Friends privacy policy

1.1. Purpose

This policy sets out the intention and direction by which the Friends of the National Library of Australia Incorporated ('the Friends') approaches and manages the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Clth).

The Privacy Act regulates how certain incorporated associations store, use and disclose personal information, and how individuals can access information held. It requires the Friends to comply with the APPs and take reasonable steps to implement practices, procedures and systems relating to personal information.

This policy applies only to personal information the Friends specifically collects from members of the Friends, persons who attend Friends' events and persons who provide products and services to the Friends.

This policy applies to all members of the Friends and staff of the Friends.

1.2. Objectives

In accordance with APP 1, this policy supports the principles outlined in the Privacy Act by:

  • providing general guidance for managing personal information collected, held, used or disclosed by the Friends;
  • promoting the management of all personal information held by the Friends in an open and transparent way;
  • addressing the APPs in the Friends context; and
  • encouraging, promoting and facilitating a Friends-wide understanding of the principles and how they apply.

1.3. Who should read this policy?

  • Friends members;
  • contractors, consultants, suppliers or vendors of goods or services to the Friends;
  • applicants to the Friends for information under the Freedom of Information Act 1982;
  • individuals whose personal information may be collected, held, used or disclosed by the Friends.

1.4. The Friends and privacy

This policy sets out how the Friends complies with the Privacy Act. The key areas of Friends functions which may involve the collection of personal information include : consideration and approval of persons for membership of the Friends; Friends events and activities; e-commerce activities; personnel management;.

1.5. Personal information collected by the Friends

In accordance with APP 1, personal information about individuals may be collected by the Friends from the individual, or from a third party.

The Friends uses forms, online systems and other electronic or paper correspondence to collect personal information. The Friends will not collect personal information unless the information is deemed reasonably necessary for or directly related to one or more of the Friends' functions or activities.

The Friends is required to ensure that any information it collects is relevant for the purpose for which it is collected. The Friends may only collect personal information by lawful and fair means and generally collects the information from the individual personally.

The Friends currently collects and holds the following classes of personal information:

  • Friends membership applications;
  • membership records of the Friends ;
  • user feedback database;
  • surveys and evaluations;
  • online event ticketing;
  • sponsorship and fundraising information;
  • electronic mailing lists relating to the activities of the Friends;
  • personnel records;
  • corporate mailing lists; and
  • financial information and accounting system records.

Sensitive personal information

There is a distinction in the Privacy Act between personal information and 'sensitive information'. The Friends will not seek information which it does not need. Sensitive personal information includes information or opinion about an individual's:

  • racial or ethnic origin;
  • political opinions and association;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • sexual preferences or practices;
  • trade or professional associations and memberships;
  • union membership;
  • criminal record; and
  • health or genetic information.

The Friends will not collect this personal information.

1.6. Authority and purpose for collecting personal information

In accordance with APP 1 the purpose for which the Friends collects personal information complies with the objects of the Friends as set out in its Rules which identify the Friend's functions as:

  1. to encourage public and private support for the National Library of Australia through appreciation of the aims and objectives of the Library, and therefore to develop within the Australian community at large a tradition of caring for, and cherishing, the Library as a national institution
  2. to foster among members of the Association and other interested parties a sense of involvement with, and understanding of, the collections, objectives and operations of the National Library of Australia
  3. to encourage, support and promote the work of individuals and organisations making a contribution to Australian culture
  4. to raise funds for activities of the Association, consistent with the objects of the Association
  5. to publicise the resources and facilities of the National Library of Australia and to stimulate greater awareness within the community of the role of the Library
  6. to encourage and promote such other purposes of the National Library of Australia consistent with the Objects of the Association, including through donations of funds to the National Library of Australia and other organisations and individuals andto co-operate with other Australian libraries, museums and kindred organisations from time to time for any purposes consistent with these Objects.

1.7. How the Friends holds personal information

In accordance with APP 1, the Friends holds personal information in searchable electronic data bases; financial management systems; online booking systems; Excel applications; membership systems; electronic and paper files. Access to the databases, systems and electronic and paper files is limited to authorised users only.

1.8. Access to and correction of personal information

In accordance with APP 1, an individual may access his or her personal information held by the Friends and may seek correction of such information.

Access to personal information – APP 12

An individual has a right under APP 12 to access his or her personal information held by the Friends. The right of access is subject to the relevant exemptions in the Freedom of Information Act and any Act of the Commonwealth.

