Last updated 30 April 2019
In this Policy:
– Personal Information means any information about an individual from which that individual can be identified or reasonably identified. It does not include information that has been de-identified.
– Privacy Act means the Privacy Act 1988 (Cth) and includes the Australian Privacy Principles (APPs) and applicable privacy regulations.
This Policy sets out the types of personal information that we may collect and how that personal information will be used, disclosed, and protected. This Policy also explains how you can access or amend any personal information we hold about you, and how you may make a complaint.
Collection, use and disclosure of information
Types of personal information we collect
We only collect personal information that is necessary for the dealings you have with us, but this will typically include your name, email address, mailing address, and telephone numbers.
Members and prospective members
If you become a member of MTBA we may also collect:
– your age, emergency contact details, details of your country of citizenship, and any other details needed to complete your application form or membership agreement;
– some sensitive information, being health information about injuries you have or if you submit an insurance claim; and
– any additional personal information you provide to us, or authorise us to collect, as part of your interaction with MTBA.
Other people we interact with
We may also collect your information in other dealings with you, for example:
– when you contact us, subscribe to our news updates, register for our events, or purchase from our online shop, we may require you to provide us with contact information including your name, address, telephone number or email address and any financial information if payment is required.
– when you submit any personal information to us when leaving feedback, complaints or questions in relation to our services, we may keep a record.
– when you post comments or submit an image or video to us or our social media platforms, we may keep a record and/or use it for promotion and marketing purposes.
– if you apply for a job vacancy or volunteer position with us or via any third party recruitment service we use, we will collect your CV and other application information (such as details of relevant qualifications) required to allow us to assess your application and to retain for human resources purposes.
– from your dealings with us in the normal course of business through meetings, phone calls, letters, emails, as well as via mailing lists, advertisers and commercial agreements.
The purpose of collecting sensitive information about you (being health information) is so we can pass it on to our event insurance providers and also to ensure our events are run safely. We only use your sensitive information for this purpose and no other purpose. The types of sensitive information we collect may include details of your injury, any previously sustained injuries, and any other relevant health related information. We will obtain your express consent in circumstances where it is necessary for us to collect sensitive information.
Why we collect your personal information
We collect your personal information primarily for the purpose of the above interactions with you. We may also collect and use your personal information for planning and market research purposes, to promote MTBA and its events and local clubs, to innovate our delivery of products and services, to inform you about our events and promotions (and sometimes those of our carefully selected partners), and any related secondary purpose which we believe you would reasonably expect.
How we use and disclose your personal information
Any personal information that you provide to MTBA will be used for the purpose for which you disclosed it to us. We may also use and/or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to a purpose for which we collected it, and for which you would reasonably expect us to use or disclose your personal information.
We will not disclose personal information to any third parties except:
– if you participate in a mountain bike event, we may pass your registration information on to our event partners (such as our affiliated local clubs) for the purposes of facilitating the event, and we may list your name, state of residence and results on our website;
– where we are required or authorised to do so by law;
– to other companies or individuals who assist us in providing services or who perform functions on our behalf (such as third party service providers, specialist consultants, hosting and data storage providers);
– if you become a member, to our insurance providers from time to time (Insurer) for the purposes of assessing your insurance needs and providing with you with an insurance policy;
– if you are a member and make an insurance claim, to our Insurer to process your claim; or
– where you have consented to the disclosure.
Some anonymous demographic information may be provided to advertisers so they can assess whether they wish to participate in advertising, and if so, this information may play a role in the design of their advertisements for the website or mobile apps. All information disclosed in these circumstances will be stripped entirely of all personal information so that it does not identify you.
Except as otherwise stated, we do not disclose or publish personal information collected through our website without your express consent. Access to this information is restricted to our staff and contractors who are bound to respect the privacy of this information and/or bound by confidentiality obligations.
You have the right to access the personal information that MTBA holds about you and can do this by contacting us at firstname.lastname@example.org.
We may use or disclose your personal information for the purpose of informing you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive these communications, you can unsubscribe from or update your preferences at any time. We include an unsubscribe facility in all emails we send to you. Otherwise you can contact us at email@example.com to unsubscribe or update your preferences.
Unless we have your consent, or an exception under the APPs applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.
Generally, the reason for disclosure to an overseas recipient depends on the nature of the services those recipients provide to us (for example storing data via a cloud service, or where our customer relationship management system is hosted on servers located overseas).
If you participate in an event listed by the Union Cycliste Internationale (UCI) (for example a World Cup, World Championship or domestic UCI event), we may be required to disclose your personal information to the UCI in Switzerland.
Commitment to data security
We will take reasonable steps to ensure that all information collected, used or disclosed is accurate, complete, up-to-date and stored in a secure environment accessed only by authorised persons. The accuracy of the personal information we receive depends on the information you provide. We recommend you let us know if there are any errors in your personal information by contacting us directly.
Unfortunately, no data transmission over the internet can be guaranteed to be secure. While we strive to protect your personal information from misuse, loss and unauthorised access, we cannot guarantee the security of any information you transmit to us or receive from our website.
We also encourage you to keep your personal information secure, by maintaining the confidentiality of any passwords and account details used on our website or app. It is your sole responsibility to maintain such confidentiality and MTBA will not be liable for any damage, loss or expense suffered due to such disclosure.
We take steps to securely destroy or de-identify information that we no longer require.
Where we are subject to the APPs, we may be required to notify you about ‘eligible data breaches’. An eligible data breach occurs when:
1. there is unauthorised access to or disclosure of personal information we hold (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);
2. the access, disclosure or loss is likely to result in serious harm to you; and
3. we are unable to prevent the likely risk of serious harm with remedial action.
If it is not clear whether a suspected data breach meets these criteria, we will investigate and assess the breach further. This is to ensure you are notified if your personal information is involved in a data breach that is likely to result in serious harm. Even if the criteria are not met, we may decide it appropriate to notify you anyway as part of our commitment to taking privacy seriously.
Links to other sites
We are not responsible for the privacy practices or content of any of the websites linked to our website. If you have a concern about one of those websites, you are welcome to contact us if you think we should remove our link.
Changes to this Policy
How to contact us
You may contact MTBA at any time if you have any questions or concerns about this Policy or about the way in which your personal information has been handled. You may make a complaint to us using the contact details set out below.
We take complaints and breaches of the APPs very seriously and will investigate any complaint we receive and respond as soon as reasonably practicable. In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that we may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.
Mountain Bike Australia
PO Box 377, VARSITY LAKES QLD 4227