API Privacy Statement
When we collect your personal information, our commitment to the protection and privacy of your personal information is our priority.
– How we collect and hold it
– Purposes for which we collect, hold, use and disclose it
– What to do if you have a complaint about our handling of your personal information
Our policy reflects the 13 Australian Privacy Principles (APP’s) that replace the National Privacy Principles and Information Principles. The 13 APP’s from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988. This reinforces the commitment by API that our practices will respect and protect the rights of the individual. API is bound by the Act, which is aimed at establishing a nationally consistent approach to the handling of personal information in the private sector.
API has over 90 years’ experience in enhancing the quality of life of its members and clients. API has always strived to protect our member’s and client’s privacy and individual rights.
API has developed, and will adhere to, this policy document, which outlines our information handling practices. This document is displayed publicly throughout API and is made available to anyone upon request.
1. Compliance with the Australian Privacy Principles
API will ensure that this Policy complies with the Australian Privacy Principles and a registered APP code (if any) that binds the organisation; and will enable the entity to deal with inquiries or complaints from individuals about the company’s compliance with the Australian Privacy Principles or such a code.
2. Personal Information Privacy Principle
API aims to manage personal information in an open and transparent way.
2.1 Australian Privacy Principle — Anonymity and Pseudonymity
The member or client must identify themselves for every interaction with API to retain confidentiality of sensitive information. It is impracticable for API to deal with individuals who have not identified themselves or who have used a pseudonym.
If an individual establishes that the information which we hold is not accurate, complete or up to date, we will correct the information on request.
2.2 Means of collection
Collection of personal information must be fair, lawful and not intrusive. Our policy is to collect data directly from the member or client in order to ensure accuracy. This will only be undertaken with the consent of the individual. The individual must be told the organisation’s name; the purpose of collection; that the individual can get access to their personal information; and what happens if that person does not give the requested information.
3. Collection of Solicited Personal Information
API will not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of the company’s functions or activities.
API will not collect sensitive information such as racial or ethnic origin, religion, health issues, etc about an individual without consent, or unless it is required by law, or in other special circumstances such as those relating to health services provision.
API will use or disclose information only for the primary purpose for which it was collected unless the person has consented or if the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure. Information may be disclosed in circumstances relating to the public interest such as law enforcement and public or individual health and safety.
4. Dealing with unsolicited personal information
API will, within a reasonable period after receiving the individual information, determine whether or not it could have collected the information under Australian Privacy Principle 3 if API had solicited the information. If API determines that it could not have collected the personal information; and the information is not contained in a Commonwealth record; then it must, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.
5. Notification of the collection of personal information
At or before the time or, if that is not practicable, as soon as practicable after, API collects personal information about an individual, API will advise the individual that it has obtained personal information and for the purpose it will serve.
6. Use or disclosure of personal information
If API holds personal information about an individual that was collected for a particular purpose API will not use or disclose the information for another purpose unless the individual has consented to the use or disclosure of the information; or if the information is sensitive information — directly related to the primary purpose.
When our Travel service book products and services for you, we usually do so for or on behalf of travel service providers. This means that we usually collect personal information about you both for our internal purposes and on behalf of the parties for their internal purposes. Accordingly, the consent you provide under this Policy to the collection and use of personal information by us, applies equally to the parties whose products and services we sell.
For example, if you purchase a flight from us, then under this Policy you will have consented to your personal information being provided to the airline to enable your flight to be booked.
We act on behalf of many travel and insurance service providers, so it is not possible for us to set out in this Policy all of the service providers for whom we act nor exactly how each of these service providers will use your personal information.
7. Direct Marketing
API retains personal information about an individual; API will not use or disclose the information for the purpose of direct marketing, unless, API collected the information from the individual; and the individual would reasonably expect API to use or disclose the information for that purpose; and API provides a simple means by which the individual may easily request not to receive direct marketing communications from API; and the individual has not made such a request to API.
8. Cross-border disclosure of personal information
API holds all information within Australia.
If you are making a travel booking the third parties we may disclose your personal information to may be located overseas. This disclosure will only be made to overseas entities in connection with the facilitation of your travel booking and/or to enable the performance of administrative and technical services by them on our behalf.
9. Adoption, use or disclosure of government related identifiers
API will not adopt a government related identifier of an individual as its own identifier of the individual.
10. Quality of personal information
API will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date and complete.
11. Security of personal information
API will take all precautions to protect the personal information we hold from misuse and loss and from unauthorised modification or disclosure. We further undertake to ensure that the archiving, destruction and removal of identification from obsolete records will be attended by a secure means.
12. Access to personal information
API will provide an individual with access to the personal information we hold about that individual, on request, in the prescribed timeframes.
13. Correction of personal information
API will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that the it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up-to-date, complete and relevant.