BLAIRGOWRIE YACHT SQUADRON
Reg. No. A0023156G ABN 64 825 467 219
- Blairgowrie Yacht Squadron Inc (“Club”) is required to collect, hold and use personal information relating to individuals (including, but not limited to, its members, customers, contractors, suppliers and employees) in the course of its activities.
- The Club may also, from time to time and as required by law, disclose your personal information to third parties in the course of its
- The manner in which the Club manages personal information is governed by the Privacy Act 1998 (Cth) (“Act”) and the Australian Privacy Principles (2014)(“APP”).
- This policy describes the way in which the Club manages the protection of personal information relating to individuals in the provision of its services and
- The definitions used in this policy are the definitions set out under section 6 of the
- Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or
- Sensitive information means any personal information about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade organisation, membership of a trade union, sexual orientation or practices, criminal record, and any health information about an individual regardless of whether it is personal information or not.
- An employee record is a record of personal information relating to the employment of an employee, including – but not limited to – information about engagement, training, disciplining, resignation, termination, salary, taxation, performance, hours, terms of conditions of employment and health
- Unsolicited personal information is personal information that the Club receives that it did not solicit, or personal information that the Club receives incidentally in the course of its
3. Application of this policy to employee records
- This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee
2900 Point Nepean Road, Blairgowrie, Victoria 3942, Australia Address correspondence to: PO Box 13, Blairgowrie Victoria 3942 Telephone: Office (03) 5988 8453 Fax: (03) 5988 0075
4. Functions of the Club
- The primary function of the Club is to provide services to enable Club members to use the facilities of the Club.
- Supporting functions include:
- Maintaining records relating to your use of these facilities
- Providing certain sailing or boating related services to members and the community
- Maintaining transactional records for accounting purposes
- Providing security of, access to and maintenance of the Club’s assets
- Providing whatever systems are necessary to enable the Club to comply with relevant legislation, such as Liquor Licensing Act
- The Club is required to provide you with the option of not identifying yourself or of using a pseudonym when dealing with the Club in relation to a particular matter, so long as it is practicable to do so.
- This does not apply where the Club is required by an Australian law or an order of an Australian court or tribunal to deal with individuals who have identified
- If you opt to remain anonymous or use a pseudonym in your dealings with the Club, the Club may not be able to respond to your requests or provide you with the services and activities that you are requesting.
6. Collection of personal information other than sensitive information
- The Club may collect personal information (other than sensitive information) if the information is reasonably necessary for one or more of its functions or activities.
- Where the member has a dependant who is a member, the member may provide information to the Club, and carry out any other actions in relation to this policy, on behalf of the dependant
- The following types of information about you that may be collected by the Club are:
- Member information including but not limited to:
- Date of birth
- Email address
- Phone numbers
- Financial transactions
- Credit card details (secured)
- Boat insurance information
- Qualifications relevant to boating and/or participation in Club activities
- Photo of member for identification purposes
- Historic records of interaction between you and the Club as a prospective member, current member or past member
- Customer information may include, but is not limited to:
- Member information including but not limited to:
- Date of birth
- Email address
- Phone numbers
- Financial transactions
- Historic records of interaction with the Club as a customer
- Supplier or contractor information may include, but is not limited to:
- Email address
- Phone numbers
- Financial transactions
- Historic records of interaction with the Club as a supplier or contractor
- Member guest
- Drivers licence details
- Closed Circuit Television (CCTV) provides 24-hour video surveillance, which monitors and records the activity of any individual accessing the Club’s facilities (excluding areas where privacy is necessary). This includes the interior and exterior of Club buildings, grounds, jetty, moorings and
- Computer records of member and authorised non-member access to certain areas of the Club’s facilities.
7. Collection of sensitive information
- The Club will only collect, hold, use and/or disclose sensitive information with the consent of the individual to whom the sensitive information relates, and only where reasonably necessary for one or more of the Club’s functions or activities.
