|
Set out below is Casino Canberra Limited’s Privacy Policy, explaining what information we collect, your rights and information about how we protect those rights. Casino Canberra Limited complies with the Australian Casino Association Privacy Code (the “Code”), which has been approved by the Privacy Commissioner. You can obtain a copy of the Code from our website at www.casinocanberra.com.au
Collection of Personal Information
The type of personal information that we collect from you will depend upon what dealings you have with us. If you are comfortable providing us with personal information, we are able to provide a more enhanced products and services.
Use and Disclosure of Personal Information
We only use or disclose personal information for the purpose which was either specified, or reasonably apparent, to you at the time you provided the information. We may use or disclose your information for related purposes for which you would reasonably expect it to be used.
Sharing information with other organisations
We do not sell your personal information to other companies. However, in some circumstances we may disclose your information to our contractors and service providers, but only to the extent necessary to operate our business or provide you with the products and/or services you have requested. We require these organisations to agree to our Privacy Policy and to strict conditions governing how this information may be used.
Your information may also be disclosed to other members of the Australian Casino Association and credit reference agencies for the purposes of carrying out credit checks.
Video surveillance
We are committed to providing a secure environment for all visitors to our casinos. With this in mind the casino is under constant video surveillance. Details of suspected illegal and undesirable activities on our premises are shared with other members of the Australian Casino Association, law enforcement bodies and regulatory bodies such as the ACT Gambling and Racing Commission.
Cookies
When you visit our web site, we may use an Internet browser feature called a “cookie”. A cookie is a small data file that may be placed on the computer of a web user (usually in the browser software folder) the first time a computer visits a web site which operates cookies. Cookies by themselves cannot be used to identify you personally. They only identify your computer when you visit our site. The information that we gain by using cookies provides us with statistics which can be used to analyse and improve our web site, products and services. If you do not wish to receive any cookies you can set your browser to refuse cookies. However, this may mean you are not able to take full advantage of our services.
Security of personal information
We make all reasonable endeavours to protect your personal information securely against unauthorised use and access. Your personal information will be recorded, amended and used only by authorised personnel who are required to keep your information confidential.
Access to and Correction of Personal Information
You are welcome to request details of the personal information that we hold about you. To do so, please contact our Privacy Officer (see below for contact details). We may require personal identification before providing you with details. If you find that personal information we hold about you is inaccurate, incomplete or out-of-date, please contact our Privacy Officer.
Privacy Officer
If you have any questions regarding this privacy policy, you may contact our Privacy Officer by calling 02 6257 7074 or fax 02 6257 7079, or writing to: 'The Privacy Officer'' Casino Canberra Limited PO Box 262 CIVIC SQUARE ACT 2608.
Changes in the Future
We reserve the right to change our Privacy Policy at any time and notify its customers by posting an updated version of the policy on its website at: www.casinocanberra.com.au
Additional Information on Privacy
For further information about privacy issues and the protection of privacy, visit the Australian Federal Privacy Commissioner's website at www.privacy.gov.au.
1. INTRODUCTION
1.1 The Association represents the interests of all Australian casinos.
1.2 The objectives of the Association are to:
(1) represent the interests of the Australian casino industry at a government and community level and to assist the casino industry in its development as an industry that is both economically sustainable and socially responsible;
(2) promote the casino industry as one that is a world leader in regulatory standards and professionalism, by promoting responsible gambling practices that reflect community expectations of the highest standards of probity and integrity; and
(3) ensure that the highest standards are applied across the industry and to actively participate with governments, on behalf of its members, in devising and implementing strategies to combat problem gambling, including research.
1.3 Amendments to the Privacy Act made on 21 December 2000 require Members to provide protection for personal information collected and used by them.
1.4 To assist Members in preparing for these new obligations and to develop a culture of privacy protection in the Australian casino industry, the Association has created this Privacy Code.
1.5 The Code was approved by the Privacy Commissioner on [date].
2. DEFINITIONS AND INTERPRETATION
2.1 The following terms shall have the meanings given:
Act means the Privacy Act 1988 (Cth).
Agency has the meaning given in the Act and includes the Australian Transaction and Analysis Centre (AUSTRAC), the Credit Reference Agency Association (CRAA) and each of the Casino Authorities.
Association means the Australian Casino Association.
