Australia Post Privacy
To meet your expectations about privacy and confidentiality Australia Post has operational processes and procedures to comply with:
- Australian Privacy Principles (APPs) contained in the Privacy Act 1988
- Australian Direct Marketing Association (ADMA) Code of Practice in relation to how we market to our customers;
- Privacy and secrecy requirements contained in Part 7B of the Australian Postal Corporation Act 1989 in relation to our handling of mail and postal information;
- Spam Act 2003 in relation to electronic marketing;
- Do Not Call Register Act 2006 where we engage in telemarketing
- Telecommunications Industry Standard 2007 where we engage in telemarketing.
If you have any questions not addressed in this policy, please feel free to contact us using the methods at the end of this policy under the heading "How to contact Us".
Should there be any inconsistency between this policy, the Privacy Act and other Acts mentioned above, this policy shall be interpreted to give effect to and comply with the legislation.
This policy includes examples but is not intended to be restricted in its application to such examples. Where the word 'including' is used, it shall mean 'including without limitation'.
Our websites contain links to non-APG websites. We are not responsible for the privacy policies of those other websites. We recommend you review the privacy policies of each site you visit.
Collection of personal information
'Personal information' means information we hold about you where your identity is either clear or can be reasonably determined. When you give us your personal information, it imposes a serious responsibility on us. Protecting your privacy when handling your personal information is very important to us and is fundamental to the way we serve you.
Generally, we will collect personal information directly from you, and only to the extent necessary to provide the product or service (including our agency functions) you requested or to carry out our internal administrative operations or meet relevant regulatory requirements. An 'agency function' means a service that we provide to you on behalf of another organisation, such as our Post Billpay and Bank@Post services. We may also collect personal information for the purpose of enhancing our ability to improve service delivery to you and other customers in the future.
We may collect personal information from you when:
- you fill in an application form;
- deal with us over the telephone or over web chat;
- purchase a product or service in one of our retail outlets;
- register for, or use, our online products and services;
- e-mail us;
- create an account with us;
- participate in an online promotion
- provide us with feedback
- complete online surveys
- contact, register with, post to, like or follow any of our social media websites, pages, forums or blogs
- ask us to contact you after visiting our website.
We will collect personal information from you by lawful and fair means.
If you choose to not provide your personal information when requested, we may not be able to deliver the product or service that you have requested. We will endeavour to make this as clear as possible for each service.
In some cases, where it makes sense and is lawful, you can interact with us anonymously or by using a pseudonym (an alias). We will endeavour to make this option clear when it is available to you.
As noted above, we will only collect personal information from you that's necessary to provide the product or service or to carry out internal administrative functions, or any other personal information you submit to us. We collect different personal information depending on the product or service that you have requested. Some examples include:
- Parcels - When you ship a parcel with us we will capture the details of the parcel including shipping activities (for tracking purposes), the weight and dimensions of the parcel, and the sender and receiver details. This information allows us to route the package and to respond to queries from both the sender and the receiver.
"Unsolicited" personal information is personal information about an individual that an organisation has unintentionally received. This is an uncommon occurrence for the APG, but when it does happen, we will protect your personal information with the same rigour as we treat personal information that we intended to collect. If we could not have collected this information through our normal processes, we will de-identify that information as soon as we can.
Uses and sharing
We use the personal information you provide only for purposes consistent with the reason you provided it, or for a directly related purpose. We may also use your personal information where required or permitted by law. We may also use your information where you have provided us with your express or implied consent.
We may also use your personal information, or aggregate your personal information with the personal information of other customers (so that the aggregated information is no longer personal) for the purposes of:
- analysis to help us better understand the needs of our customers so that we and third parties can better develop products and services for you;
- providing information that is tailored to what we believe are your areas of interest; and;
- analysing your product and services to improve your experience and to enable us to develop new or enhanced functionality for you.
We do not share your personal information with other organisations unless:
- you give us consent, or
- where sharing is otherwise required or permitted by law, or
- where this is necessary on a temporary basis to enable our contractors to perform specific functions.
We may contact you periodically to advise you of new or enhanced functionality which is available in connection with our products and services. You will not be obliged to adopt any such functionality.
When we temporarily provide personal information to companies who perform services for us, such as specialist information technology companies, mail houses or other contractors to Australia Post we require those companies to protect your personal information as diligently as we do. Strict contractual and other quality assurance measures are used to ensure your personal information is protected.
We have a strict duty to maintain the privacy of all personal information we hold about you. However, certain exceptions do apply. For example, where disclosure of your personal information is:
- authorised or required by law (e.g. disclosure to various government departments and agencies such as the Australian Taxation Office, CentreLink, Child Support Agency, or disclosure to courts under subpoena).
- in the public interest (e.g. where a crime, fraud or misdemeanour is committed or suspected and disclosure against the customer's rights to confidentiality is justified).
- with your consent - your consent may be implied or express and it may also be verbal or written.
Treatment of personal information with subsidiaries
APG can disclose personal information (excluding sensitive information) with subsidiaries and controlled entities as long as the purpose for sharing is related to the reason the personal information was originally collected. This excludes subsidiaries that are outside of Australia. Under these same terms, subsidiaries can share personal information with Australia Post.
Overseas use and disclosure
APG may transfer personal information to countries outside Australia (for example when you send correspondence overseas). We will only do so in compliance with all applicable Australian data protection and privacy laws. APG will take reasonable steps to protect personal information no matter what country it is stored in or transferred to. We have procedures and data transfer contracts as appropriate to help ensure this.
APG uses service providers in other countries as follows:
- Japan, Singapore, United Kingdom, United States of America, France, New Zealand, India and the Philippines.