- The exception is those situations where the collection, use, or disclosure of sensitive information is required by an Australian law or by an order of an Australian court or tribunal, and also in situations where the collection, use or disclosure is reasonably necessary to lessen or prevent a serious threat to the life, health and safety of any individual or to public health or safety, or in situations where the Club has reason to suspect unlawful activity or misconduct of a serious nature, or where the Club reasonably believes that the collection, use or disclosure is necessary in order to assist any entity, body or person to locate a person who has been reported as
8. Means of collection
- The Club must collect personal information only by lawful and fair means. The Club must collect personal information about you only from you unless it is unreasonable or impracticable to do
- The Club may collect personal information, other than sensitive information, which is reasonably necessary to perform any of the functions or activities of the Club (the primary purpose).
- This information may be collected by:
- Application forms or other documents provided by you and relating to the functions of the Club or the services you request
- Email or other form of correspondence
- Verbally, either in person or telephone
- Historic membership records
- Financial or other transactions
- The Club website
- CCTV Cameras located on the Club’s premises
- The Club’s access and security system
- Publicly available sources
9. Unsolicited personal information
- If the Club receives personal information and it did not solicit theinformation, the Club must, within a reasonable period after receiving the information, determine whether or not it could have collected the information as if it had solicited the
- If the Club determines that it could not have collected the personal information and the information is not contained in a Commonwealth record, the Club must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de- identified.
- Otherwise the APP apply in relation to the information as if the Club had collected the information under the
- When the Club collects personal information about you, the Club must take such steps (if any) as are reasonable in the circumstances to either notify you of such matters or ensure that you are made aware of the following;
- the identity and contact details of the Club;
- that the Club has collected personal information from someone other than you, or if you may not be aware that such information has been collected;
- that collection of personal information is required by Australian law, if it is, including details of that requirement;
- the purpose for which the Club collects the personal information
- the main consequences for you if some or all of the personal information is not collected by the Club ;
- any other third party to which the Club usually discloses the personal information;
- how you may complain about a breach of the APP, and how to deal with that complaint;
- whether the Club is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.
11. Use or disclosure of personal information
- The Club will not use or disclose any personal information collected for a particular purpose (the primary purpose) without your consent, unless you could reasonably expect that a secondary purpose is related to the primary purpose. A secondary purpose may be to enable a third party service provider to carry out works for the Club.
- The main purposes for which the Club may collect, hold, use and/or disclose personal information may include but are not limited to the
- Maintaining a register of members as required by the Club rules
- Maintaining a register a register of member boats as required by the Club rules
- Maintaining accurate accounting records of all financial transactions the club makes as required by the Club rules
- Maintaining a register of members and guests as required by the Victorian Licensing Act.
- Making declarations to Australian Sailing and its affiliated organisations for reasons associated with their Rules.
- The purpose of CCTV monitoring and recording is to provide a safe and secure work environment for BYS staff and visitors as well as members of the public. It also provides a deterrent to potential loss or damage to property and records any
- Video surveillance is only used to deter any form of aggressive, harmful or unlawful behaviour and to assist in identifying offenders. Should an incident occur, the recordings may be provided as evidence to law enforcement authorities, such as the police to assist with investigations or enquiries. CCTV and video footage is not used to monitor staff or members. However, it may be used to investigate allegations of serious misconduct by staff or
- Circumstances under which recordings will be shown to a third party include, unlawful acts (police), occupational health and safety complaints (eg Workplace Health & Safety Officer and BYS’s Insurer), and when otherwise required by law (eg court order).
12. Direct marketing
- The Club will from time to time inform members of products or services that are available to
- The Club is permitted to use or disclose personal information for the purposes of direct marketing, if:
- the information was collected from you;
- you would reasonably expect the organisation to use or disclose the information for the purpose of direct marketing; and
- the Club provides a simple means by which you may request not to receive direct marketing communications from the organisation and
- you have not made such a
- To opt out of receiving direct marketing communications from the Club you can advise the Club’s General Manager, acting as privacy officer or other suitable representative via email or in writing, or by accessing the Club’s website and unsubscribing appropriately. You may be able to opt out of all Direct Marketing or nominated topics and You
cannot opt out of official communication such as required under the BYS Rules including for example the notice of a General Meeting.
