Organisations that hold your personal information must use it fairly, keep it secure, make sure the information is accurate and keep it up to date. You have the right to expect this from them.
When organisations collect your information:
- they should usually be open about why they are collecting it;
- they should only use it in a reasonable way that you would expect; and
- they shouldn’t use it in a way that is unfair to you.
In some cases organisations do not have to be open when they collect information, for example when the police collect information about a suspect during an ongoing investigation. Openness is the general rule though, whether you’re dealing with an official body or a private one.
What is a privacy notice?
A privacy notice is a statement that tells you who is collecting information about you and what it will be used for.
Privacy notices take a number of forms, for example a notice on a website or a script read out over the telephone. A privacy notice should be in clear language and must be truthful.
A privacy notice should say:
- who is collecting information about you;
- what it’s going to be used for; and
- whether it’s going to be shared with other organisations.
This is the legal minimum. However, privacy notices can be used to tell you about other things, such as;
- the right of access to your information;
- how to get inaccurate information corrected; and
- the organisation’s security arrangements.
When should an organisation provide a privacy notice?
If it is already obvious who is collecting your details and what they are going to be used for, it is enough for the organisation to have a privacy notice available on request for those people who want further information.
In other cases a privacy notice should be actively provided to you. This is the case where:
- it is not clear who is collecting the information; and
- the information will be used in a way you wouldn’t expect.
Was your information collected fairly?
You can ask yourself the following questions to work out whether your information was collected fairly:
- Was it clear who collected your information and what it would be used for?
- Did you know that your information would be shared with other organisations?
- Was a privacy notice provided to you, or was it available on request?
- Was the privacy notice truthful and easy to understand?
If the answer to any of these questions is ‘no’, then it is likely that your details were collected unfairly. You can complain about this to the organisation concerned. If you are still not satisfied, we may be able to help.