ACS Constitutional Reform Working Group

Australian Computer Society – Constitutional Reform Working Group

Privacy Policy Statement

Version of 31 January 2022

CRWG is an unincorporated association working within the context of the Australian Computer Society (ACS). As an organisation with turnover greater than the Privacy Act (Cth) s.6d threshold of $3m p.a., ACS is subject to that Act. CRWG may or may not be, but in any case conducts itself in a manner consistent with the Act.

Data Collection

CRWG collects data that is submitted to it by participants in the consultation process. This comprises:

data expressly input by participants, in a context in which it is apparent that the data is being collected, and apparent that it is associated with an email-address provided by the recipient;
data automatically disclosed by the participants' web-browser, which CRWG's web-server automatically logs, including the date and time, the IP address from which the session was conducted, the type of browser and operating system the participant used, the URL of any page that referred the participant to the page, the URL requested, and whether the request was successful.

CRWG does not use cookies.

Data Storage and Security

CRWG stores data in a manner that ensures security against unauthorised access, alteration or deletion, at a level commensurate with its sensitivity.

Data is logged, as per normal business practices, by CRWG's service-provider (VentraIP, which in turn uses a wholesale service-provider).

Data Use and Disclosure

CRWG uses data provided by participants in the following ways:

to generate an email to CRWG's Online Forum, which is outsourced to the groups.io service. By its nature, this Forum, and the content posted on it, are openly available to any party. The data includes the email-address provided by the participant; and
to prepare reports about the input provided by members as part of the consultation process. Where CRWG considers it appropriate, these reports include the email-address provided by the participant.

No checking or authentication of email-addresses is performed. Participants may choose to use a pseudonymous email-address. This may preclude any further contact. A persistent pseudonym may be established, however, in which case the possibility exists of some party that gains access to the data correlating successive interactions and the data that they contain, possibly including the data gathered by the web-server.

CRWG might conceivably, under appropriate circumstances, use or disclose the data for:

such other purposes as are subsequently agreed between CRWG and a participant;
such additional purposes as may be required by law. In these circumstances, CRWG will take any reasonable steps available to it to communicate to relevant participants that the use has occurred, unless it is precluded from doing so by law; and
such additional purposes as are authorised by law, in particular to protect the interests of CRWG or the ACS.

Data Retention and Destruction

The data will be retained only as long as is consistent with its purpose. However:

data may be retained in logs, backups and audit trails within short-term retention cycles;
data may be retained beyond the expiry of its purpose if that is required by law or authorised by law, in particular to protect the interests of CRWG or the ACS.

Subject Access and Correction

If a participant makes a reasonable request for access to data arising from their participation, CRWG will endeavour to provide access conveniently and without unreasonable delay.

In the event that a participant disputes some aspect of data that was provided by them, or that purports to have been provided by them, or that has been generated as a result of the interaction, CRWG will take reasonable steps in relation to investigation of the matter, and to any appropriate amendment, supplementation or deletion of that data.