Last Updated 1 November 2022
The Nine National Privacy Principles:
Principle 1: Notice
Principle: A data controller shall give simple-to-understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:
- a) During Collection
- What personal information is being collected;
- Purposes for which personal information is being collected;
- Uses of collected personal information;
- Whether or not personal information may be disclosed to third persons;
- Security safeguards established by the data controller in relation to the personal information;
- Processes available to data subjects to access and correct their own personal information;
- Contact details of the privacy officers and SRO ombudsmen for filing complaints.
- b) Other Notices
- Data breaches must be notified to affected individuals and the commissioner when applicable.
- Individuals must be notified of any legal access to their personal information after the purposes of the access have been met.
- Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.
Principle 2: Choice and Consent
Principle: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorised agencies. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymised within a reasonable timeframe if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required.
Principle 3: Collection Limitation
Principle: A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.
Principle 4: Purpose Limitation
Principle: Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.
Principle 5: Access and Correction
Principle: Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion of such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.
Principle 6: Disclosure of Information
Principle: A data controller shall not disclose personal information to third parties, except after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.
Principle 7: Security
Principle: A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymisation, unauthorised disclosure (either accidental or incidental) or other reasonably foreseeable risks.
Principle 8: Openness
Principle: A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.
Principle 9: Accountability
Principle: The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.
Please note that this Policy is only applicable to our online users and data gathered on the Website and not to any other information or website.
PLEASE READ THE POLICY CAREFULLY TO FULLY UNDERSTAND THE NATURE AND PURPOSE OF GATHERING INFORMATION, USAGE, DISCLOSURE, SECURITY PROCEDURE AND SHARING OF SUCH INFORMATION.
- Information we Collect
We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and the number of clicks. “Personal Information” is information which can be used to identify you as an individual; this may include your email, address, company and identity information and any other information which you submit to us through the Website.
- How We Use and Share Information
In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.
HumLab will offer individuals the opportunity to choose (opt out) whether their personal information is to be used for any purpose other than what it was collected for.
We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorise us to) disclose your name, city, state, telephone number, email address, UserID history, fraud complaints, and usage history, in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.
- How We Protect Information
- Security: We implement security measures designed to protect your information from unauthorised access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls, and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. In addition, while we take reasonable measures to ensure that other entities who provide us with payment processing services keep your information confidential and secure, such entities’ practices are ultimately beyond our control. By using our Website, you acknowledge that you understand and agree to assume these risks.
- Data Integrity: HumLab will use personal information and User Content only for purpose of delivering the services made available in the Website, the services agreed with subscribers or members to its various services, and within the confines of the contractual terms of such subscription and / or membership, and to facilitate the services you request related thereto.
- Access: HumLab will allow individuals to access their personal information. Further, HumLab will allow the individual to correct, update, or delete information. Individuals who wish to make an access request or remove personal information from our records, or if you have any questions in regard to this policy or believe that HumLab has not complied with the provisions of this policy, should direct such a request to our Privacy Officer at the address provided below or by sending an email to us at: [email protected]