Casino Authority means each of the authorities specified in Schedule 3 and any replacement or successor authority.
Code means this Privacy Code.
Code Administrator means the body responsible for the operation of the Code and the handling of complaints, being the body established under clause 6.1.
employee record in relation to an employee, means a record of personal information relating to the employment of the employee.
enforcement body means:
(1) the Australian Federal Police;
(2) the National Crime Authority;
(3) a police force of a State or Territory of Australia or New Zealand;
(4) any other prescribed authority or body that is established under a law of a State or Territory of Australia or New Zealand:
(a) to conduct criminal investigations or inquiries; or
(b) to the extent that it is responsible for administering or performing a function under a law that imposes a penalty or sanction.
health information has the meaning given in the Act and includes personal information about an individual's health or disability (at any time) or a health service provided (or to be provided) to an individual.
health service has the meaning given by the Act and includes activities performed with the intention of assessing, maintaining or improving the health of an individual or diagnosing or treating an individual's illness or disability.
identifier includes a number assigned to an individual to identify uniquely the individual for the purposes of the Member’s operations.
individual includes:
(5) an individual who is not an Australian or New Zealand citizen; and
(6) a person whose continued presence in Australia or New Zealand is subject to a limitation as to time imposed by law.
Member means a member or observer member of the Association which has agreed to comply with the Code and is registered with the Administrator under clause 4.4, being (as at the date of approval of this Code by the Privacy Commissioner) the Members listed in Schedule 2.
National Council means the National Council of the Association.
personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent or can be ascertained from the information or opinion and includes video footage or a photographic image of a person.
Privacy Principles means the Privacy Principles set out in Schedule 1.
related body corporate has the meaning given by section 50 of the Corporations Act 2001 (Cth).
Privacy Commissioner means the Federal Privacy Commissioner.
Review Panel means the body established under clause 7.1.
secondary purpose has the meaning given in Privacy Principle 2.1.
sensitive information means:
(1) information or an opinion about an individual’s:
(a) racial or ethnic origin;
(b) political opinions;
(c) membership of a political association;
(d) religious beliefs or affiliations;
(e) philosophical beliefs;
(f) membership of a progressional or trade association;
(g) membership of a trade union;
(h) sexual preferences or practices; or
(i) criminal record,
that is also personal information; or
(2) health information about an individual.
3. APPLICATION OF THIS CODE
3.1 This Code applies to acts done, or practices engaged in, both within and outside Australia and New Zealand by a Member to the extent that the act or practice relates to personal information.
3.2 An act done, or practice engaged in, by a Member who is situated in Australia that is or was an employer of an individual is exempt for the purposes of clause 5 if the act or practice is directly related to:
(1) a current or former employment relationship between the Member and the individual; and
(2) an employee record held by the organisation and relating to the individual.
4. MEMBERS
4.1 This Code is voluntary, but is binding of those Members who agree to be bound by it.
4.2 A member or observer member of the Association may apply to the Code Administrator for registration as a Member.
4.3 The application shall be in a form prescribed by the Code Administrator and will include a signed statement by the applicant that it agrees to be bound by this Code.
4.4 Upon registration of a Member, the Code Administrator shall:
(1) notify the Privacy Commissioner of the registration of the Member; and
(2) add the Member's name to the public register of Members referred to in clause 6.4(1).
4.5 If a Member acts in a manner which constitutes a breach of the Code, then the Code Administrator shall notify the Member in writing of the breach.
4.6 The Member must within 10 days of the notice referred to in clause 4.5 take all reasonable steps to rectify the breach and notify the Code Administrator of the steps taken.
4.7 If a Member:
(1) fails to comply with clause 4.6; or
(2) advises the Code Administrator in writing that it wishes to be bound no longer by the Code,
then the Code Administrator shall:
(3) remove the name of a Member from the public register of Members referred to in clause 6.4(1); and
(4) notify the Privacy Commissioner of the relevant Member’s de-registration.
5. PRIVACY PRINCIPLES
5.1 The Members must:
(1) comply with the Privacy Principles; and
(2) not commit an act or omission, or engage in a practice, in a manner that breaches the Privacy Principles.
5.2 For the purposes of this Code, an act or practice breaches a Privacy Principle if, and only if, it is contrary to, or inconsistent with, that Privacy Principle.
