The Australian Federation of Air Pilots (AFAP) mission is to represent and promote the interests of Australian professional flight crew and to champion the highest possible standards of aviation safety.
The AFAP collects personal information in order to conduct its business of advocating for, and representing, the interest of its members. The AFAP operates in the political, legal, industrial and social spheres.
Application of the Policy
This Policy applies to personal information the AFAP collects from members via a range of communication activities including:
- our website
- social media
- in person and/or
- membership applications
This Policy also applies to personal information the AFAP collects from third parties, about members.
The AFAP website collects two types of information. The first type is anonymous information. The web server makes a record of visits and logs information for various statistical purposes. No attempt is made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's logs.
Information the AFAP collects
The AFAP will record details from an application form including your e-mail address and updating of the membership portal. It may record details if you send us a message, subscribe to an email newsletter, or complete a form. When you provide your personal information, it allows us, for example, to assist you with industrial relations and membership queries, inform you about industrial, social campaigns, discussing your issues with an Industrial Representative, or responding to a survey.
The AFAP collects, holds, uses and discloses personal information to enable it to carry on its functions and purposes of advocating for, and representing, the interest of its members.
Depending upon the circumstances you may provide to the AFAP information such as, but not limited to:
- your name
- your contact and address details
- your email address
- your beneficiary details
- your gender
- your marital status
- your employment and salary details
- inquiry and/or complaint details
- banking and credit card details (which is encrypted)
In providing personal information to the AFAP, you are taken to have given consent to the treatment of your personal information by the AFAP in accordance with this Policy.
The Privacy Act allows the AFAP to collect sensitive information which relates solely to AFAP members or people who have regular contact with the AFAP where the sensitive information relates to the AFAP’s activities. We will only collect sensitive information where we have your consent and will only use that information in accordance with this policy. In providing the information to us you are consenting to it being used in accordance with this policy.
If we have collected personal information about you by other than direct means as set out above, we will notify you at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose.
If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
Unsubscribing and opting out
Members who no longer wish to receive direct marketing or other communications may request cancellation of their consent to such communications at any time by contacting the AFAP by email, phone or mail.
Disclosure of personal information
The AFAP may disclose personal information to other organisations, in connection with or to further its objects and purposes, provided that reasonable steps are taken to ensure that each organisation to which the personal information is disclosed is committed to protecting privacy and complies with the Australian Privacy Principles, or is subject to a law or scheme that is at least substantially similar to the way in which the Australian Privacy Principles protect information. By providing personal information to the AFAP, members consent to the AFAP transferring personal information to such other organisations.
How the AFAP holds personal information
Wherever reasonably practicable the AFAP holds electronic personal information on data servers that are owned and controlled by the AFAP. However, by providing personal information to the AFAP, members consent to information being stored and processed on a data server or data servers (e.g. cloud services) owned by a third party or third parties that are located inside Australia. The AFAP will take reasonable steps to ensure that any third party providers comply with the APPs. Wherever reasonably practicable the AFAP holds physical personal information in access controlled premises.
Seeking access and/or correction to personal information held by the AFAP
Members have access to their personal information and can personally update or correct it. The AFAP requires that members provide proof of identity in order to seek access to their personal information. The AFAP may refuse to provide access if permitted to do so by law or under the APPs.
Updating your personal information
You may ask us to update, correct or delete the personal information we hold about you at any time. We will take reasonable steps to verify your identity before granting access or making any corrections to or deletion of your information. We also have obligations to take reasonable steps to correct personal information we hold when we are satisfied that it is inaccurate, out- of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
Your direct debit or credit cards
The AFAP website is secured using SSL technology to encrypt data between your browser and the website. If you are entering any payment or credit card information on the internet, you should confirm that the page is secured (padlock symbol in your browser) before entering any information. We make every effort possible to make your payment transactions within our website as secure and safe as possible.
We use the eWay Merchant Facility payment gateway to process member credit/debit card payments. The gateway uses Secure Socket Layer (SSL) certificates being the industry standard for encrypting credit card and debit card numbers so that they cannot be viewed by any third party over the internet. All card numbers are encrypted and securely held by eWay servers and are not available to AFAP administration staff.
OMNI Software Solutions, the provider of our membership system, MemNet, understands that organisations that store, process, or transmit credit cardholder data must meet strict requirements to be PCI compliant. PCI compliance specifically relates to the security and controls around the payment applications and cardholder data as it is handled and stored from end to end, that is from when a customer first provides their cardholder data, through the various pieces of software to the final payment and/or card storage provider.
MemNet itself is not a payment processor or a card storage facility. With the utilisation of the eWay Rapid API interface, at no time does MemNet or OMNI Software Solutions handle, process, or store credit card data; therefore, both OMNI Software Solution and MemNet fall outside of the scope of any PCI compliance assessment. Furthermore, MemNet no longer supports the storage of credit card details within the application itself. Any stored credit cards are now securely stored in eWay and accessed via a system generated token when payments are processed.
Website usage information and cookies
A cookie does not identify individuals personally, but it does identify computers. You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance.
We may gather your IP address as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify you personally.
Our websites may contain links to other websites and social media pages including Facebook, Twitter and LinkedIn. We are not responsible for the privacy policies of the entities responsible for those websites and we recommend that you review the privacy policies applicable to any other websites you visit.
How the AFAP will deal with complaints
The AFAP will seek to deal with privacy complaints as follows:
- complaints will be treated seriously
- complaints will be dealt with promptly
- complaints will be dealt with confidentially
- complaints will be investigated by the Executive Director and/or Operations Manager and the outcome of an investigation will be provided to the complainant where the complainant has provided proof of identity
- the AFAP will seek to respond within 30 days of receipt of a valid complaint