for direct marketing of its products or services, it will always provide the individual the opportunity at the point of first contact and at any time afterwards at the individuals request to decline receipt of any further marketing information. Otherwise, RISQ will neither use nor disclose personal information without the person's consent, unless:

• Required for health or other emergency reasons
• To investigate suspected fraud or unlawful activity
• It is required or authorised by law It is required for law enforcement

Data Quality

RISQ will take reasonable steps to ensure that the personal information it uses is accurate, complete and up-to-date.

Data Security

RISQ will take reasonable steps to protect all personal information in its possession, to ensure integrity of the information and that it is only accessed by on the express authority of RISQ. Personal information that is no longer needed by RISQ nor required to be held by law will be destroyed by secure means, or deidentified so that the data cannot be traced back to the person to whom it relates to.

Openness

RISQ will place this policy on its website. Printed copies of this policy will be made available on request at RISQ's registered office.

Access and Correction

In order to view personal information held on them, a person on whom RISQ holds personal information may apply in writing to the:

Privacy
GPO BOX 2639
Sydney NSW 2001
Australia

RISQ will take reasonable steps to confirm the identity of the person making the request and will respond within 14 days of receiving the request. However, where the request is more complex or time consuming to comply with, RISQ will provide access to the information requested within 28 days.

RISQ reserves the right to deny access to personal information if providing access:

• could pose a possible threat to life or health
• could cause an unreasonable impact on the privacy of others
• would be in response to a frivolous or vexatious request
• relates to existing or anticipated legal proceedings which could be prejudiced as a result
• relates to existing or anticipated commercial negotiations involving RISQ, and RISQ's legitimate commercial interests could be prejudiced as a result
• is in any way unlawful
• could in any way prejudice law enforcement or security
• could prejudice the prevention, detection or investigation of seriously improper conduct, either within or external to RISQ's operations

RISQ reserves the right to give the individual an explanation for any decision made rather than direct access to the relevant information if giving access to personal information involves revealing evaluative information generated within RISQ in connection with a commercially sensitive decision making process.

Where there is disagreement about direct access or where direct access to personal information is impractical or inappropriate, RISQ will discuss the possible use of a mutually acceptable intermediary.

If an individual advises RISQ that personal information held on them is inaccurate, incomplete or not up to date, RISQ will take reasonable steps to update the information accordingly.

RISQ reserves the right to levy a reasonable charge to meet the costs of providing access to personal information, although there will be no charge for the act of making the request for access.

RISQ will endeavour to provide reason(s) for denial of access to or correction of personal information it holds unless precluded from doing so by the provisions of the Act or any other law.

Identifiers

RISQ will not use an identifier assigned to an individual by a Government Agency ("the Agency") as its own identifier; nor will it provide such an identifier to a third party without the individual's consent, unless:

• disclosure is necessary for RISQ to fulfill its obligations to the Agency
• it is required for health or other emergency reasons
• it is required to investigate suspected fraud or unlawful activity
• it is required or authorised by law it is required for law enforcement

Anonymity

Where lawful and practical, RISQ will give individuals the option of not identifying themselves when dealing with the company.

Transborder Data Flows

RISQ will not transfer personal information outside Australia without the consent of the individual unless:

• RISQ reasonably believes that the recipient of the information is subject to a law, binding scheme or contract providing substantially similar protection of personal information as provided for under Australia 's National Privacy Principles.
• The transfer is necessary for the performance of a contract between RISQ and the individual, or for the implementation of pre-contractual measures taken in response to the individual's request.
• The transfer is necessary for the performance or conclusion of a contract between RISQ and a third party that is in the interests of the individual concerned.
• The transfer is for the benefit of the individual; it is impractical to obtain the individual's consent and, if it was, the individual would be likely to give it.
• RISQ has taken reasonable steps to satisfy itself that the recipient of the information will manage the information consistent with this policy.

Sensitive Information

RISQ will not, without the consent of the individual, collect information concerning that individual's racial or ethnic origins; political opinions; membership of a political, professional or trade association or trade union; philosophical or religious beliefs or affiliations; sexual preferences or practices or health information unless:

• It is required by law
• It will prevent or lessen life or health threatening situations and it is not possible or practical to gain the individuals consent
• The collection is necessary in relation to a legal or equitable claim.

Website

Reading or downloading materials from RISQ's website(s) will not identify you personally; the information we receive is statistical. RISQ's website like many other commercial websites may collect the following information during your visit:

• The fully qualified domain name from which you accessed our site, or alternatively your IP address;
• The date and time you accessed each page on our website
• The URL of and webpage from which you accessed our site ("the referrer"),
• The web browser you are using and the RISQ web pages you accessed.

This information will be used by RISQ to administer and improve the website.

RISQ does not use cookies to connect your personal identity with your computer address or to track the navigational or browsing habits of identified visitors.

A cookie is a very small text file placed on to your computer when you visit a website. At some places in the site, "cookies" may be used to enhance your online experience. The cookie is not used to collect or store information about the user, only to allocate a temporary identifier to the session. Most browsers now recognize when a "cookie" is offered, and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer or your Internet service provider.

When you elect to contact us with a comment or request for information, we may preserve the details you have input and make it available to the appropriate RISQ staff member for the relevant action to be taken.

Complaints

Complaints concerning any aspect of RISQ's management of an individual's personal information may be directed in writing to:

The Privacy Officer
GPO BOX 2639
Sydney NSW 2001
Australia