5.3 A breach of the Privacy Principles is an interference with the privacy of an individual.
6. CODE ADMINISTRATOR
6.1 The Association will establish a Code Administrator comprising:
(1) the Association's privacy officer; and
(2) such other persons as the National Council may from time to time nominate.
6.2 The Code Administrator will be funded by the Association in such manner as the National Council considers appropriate, having regard to the resource requirements necessary for the effective execution of its tasks.
6.3 The Code Administrator will meet not less than once every three months.
6.4 The Code Administrator will perform the following tasks:
(1) publish and maintain an accurate, up to date and easily accessible public register of Members;
(2) within 2 years after registration of this Code and thereafter on an biennial basis, review and produce to the Review Panel a report on the operation of the Code; and
(3) perform such other tasks as the National Council considers necessary or desirable for the effective operation of the Code.
6.5 The Code Administrator shall cause to be published on the Internet, via the Association’s website at www.auscasinos.com, an easily accessible public information resource which contains:
(1) a public register of current Members;
(2) information about the Code;
(3) a copy of the most current version of the Code;
(4) information about making complaints in relation to matters contained in the Code;
(5) contact details of the Federal Privacy Commissioner; and
(6) any other information which the Code Administrator considers relevant to the efficient functioning of the Code.
7. REVIEW PANEL
7.1 The Association will establish a Review Panel comprising an chairperson independent of the Association and such other persons as the National Council may from time to time nominate.
7.2 The Review Panel will:
(1) monitor the operation of the Code; and
(2) within 2 years after registration of this Code and thereafter on an biennial basis, review and produce a report on:
(a) the effectiveness of the Code;
(b) statistics of complaints referred to the Code Administrator; and
(c) any other information which the Code Administrator considers relevant to a review of the functioning of the Code,
which shall together provide a basis for assessing Code compliance generally.
7.3 The Review Panel will notify the Privacy Commissioner in advance of its intention to conduct a review pursuant to clause 7.2(2).
7.4 In conducting a review under clause 7.2(2), the Review Panel will seek the views of:
(1) the Code Administrator;
(2) the Privacy Commissioner;
(3) Members;
and other persons or bodies, as appropriate in Australia and New Zealand, regarding the operation of the Code and in relation to suitable revisions and amendments.
7.5 The Review Panel will deliver its report under clause 7.2(2) and the Code Administrator's report under clause 6.4(2) to the Privacy Commissioner and will publish both reports on the Internet, via the Association’s web site at www.auscasinos.com.
7.6 The Review Panel may recommend amendments of the Code on request or by its own initiative.
7.7 To amend the Code, the Review Panel must complete the following steps:
(1) consult with Members, the industry, government and the general public regarding the proposed amendment;
(2) resolve the terms of any proposed amendment;
(3) give notice of the terms of the proposed amendment to each Member and the general public by publishing them on the Internet, via the Association’s website at www.auscasinos.com;
(4) allow 60 days to provide comments to the Review Panel;
(5) receive comments from Members and the general public;
(6) adopt or reject the proposed amendment with or without modifications;
(7) obtain the approval of the National Council; and
(8) give notice of the Code as amended to each Member and to the general public by on the publishing it Internet, via the Association’s website at www.auscasinos.com.
7.8 Amendments to the Code will come into effect 30 days after giving notice in accordance with clause 7.7(8).
8. COMPLAINTS
8.1 Members will ensure that they have in place publicly available procedures for dealing with complaints through to satisfaction or determination which comply with the Australian Standard on Complaints Handling AS 4269-1995 and which are available to any individual about whom personal information is processed.
8.2 If a complaint is not resolved to the satisfaction of the complainant within 30 days of the complainant notifying the Member of the complaint, the Member will refer the complaint to the Code Administrator.
8.3 If, following referral to the Code Administrator in accordance with cause 8.2, a complaint is not resolved to the satisfaction of the complainant within a reasonable time, either the complainant or the Code Administrator may refer the complaint to the Privacy Commissioner.
Privacy Principle 1 - Collection
1.1 A Member must not collect personal information unless the information is necessary for one or more of its functions or activities.