The Friends has a legal obligation to respond to requests for access to personal information within 30 days and to give written reasons for any refusal to release information.

Amendment of personal information – APP 13

The Friends will take reasonable steps to correct personal information that it holds to ensure it is accurate, up-to-date, complete, relevant and not misleading.

Individuals can request information the Friends holds about them to be corrected. The Friends has a legal obligation to respond within 30 days and must provide written reasons if the request to amend personal information is refused.

1.9. Use and disclosure of personal information

APP 6 provides guidance about the use and disclosure of personal information. The Friends holds personal information that is collected for particular purposes and will not use or disclose it for another purpose, unless the individual provides consent to disclosure, or disclosure falls within the guidelines set out in APP 6.

1.10. Disclosure of personal information to overseas recipients

In accordance with APP 1, the Friends is unlikely to disclose personal information to overseas recipients.

APP 8 places obligations on the Friends for disclosure of personal information to overseas entities, when the recipient is not in Australia or an external Territory. If personal information is disclosed overseas, the Friends will take reasonable steps to ensure that the overseas recipient does not breach the APPs.

1.11. Accidental or unauthorised disclosure of personal information

The Friends protects personal information it holds and will take seriously and deal promptly with any accidental or unauthorised disclosure of personal information.

External service providers who handle personal information about the Friends' staff, members or other individuals are required to comply with the requirements of the Privacy Act.

1.12. Data quality storage and security

APP 11 requires that the Friends takes reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.

The Friends manages its online services and IT systems through the systems operated by the National Library of Australia. The Library manages its online services and IT systems in accordance with the Australian Government Protective Security Policy Framework and the Australian Government Information Security Manual.

The objectives of the Library's IT Security framework are:

  • To ensure that appropriate, cost effective safeguards and procedures are adopted to protect Library information assets and associated information technology resources;
  • To ensure that Library personnel, contractors, vendors and visitors are aware of their accountability for the effective operation of these safeguards; and
  • To ensure auditability of information technology resource safeguards and procedures.
  • The Library's IT management procedures and practices require that:
  • personal information must be stored on a network file server with restricted access permissions;
  • safeguards include procedures for cleansing PCs, servers and storage systems of personal information prior to the PC being disposed or used for another purpose;
  • personal information may only be stored on a removable media provided it is password-protected and stored in a secure place;
  • controls to address the risk of unauthorized access to personal data through Internet-based hackers, weak passwords or malware and viruses; and
  • a responsible staff culture is fostered through continual information security awareness and training tailored to roles and responsibilities.

Storage of information (and the disposal of information when no longer required) is managed in accordance with Australian Government records management regulations, guidelines and authorities, including the Archives Act, Records Authorities and General Disposal Authorities.

1.13. Our website

The Friends publishes a privacy notice on its website.

2. Complaints

In accordance with APP 1, an individual may complain about a breach of the APPs. The Friends will take reasonable steps to deal with enquiries or complaints about compliance with the APPs. The Friends will send a considered response to complaints or suggestions within 30 days. The Friends is committed to quick and fair resolution of complaints and will ensure that all complaints are taken seriously.

Complaints about the Friends' personal information handling practices may also be made to the Office of the Australian Information Commissioner.

3. How to contact us

In accordance with APP1, an individual may contact the Privacy Contact Officer to:

  • obtain access to their personal information;
  • make a complaint about a breach of privacy;
  • query how personal information is collected, stored, used or disclosed;
  • request a free copy of the privacy policy; or
  • ask questions about the Friends' privacy policy.

General enquiries about the Friends' compliance with the APPs can be made via:

  • Telephone 02 62621551
    • National Relay Service 133 677 (for hearing impaired callers)
  • Or writing to

    Friends Executive Officer
    National Library of Australia
    Parkes Place
    Parkes ACT 2610

3.1. Related documents

Australian Government documents:

  • Privacy Act 1988 (Cth);
  • Criminal Code Act 1995 (Cth);
  • Freedom of Information Act 1982 (Cth);
  • Human Rights and Equal Opportunity Commission Act 1986 (Cth);
  • Merit Protection (Australian Government Employees) Act 1984 (Cth);
  • National Library Act 1960 (Cth);
  • Australian Information Commissioners Act 2010 (Cth);
  • Public Service Act 1999 (Cth); and
  • Ombudsman Act 1976 (Cth).

4. Privacy policy updates

In accordance with APP 1 the Friends reviews this policy every 12 months to ensure it is up-to-date.

Last updated April 2016

Page published: 22 Feb 2023

