FCDRS - Financial Co-operative Dispute Resolution Scheme

Financial Co-operative Dispute Resolution Scheme

Privacy Policy

At the Financial Co-operative Dispute Resolution Scheme, we recognise the importance of your privacy, and are committed to protecting personal information and sensitive information about you that we hold. This Privacy Policy describes how we manage your personal information and sensitive information and safeguard your privacy.

1. NATIONAL PRIVACY PRINCIPLES

Since 21 December 2001, most private sector organisations in Australia must by law comply with the National Privacy Principles ("NPPs"). The NPPs strengthen protection of your privacy. The Financial Co-operative Dispute Resolution Scheme ("FCDRS") complies with the NPPs.

2. COLLECTING PERSONAL INFORMATION AND SENSITIVE INFORMATION ABOUT YOU

For the purposes of this privacy policy, the following definitions apply:

"health information" means information or an opinion about:

(i) the health or a disability (at any time) of an individual,
(ii) an individual's expressed wishes about the future provision of health services to him or her, or
(iii) a health service provided, or to be provided, to an individual,
that is also personal information.

"personal information" means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

"sensitive information" means:

(a) information or an opinion about an individual's:

(i) racial or ethnic origin;
(ii) political opinions;
(iii) membership of a political association;
(iv) religious beliefs or affiliations;
(v) philosophical beliefs;
(vi) membership of a professional or trade association;
(vii) membership of a trade union;
(viii) sexual preferences or practices;
(ix) criminal record;that is also personal information; or

(b) health information about an individual.

Back to top

2.1 FCDRS holds only those kinds of personal information and sensitive information that are necessary for us to perform our functions. Such information may include:

(a) Personal information you give us when you provide details of a dispute between you and your financial services provider. The information will include your name, address and contact details and the details of the account or accounts that are in dispute, including transactional information. FCDRS may also on occasion ask you to provide sensitive information that we consider necessary for the investigation of your dispute. If you fail to give us the information we ask for, we may be unable to investigate the dispute.

(b) Communications between you and us.

2.2 FCDRS will generally only collect personal or sensitive information about you directly from you. Where this is not possible, we will endeavour to advise you that material about you has been collected from a third party unless one of the conditions at 4.3 below is satisfied.

2.3 Where information about a third party has been collected from you, it will be assessed for relevance by FCDRS. If we decide that the information is required for the investigation of the dispute, it will be de-identified if possible, and the third party will be contacted. Where it appears that the third party has acted unlawfully, where there is a conflict between you and the third party or where disclosure would exacerbate the dispute or potentially endanger the safety of an individual, the third party will not be contacted.

2.4 FCDRS will not knowingly accept personal or sensitive information about any person that has been obtained in an unlawful manner, including by the recording of a conversation without the knowledge and consent of all parties to it.

2.5 We may also collect some information about you when you use our website www.FCDRS.org.au ("the website"):

(i) as most websites do, we track usage patterns on an anonymous and aggregate basis. Your identity cannot reasonably be ascertained from this information. Each time you visit the website, a web server records your visit, and information that includes your internet provider's address, the date and time of your visit, the pages accessed and documents downloaded and any search items entered.

(ii) if you visit the website to complete an online Dispute Registration Forms or to send us an e-mail we will record the information you give us, including your e-mail address.

Thus, your use of the facilities and information available on the website will determine the type and amount of personal or sensitive information we collect about you through the website.

3. USING AND DISCLOSING YOUR PERSONAL AND SENSITIVE INFORMATION

3.1 FCDRS respects your privacy. Any personal or sensitive information which we collect about you will be used only to investigate the dispute about which you have notified us. In order to fully investigate the dispute it may be necessary to disclose your personal or sensitive information to your financial services provider. Where possible, personal and sensitive information is stored anonymously. External identifiers are not used to assist in the management of information.

3.2 FCDRS stores your personal and sensitive information with a strong emphasis on its security and the protection of your privacy. In considering the security of your personal and sensitive information, we have taken into account:

(a) Physical security:

(i) All files containing personal or sensitive information are secured in locked cabinets after hours and during business hours when not in use. FCDRS requires its staff to maintain a clean desk policy.
(ii) All files containing personal or sensitive information are accessible only by staff requiring them for the completion of specific duties.
(iii) Drafts, spare copies and extra materials generated in the handling of files are destroyed by means of a secure destruction service.
(iv) Personal or sensitive information that is no longer required is permanently de-identified or destroyed by means of a secure destruction service.

