This policy outlines the obligations of Australian Survey Research (ASR) in managing personal information we hold about clients, research respondents, contractors and others.
ASR is bound by the Australian Privacy Principles (APPs) which regulate the handling of personal information by Australian government agencies and some private sector organisations. The 13 APPs are contained in schedule 1 of the Privacy Act 1988 (Cth) (the Privacy Act). The APPs, which came into force on 12 March 2014, replaced the Information Privacy Principles (IPPs) that previously applied to Australian and Norfolk Island Government agencies and the National Privacy Principles (NPPs) that previously applied to private sector organisations.
The main change affecting our clients is that the client organisation is responsible for ensuring the privacy, confidentially and ongoing security of all data we collect on their behalf from stakeholders (employees, customers, members of the public, etc). This means that ASR is responsible as well, and we take this responsibility seriously. ASR abides by the principles of the Australia Market and Social Research Society’s Code of Professional Behaviour and is a member of the Association of Market & Social Research Organisations.
Why ASR collects personal information
Personal information is information or an opinion relating to an individual which can be used to identify that individual. ASR collects personal information in order to conduct research and to meet our legal obligations.
Research is undertaken to provide accurate and timely information to client organisations about issues relevant to their activities and that support their decision-making processes. The majority of this information is anonymous or de-identified. In most instances, data that we collect is returned to clients without names or other identifiers. Where people or organisations are identified, the person or organisation is advised before being asked to provide information.
Participation in our market or stakeholder research is voluntary. However, for some research studies, such as 360° or multi-rater research, participation is required by a client organisation. If you have an issue with this participation, you must contact your employer or the organisation requesting the information directly.
Who we collect personal information about
The type of personal information ASR may collect and hold includes (but is not limited to) information about:
- research respondents
- customers, clients and suppliers;
- prospective employees, employees, and contractors; and other people who may come into contact with ASR or one of its related companies.
The type of personal information we collect
In general, the type of personal information ASR collects and holds includes (but is not limited to): contact details, eg, names and email addresses, basic demographics, eg, gender, type of work, age, and other information relating to individuals’ profiles, eg, behaviors, attitudes, and opinions.
How we collect personal information for research purposes
Personal information you provide: ASR will generally collect personal information from individuals directly in the course of a research exercise such as a web survey, face-to-face interview, a self-completion questionnaire, or by participating in a discussion group or interview.
If you have contact with ASR’s website during a survey or through a business contact, we will collect additional information. This additional information may or may not identify you. It will include information that you provide voluntarily and it may also include the type of your Internet browser, operating system, address of the referring site, your IP address and click stream information.
Personal information provided by others: Sometimes our clients want us to conduct research with their employees who give opinions about other employees, their customers or other key stakeholders. In these cases, they might give us a list of their employees, customers or stakeholders so that we can contact them to invite them to participate in the research.
Collecting personal information for business purposes
Personal information you provide: ASR generally collects personal information by way of forms filled out by people, face-to-face interviews, business cards, telephone conversations and from third parties, eg, referees. We also collect personal information from our website through self -completed forms and questionnaires.
Personal information provided by other people: In some circumstances ASR may be provided with personal information about an individual from a third party, for example a reference or a set of opinions from another person.
How we use and disclose personal information
ASR uses and discloses your personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorized by the Privacy Act.
In general, we may use and disclose your personal information for the following purposes:
- to investigate the behaviors, attitudes, opinions, motivations or other characteristics of a whole population or particular part of a population;
- for quality control or validation of research;
- as a source of potential research participants;
- to contact past participants to conduct further, follow-up research;
- to communicate with you;
- to provide and market our services;
- to purchase from you;
- to comply with our legal obligations; and
- to help us manage and enhance our services.
Apart from in the above circumstances, your personal information will generally not be disclosed without your consent.
Personal information about research respondents will only be used in compliance with the Privacy Act.
Who we disclose your personal information to
We may disclose your personal information to:
- Related companies of ASR;
- other companies or individuals who assist us in providing services or who perform functions on our behalf (such as mailing houses) and organisations that carry out activities essential to our research activities, including for quality control activities, data entry, data processing, conduct of interviewing, contacting people to ask them to participate in research exercises, or
- anyone else to whom you authorize us to disclose it, usually our client.
Unless required or authorized by law, the identity of research respondents will not be disclosed to anyone not directly involved with the research project or to clients requesting the research or used for any non-research purpose without the individual’s consent.
Sending information overseas
We generally do not transfer personal information overseas unless required for an international research project. We will not send your personal information to recipients outside of Australia without:
- obtaining your consent (in some cases this consent will be implied) or
- otherwise complying with the APPs.
ASR may disclose your personal information to its related companies, including those located outside Australia. We take steps to ensure that such recipients respect the confidentiality of this information by abiding by the APPs or equivalent privacy laws.
Some personal information which we collect is classified as sensitive information. Sensitive information includes information relating to a person’s racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, that is also personal information; and health information about an individual.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply, eg where required by law.
Management of personal information
The APPs require us to take reasonable steps to protect the security of personal information. ASR staff are required to respect the confidentiality of personal information and the privacy of individuals.
ASR takes a range of technical, administrative and physical security steps to protect personal information held from misuse, loss and from unauthorized access, modification or disclosure, for example by use of physical security and restricted access to electronic records.
Where we no longer require your personal information for a permitted purpose under the APPs, we will take reasonable steps to de-identify or destroy it.
How we keep personal information accurate and up-to-date
ASR takes reasonable steps to make sure that the personal information it holds is accurate, complete and up-to-date. Our contact details are set out below.
Accessing your personal information
Subject to the exceptions set out in the Privacy Act and APPs, you may seek access to personal information which ASR holds about you by contacting ASR’s Privacy Officer.
Research respondents may ask us to destroy or delete their personal information which we hold, while it remains identifiable.
We will require you to verify your identity and to specify what information you require. A fee may be charged for providing access. We will advise you of the likely cost in advance.
Updates to this policy
The policy was last updated in September 2017.
If you have any questions about privacy-related issues, please contact ASR’s Privacy Officer using the following means of contact:
phone: (03) 9557 4211
fax: (03) 03 9557 4311
mail: 258 Centre Road, Bentleigh, Victoria Australia 3204