1.2 A Member must collect personal information only by lawful and fair means and not in an unreasonably intrusive way.
1.3 At or before the time a Member collects personal information from an individual, the Member must take reasonable steps to ensure that the individual is aware of:
(1) the identity of the Member and how to contact it; and
(2) the fact that he or she is able to gain access to the information; and
(3) the purposes for which the information is collected; and
(4) the organisations (or the types of organisations) to which the Member usually discloses information of that kind; and
(5) any law that requires the particular information to be collected; and
(6) the main consequences (if any) for the individual if all or part of the information is not provided.
1.4 Where direct marketing is the primary purpose of collection, personal information may only be collected with the consent of the individual concerned.
1.5 If it is reasonable and practicable to do so, a Member must collect personal information about an individual only from that individual.
1.6 If a Member collects personal information about an individual from someone else, it must take reasonable steps to ensure that the individual is or has been made aware of the matters listed in paragraphs (1) to (6) of Privacy Principle 1.3 except to the extent that making the individual aware of the matters would pose a serious threat to the life or health of any individual.
Privacy Principle 2 - Use and Disclosure
2.1 A Member must not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:
(1) both of the following apply:
(a) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
(b) the individual would reasonably expect the Member to use or disclose the information for the secondary purpose; or
(2) the individual has consented to the use or disclosure;
(3) if the information is not sensitive information and the use of the information is for the secondary purpose of direct marketing and the Member is situated in Australia:
(a) it is impracticable for the Member to seek the individual’s consent before that particular use; and
(b) the Member will not charge the individual a fee for giving effect to a request by the individual to the Member not to receive direct marketing communications; and
(c) the individual has not made a request to the Member not to receive direct marketing communications; and
(d) in each direct marketing communication with the individual, the Member draws to the individual’s attention, or prominently displays a notice, that he or she may express a wish not to receive any further direct marketing communications; and
(e) each written direct marketing communication by the Member with the individual (up to and including the communication that involves the use) sets out the Member’s business address and telephone number and, if the communication with the individual is made by fax, telex or other electronic means, a number or address at which the Member can be directly contacted electronically; or
(4) the Member reasonably believes that the use or disclosure is necessary to lessen or prevent a serious and imminent threat to an individual’s life, health or safety or a serious threat to public health or public safety; or
(5) the Member has reason to suspect that unlawful activity has been, is being or may be engaged in, and uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons, an enforcement body or agency; or
(6) the use or disclosure is required or expressly authorised by a conflicting legal obligation; or
(7) the Member reasonably believes that the use or disclosure is reasonably necessary for one or more of the following by or on behalf of an enforcement body:
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law;
(b) the enforcement of laws relating to the confiscation of the proceeds of crime;
(c) the protection of the public revenue;
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct;
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of the orders of a court or tribunal.
2.2 If a Member discloses or uses personal information under paragraph (7) of Privacy Principle 2.1, it must make a written note of the use or disclosure.
2.3 Privacy Principle 2.1 operates in relation to personal information that a Member has collected from a related body corporate as if the Member’s primary purpose of collection of the information were the primary purpose for which the related body corporate collected the information.
Privacy Principle 3 - Data Quality
3.1 A Member must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up-to-date.
Privacy Principle 4 - Data security
4.1 A Member must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.
4.2 A Member must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under Privacy Principle 2.
Privacy Principle 5 - Openness
5.1 A Member must set out in a document clearly expressed policies on its management of personal information. The Member must make the document available to anyone who asks for it.
5.2 On request by a person, a Member must take reasonable steps to let the person know, generally, what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
Privacy Principle 6 - Access and Correction
6.1 If a Member holds personal information about an individual, it must provide the individual with access to the information on request, except to the extent that:
(1) in the case of personal information other than health information, providing access would pose a serious and imminent threat to the life or health of any individual; or
(2) providing access would have an unreasonable impact upon the privacy of other individuals; or
(3) the request for access is frivolous or vexatious; or
(4) the information relates to existing or anticipated legal proceedings between the Member and the individual and would not be accessible by the process of discovery in those proceedings; or
(5) providing access would reveal the intentions of the Member in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
(6) providing access would be unlawful; or
(7) denying access is required or authorised by or under law; or
(8) providing access would be likely to prejudice an investigation of possible unlawful activity; or
(9) providing access would be likely to prejudice:
(a) the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law; or
(b) the enforcement of laws relating to the confiscation of the proceeds of crime; or
(c) the protection of the public revenue; or
(d) the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct; or
(e) the preparation for, or conduct of, proceedings before any court or tribunal, or implementation of its orders;
by or on behalf of an enforcement body; or
(10) an enforcement body performing a lawful security function asks the Member not to provide access to the information on the basis that providing access would be likely to cause damage to the security of Australia.