13. Disclosure overseas
- Your information is not likely to be disclosed to any overseas person or organization except for World Sailing or its affiliated national organisation for purposes of registration.
14. Adoption, use or disclosure of government related identifiers
- Your guest’s driver’s license may be used to verify the identity of your guest for the purposes of the Club’s activities or functions, in particular for compliance with the Victorian Liquor Licensing
15. Integrity of personal information
- The Club will take such steps as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date, and
- The Club will take such steps as are reasonable in the circumstances to ensure that the personal information that it uses or discloses is accurate, up-to-date and complete with regard to the purposes of the use or
16. Security of personal information
- The Club will take such steps as are reasonable to protect any personal information that it holds from misuse, interference, loss and unauthorised access, modification, or
16.2. Electronic Data
- Electronic data storage and communications hardware is located in a locked computer room and a communications room which are further protected by a security access system. This allows only authorised individuals to gain access to these areas.
- The Club uses contemporary hardware and software products to provide secure management of access to both the wide area network and local network, including firewall, Wifi security, intrusion prevention, gateway antivirus, spam prevention and URL filtering to lock down access to unsuitable web sites. They also provide protection against malware, ransomware and data loss.
- Access to staff workstations is restricted to authorised users who require a password to access the network. Core software applications are further secured for authorised users with unique user names and
- Audit trails provide a history of user activity in core application software.
- A secure virtual private network (VPN) is used for remote user access.
- A comprehensive backup plan is in place to prevent data loss.
- Cloud based offsite backups are stored using encryption and are transferred by encrypted VPN.
16.3. Physical Information
Physical information such as forms, correspondence and other hard copy documents are stored in lockable filing cabinets in offices that are secured by the Club’s security access system.
The images recorded by the CCTV cameras are securely stored as digital files within the CCTV system and are only accessible to staff or the General Committee unless otherwise stipulated in this policy. The digital files are stored for a maximum of 30 days after which they are programmed to be automatically erased unless required by law enforcement authorities. Controlled access to the secured footage is strictly maintained. Copies of recordings will not be made for other purposes unless they are relevant to the purpose of surveillance or are required by law. Any copies made are stored in a securely lockable area.
16.5. Notifiable Data Breaches Scheme
- A data breach is the unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information.
- The Club is required to take certain actions if, from the perspective of a reasonable person, the data breach would be likely to result in serious harm to an individual whose personal information was part of the data breach. This is referred to as an eligible data breach.
- Depending on the nature of the eligible data breach, these actions should be:
- to identify the cause of the data breach and rectify it;
- to identify and notify any individuals who may be affected by the breach;
- if necessary, publish a statement regarding the breach in a form that individuals will be able to find, such as on the Club’s web-site; and
- notify the Office of the Australian Information Commissioner using a standard
- If the Club holds personal information about you that it no longer needs for any purpose related to the Club’s activities, and the Club is not required by law to retain the information, the Club will take such steps as are reasonable in the circumstances to destroy the information or to ensure that it is de-identified.
17. Accessing your personal information
- If the Club holds personal information about you, you may request access to that information by sending a request to the Club’s General Manager, acting as privacy officer or other suitable representative, via email or in writing. The Club will respond to any request within a reasonable period.
- The Club may refuse to grant you the requested access in certain special circumstances. These circumstances include, but are not limited to:
- where the Club reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- where giving access to the information would have an unreasonably large impact on the privacy of other individuals;
- if the request is frivolous or vexatious;
- if the information requested relates to pending or anticipated legal proceedings, negotiations, and/or law enforcement activities, and would be likely to prejudice such activities;
- if giving access would be contrary to an Australian law or an order of an Australian court or tribunal;
- if the Club has reason to suspect that the information relates to unlawful activity or misconduct of a serious nature, and giving access to the information would prejudice the taking of appropriate action in response to the
- The Club will give access to the requested information in the manner you request, if it is reasonable and practicable to do so.