(b) Computer and network security:

(i) Access to the computer network is by user identification and password only. Passwords are changed regularly. The system administrator can identify all users by their user identification.
(ii) The system administrator regularly reviews computer logs for security breaches and reports any breaches to the relevant manager.
(iii) Computer files are regularly reviewed for continued relevance by a staff member with appropriate security clearance and where necessary deletion and purging of files no longer required is undertaken on a system wide basis.
(iv) Files are regularly backed up and saved at a separate and secure site.
(v) Network security includes firewall and virus protection and network intrusion detection systems.

(c) Communications security:

No personal or sensitive information is provided to any person until the identity of the applicant is verified.

(d) Personnel security:

(i) Hard file and computer copies of unsuccessful applications for employment are destroyed by means of a secure destruction service. Appropriate and lawful enquiries are made before an offer of employment is made to any person.
(ii) Access to your personal or sensitive information is given to staff strictly on the basis of their need to have access to the material in order to fulfil their function within FCDRS.

3.3 In order to facilitate the investigation of the dispute, FCDRS may disclose your personal information to organisations to whom it contract out functions. Where possible, all such service providers are subject to the NPPs or to contractual arrangements imposing substantially similar obligations.

4. ACCESS TO YOUR PERSONAL OR SENSITIVE INFORMATION

4.1 In most cases, you can gain access to the personal or sensitive information FCDRS holds about you. Requests for access will be handled in accordance with the NPPs, by the Privacy Access Officer, who can be contacted by telephone or in writing at the telephone number and postal and e-mail addresses set out in item 5 below.

4.2 All such requests will be dealt with as quickly as possible. In any event, an initial response to your request will be made within 30 days. Requests for large amounts of information, or for information not currently in use, may require some time before a full response can be given.

4.3 In some circumstances under the NPPs access to your personal or sensitive information may be refused. These are circumstances where giving you access would:

(a) pose a serious and imminent threat to the life or health of any individual;

(b) have an unreasonable effect upon the privacy of other individuals;

(c) give you access to material which would not be accessible by the process of discovery in existing or anticipated legal proceedings between you and your financial institution;

(d) reveal our intentions in relation to negotiations between you and your financial institution in such a way as to prejudice those negotiations;

(e) be unlawful;

(f) be likely to prejudice an investigation of possible unlawful activity, or

(g) be likely to prejudice:

(i) the prevention, detection, investigation, prosecution or punishment of criminal offences, or certain other breaches of law;
(ii) the enforcement of laws relating to the confiscation of the proceeds of crime;
(iii) the protection of the public revenue;
(iv) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct, or
(v) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders;
by or on behalf of an enforcement body.

Access may also be refused if:

- FCDRS considers the request for access is frivolous or vexatious;
- FCDRS is required or authorised by or under law to do so, or
- an enforcement body performing a lawful security function asks FCDRS not to do so, on the basis that to do so would be likely to cause damage to the security of Australia.

If access to the personal information you request is refused under the NPPs, the reasons for refusal will be provided.

4.4 FCDRS wishes to ensure that your personal or sensitive information is accurate, complete and up to date. Generally, if requested, we will amend any personal or sensitive information about you that is inaccurate, incomplete or out of date. If we disagree with you about any of these matters, and if you request us to do so, we will take reasonable steps to associate a statement to the effect that you claim the information to be inaccurate, incomplete or out of date with your personal or sensitive information.

4.5 There will be no charge for lodging a request for access to personal or sensitive information. However, FCDRS may charge you for providing access. Any charges will not be excessive. A schedule of current charges is available upon request.

5. CONTACTING US FOR FURTHER INFORMATION

You can get more information about the way FCDRS manages personal or sensitive information about you by contacting us at the telephone number, postal or e-mail addresses set out below.
If you are concerned that we may have breached your privacy and wish to make a complaint, please contact us.

If you would like to:
(a) access your personal or sensitive information or to request a change to personal information held;
(b) receive further information about the way we manage personal or sensitive information; or
(c) complain about a breach of privacy,
please contact us.

6. CHANGES TO OUR PRIVACY POLICY

From time to time it may be necessary for FCDRS to review and revise our privacy policy. We reserve the right to change our privacy policy at any time. If we do change this privacy policy we will post an updated version on our website.

[ What is FCDRS ] [ News ] [ Who does the scheme cover ] [ How to register a dispute ] [ Who is the Ombudsman ]