6.2 However, where providing access would reveal evaluative information generated within the Member in connection with a commercially sensitive decision-making process, the Member may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
6.3 If the Member is not required to provide the individual with access to the information because of one or more of paragraphs (1) to (10) of Privacy Principle 6.1, the Member must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
6.4 If a Member charges for providing access to personal information, those charges must not be excessive and must not apply to lodging a request for access.
6.5 If a Member holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, the Member must take reasonable steps:
(1) to correct the information so that it is accurate, complete and up-to-date; and
(2) where the information has been disclosed to another Member or Members in accordance with paragraph (2) of Privacy Principle 2.1 or Privacy Principle 11.2, to notify such other Member or Members of the inaccuracy or error.
6.6 If the individual and the Member disagree about whether the information is accurate, complete and up-to-date, and the individual asks the Member to associate with the information a statement claiming that the information is not accurate, complete or up-to-date, the Member must take reasonable steps to do so.
6.7 A Member must provide reasons for denial of access or a refusal to correct personal information.
Privacy Principle 7 - Identifiers
7.1 A Member must not adopt as its own identifier of an individual an identifier of the individual that has been assigned by any other person.
Privacy Principle 8 - Anonymity
8.1 Wherever it is lawful and practicable, individuals must have the option of not identifying themselves when entering transactions with a Member.
Privacy Principle 9 - Transborder Data Flows
9.1 A Member who is situated in Australia may transfer personal information about an individual to someone (other than the Member or the individual) not in Australia only if:
(1) the Member reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Privacy Principles; or
(2) the individual consents to the transfer; or
(3) the transfer is necessary for the performance of a contract between the individual and the Member, or for the implementation of pre-contractual measures taken in response to the individual’s request; or
(4) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between the Member and a third party; or
(5) all of the following apply:
(a) the transfer is for the benefit of the individual;
(b) it is impracticable to obtain the consent of the individual to that transfer; and
(c) if it were practicable to obtain such consent, the individual would be likely to give it.
9.2 A Member who is situated in New Zealand must not transfer personal information about an individual to someone (other than the Member or the individual) not in New Zealand if such transfer would be in breach of the Privacy Act 1993 (New Zealand).
Privacy Principle 10 - Sensitive Information
10.1 A Member must not collect sensitive information about an individual unless:
(1) the individual has consented;
(2) the collection is required by law; or
(3) the collection is necessary for the establishment, exercise or defence of a legal or equitable claim.
Privacy Principle 11 - Covert Surveillance
11.1 A Member must not collect personal information about an individual by means of surveillance by a closed-circuit television system or other electronic system for visual monitoring of activities ("covert surveillance") unless
signs are clearly visible at each entrance to the premises in which covert surveillance is taking place notifying individuals that:
(1) they may be under video surveillance;
(2) video footage and photographic images of individuals may be disclosed to enforcement bodies, Casino Authorities and other Members; and
(3) by entering the area under surveillance, the individual consents to such covert surveillance and disclosure of video footage and photographic images.
11.2 Subject to paragraphs (4), (5) and (6) of Privacy Principle 2.1, a Member must not disclose personal information about an individual collected by means of covert surveillance to any person, including another Member, unless the individual has consented to the disclosure.
11.3 For the purposes of Privacy Principle 11.2, an individual is deemed to have consented to disclosure to another Member of personal information collected by means of covert surveillance if, at the time of collection, the Member making such disclosure had complied with Privacy Principle 11.1.
11.4 A Member must make a record of a disclosure of personal information made in accordance with Privacy Principle 11.2.
Members
Casino Canberra Limited
Casino Authorities
(1) Casino Control Authority
(2) Victorian Casino and Gaming Authority
(3) Queensland Office of Gaming Regulation
(4) Northern Territory Licensing Commission
(5) Tasmanian Gambling Commission
(6) Department of Gaming, Racing and Liquor
(7) Office of the Liquor and Gambling Commissioner
(8) ACT Gambling and Racing Commission
(9) New Zealand Casino Control Authority
|