- If the Club refuses to grant you access on one of the above grounds or any other grounds, the Club will communicate to you the reasons for the refusal, the mechanisms available to complain about the refusal, and any other matter required by the
18. Correction of personal information
- If the Club holds personal information about you that is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request that the Club correct its records by email or in writing to the Club’s General Manager, acting as privacy officer or other suitable representative.
- Upon receiving such a request, the Club will take such steps as are reasonable to correct the information and ensure it is up-to-date and relevant to the Club’s activities. You may be required to co-operate in the correction to supply up-to-date personal
- If the Club corrects personal information about you that the Club had previously disclosed to another entity or third party, the Club will notify these entities or parties of the correction.
- If the Club refuses to correct the personal information as requested by you, the Club must provide you with a written notice setting out the reasons for the refusal (unless it would be unreasonable to do so), the way you can make a complaint about the refusal and any other matter prescribed by the
- If the Club refuses to correct the information you can request a statement that the information is inaccurate, out of date, incomplete, irrelevant or misleading to be incorporated into the Club’s records so that it is apparent to users of your
- If you believe the Club has breached the APP, you can make a complaint about the Club’s handling of your personal information.
- This can be done by contacting the Club’s General Manager, acting as privacy officer or other suitable representative by email or in writing providing details of your complaint. Your complaint will be addressed in accordance with the Club’s complaints procedure, and the Club will respond within a reasonable
- If you are unhappy with the Club’s response to your complaint, you may refer your complaint to the Office of the Australian Information
20. Contact Details
- Club contacts:
Telephone: +61 3 5988 8453 Email address: firstname.lastname@example.org Postal address: P.O. Box 13
BLAIRGOWRIE VIC 3942
Digital communication is used for sharing club news and information with Members.
Our website includes current information on competitions, social events, food and beverage, committees, policies, constitution, rules and by-laws. Our range of digital tools used to communicate with Members includes Email, SMS, Facebook, and YouTube/Vimeo. We may at other times use other social media.
Policy – BYS created communication
All BYS generated communication will be created by a member of staff under the direction of the General Manager, ensuring compliance with this policy. We apply the following guidelines
- No personal information, beyond their name, about Members will be disclosed
- Content or photos or videos will be family friendly and encompass BYS’s values; Family, Friendship and
- We may use images of members without prior permission. No offensive content or photos will be
- If we intend to publish a photo of a child, that enables the child to be identified, we will first seek permission from their parent/guardian and will take all care not to provide identifying
- SMS messages should be short and about BYS
- Email will be used when more information is required.
- Communication involving children will be directed though their parents/guardian.
- No social media sites that involve BYS will be set up without first getting permission from the General
Policy – member created communication
We recognize that members may contribute to social media. BYS encourages the sharing and reposting of online information that is relevant, appropriate to its aims, and of interest to its members.
BYS requires all members who do so to conduct themselves appropriately and ensure that
- They accept that BYS treats all social media postings, blogs, Facebook, Instagram, status updates, tweets etc. as public ‘comment’.
- There will be no misleading, false information or statements made that will injure a person’s It must not offend, intimidate, humiliate or bully another person or be misleading, false or injure the reputation of another person.
- Abusive, discriminatory or offensive statements will not be tolerated. Offending posts will be removed and those responsible will be blocked from the site.
- Statements should be restricted to club matters and must not bring BYS into
Members, volunteers, staff and competitors may face disciplinary action, in accord with the BYS Rules, for sending inappropriate electronic communication or posting on line content or comments that is outside these guidelines.
Under certain circumstances, cyber bullying (bullying which is carried out through the internet via email, chat rooms, blogs, discussions groups, instant messaging or any website) is a criminal offense that can be reported to the police.
In addition, anyone who publishes false or misleading comments about another person in the public domain may be liable for defamation.