Privacy

Family First Credit Union complies with the Privacy Act 1988 and amendments to the Australian Privacy Principles (APP’s) effective 12 March 2014.

The Management, Directors and Staff of Family First Credit Union are committed and responsible for ensuring the protection of your personal information and compliance with the Privacy Act 1988 and the Australian Privacy Principles (APP’s) from 12 March 2014. The Privacy Act now includes a set of 13 new harmonised privacy principles that regulate the handling of personal information.

These principles are called the Australian Privacy Principles (APP’s). They replace the National Privacy Principles (NPP’s) that previously applied to private sector organisations such as financial institutions. Like all financial institutions, we are bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth), and our staff have been trained to respect your privacy in accordance with this legislation. As you know, we collect personal information from you when you fill out an application or when you give us information over the phone. However, we may also collect your personal information from third parties. A common example of this is when we obtain information about your credit history (from a credit reporting agency) should you apply for a loan.

From time to time, we may disclose your personal information to other organisations. If we do this, we will seek to ensure that this information is held or used consistently with the Australian Privacy Principles. Some examples of these other organisations include third party suppliers such as printers, posting services and our advisers.

You can download our Privacy Policy here.

A summary of the 13 Australian Privacy Principles (APP’s) covered by the Privacy Act 1988 are as follows:
APP 1 — Open and transparent management of personal information: Ensures that APP entities manage personal information in an open and transparent way. This includes having a clearly expressed and up to date APP privacy policy.
APP 2 — Anonymity and pseudonymity: Requires APP entities to give individuals the option of not identifying themselves, or of using a pseudonym. Limited exceptions apply.
APP 3 — Collection of solicited personal information: Outlines when an APP entity can collect personal information that is solicited. It applies higher standards to the collection of ‘sensitive’ information.
APP 4 — Dealing with unsolicited personal information: Outlines how APP entities must deal with unsolicited personal information.
APP 5 — Notification of the collection of personal information: Outlines when and in what circumstances an APP entity that collects personal information must notify an individual of certain matters.
APP 6 — Use or disclosure of personal information: Outlines the circumstances in which an APP entity may use or disclose personal information that it holds.
APP 7 — Direct marketing: An organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8 — Cross-border disclosure of personal information: Outlines the steps an APP entity must take to protect personal information before it is disclosed overseas.
APP 9 — Adoption, use or disclosure of government related identifiers: Outlines the limited circumstances when an organisation may adopt a government related identifier of an individual as its own identifier, or use or disclose a government related identifier of an individual.
APP 10 — Quality of personal information: An APP entity must take reasonable steps to ensure the personal information it collects is accurate, up to date and complete. An entity must also take reasonable steps to ensure the personal information it uses or discloses is accurate, up to date, complete and relevant, having regard to the purpose of the use or disclosure.
APP 11 — Security of personal information: An APP entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. An entity has obligations to destroy or de-identify personal information in certain circumstances.
APP 12 — Access to personal information: Outlines an APP entity’s obligations when an individual requests to be given access to personal information held about them by the entity. This includes a requirement to provide access unless a specific exception applies.
APP 13 — Correction of personal information: Outlines an APP entity’s obligations in relation to correcting the personal information it holds about individuals.