Policy Statement
Myli is committed to the responsible management of personal information, including through our
compliance with the Australian Privacy Principles (APPs). Myli is also guided by our core values
including relationships, excellence and bravery. Therefore the Myli Privacy Policy reflects both legal
privacy requirements, as well as our core values in managing personal information in an open and
transparent way and complying with APPs in the way we collect, hold, use and disclose personal
information.
Purpose
This policy sets out how Myli will comply with the Australian Privacy Principles (APPs) contained in
Schedule 1 to the Privacy Act 1988 (Cth) (the Privacy Act). In particular, this policy demonstrates the
Myli’s compliance with APP 1 – open and transparent management of personal information.
Scope
This policy covers how and why we collect, store and use email addresses and other personal
information. Myli will only collect, store, use, disclose and destroy your personal information in
accordance with the Privacy Act 1988. Schedule 1 to the Privacy Act 1988 contains the Australian
Privacy Principles which regulate the way in which organisations can collect and use personal
information. Our privacy policy sets out the way in which Myli complies with these principles.
Policy Details
Myli – My Community Library Ltd (ABN 92 653 088 610) (Myli) is committed to providing quality
services to you and this policy outlines our ongoing obligations to you in respect of how we manage
your Personal Information.
This policy is part of Myli’s obligation to comply with the Privacy Act 1988 and the Australian Privacy
Principles (APPs). This Act provide a regime for the responsible collection and handling of your
Personal Information.
Collection of Information
Personal Information
Personal Information is information or an opinion that identifies an individual. Examples of Personal
Information can include name, email address, gender, age, financial and bank account details,
opinions, education, and photos and videos that can be linked to an identifiable living person. It can
also include date of birth, residential or postal address and postcodes.
This Personal Information is obtained in many ways including: membership registration, programs and
event bookings, surveys, interviews, correspondence, by telephone and facsimile, by email, via our
website myli.org.au, from your website, from media and publications, from other publicly available
sources, from cookies or CCTV and from third parties. We don’t guarantee website links or policy of
authorised third parties.
Myli only collects Personal Information that is necessary for one or more of its functions as a public
library. Personal information will only be collected in a fair and reasonable way.
When we collect Personal Information we will, where appropriate and where possible, explain to you
why we are collecting the information and how we plan to use it.
When a person joins the library they are asked to show current identification and to complete a
membership form. In the case of a minor, a person able and willing to sign as guarantor provides the
information.
Sensitive Information
Sensitive information is defined in the Privacy Act 1988 to include information or opinion about such
things as an individual’s racial or ethnic origin, political opinions, membership of a political association,
religious or philosophical beliefs, membership of a trade union or other professional body, criminal
record or health information.
Sensitive information will be used by us only:
• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent; or where required or authorised by law.
Myli does not collect sensitive information unless the individual concerned has consented to the
collection or the collection is required or authorised by law.
Third Parties
Where reasonable and practicable to do so, we will collect your Personal Information only from you.
However, in some circumstances we may be provided with information by third parties. In such a case
we will take reasonable steps to ensure that you are made aware of the information provided to us by
the third party.
If Myli collects personal information about an individual from someone other than the individual it will
make reasonable steps to ensure that the individual is aware of this.
Use and Disclosure of Information
Myli will not use or disclose information about an individual to outside persons other than for the
purpose of collecting that information unless:
• The individual has consented to its use or disclosure,
• The use or disclosure is required or authorised by law,
• Myli believes there is a serious and imminent threat to an individual’s or the public’s life, health or
safety,
• Myli has reason to believe that unlawful activity has been, is being or may be engaged in,
• Myli does not make any information on Library members available to a commercial third party other
than a debt collection agency recovering debts on behalf of Myli.
A member’s personal record may not be accessed by anyone other than Library staff, and then only
for the purpose of carrying out Library transactions or activities.
If Personal Information is required to be provided by legislation or court order, a record of that
disclosure will be kept. All communications from Myli will contain Myli’s postal address, telephone
number and email address.
Your Personal Information will not be shared, sold or disclosed other than as described in this Privacy
Policy.
We may use and disclose the information we collect about you via surveys, solely for the purpose of
informing the design of new library services and programs for Myli. Your Personal Information will not
be shared, sold or disclosed other than as described in this Privacy Policy. All hard copy and online
copy surveys will be destroyed and deleted once data from the Survey has been analysed.
Survey data will be used to inform the inquiry or program to which they relate and may also be used
for any subsequent reporting, and for promotion and utilisation of the report and the program. For
example we may quote your answers in a report or promotional material. If we do this we will not use
your name or address or any other information that could identify you unless we get your permission.
Data Quality
Myli will take reasonable steps to ensure any Personal Information it collects, uses or discloses is upto-date, complete and correct. Members can update their details at any time by contacting their local
library branch or by accessing their account online.
A library membership record includes name and address, telephone number(s), postal address where
required, date of birth and appropriate parent or guardian details in the case of child members. It also
includes details of any library items that the member may have on loan, details of currently
outstanding fines or lost/damaged book accounts and details of any reservations.
Membership records are valid for three years. If any Library card is not used for a period of three
years, then the membership automatically lapses. Inactive records are regularly purged on a monthly
basis. This does not occur if there are outstanding debts (overdue fines or items) listed on the record.
Membership forms are destroyed once the member information is placed on the computer database.
It is an important to us that your Personal Information is up-to-date. We will take reasonable steps to
make sure that your Personal Information is accurate, complete and up-to-date. If you find that the
information we have is not up to date or is inaccurate, please advise us as soon as practicable so we
can update our records and ensure we can continue to provide quality services to you.
Data Security
Myli takes reasonable steps to protect Personal Information it holds from any misuse or loss,
unauthorised access, modification or disclosure. Myli will take reasonable steps to destroy or deidentify Personal Information if it is no longer required. However, most of the Personal Information is or
will be stored in client files which will be kept by us for a minimum of 3 years.
Myli computer systems are protected by various means to ensure that Personal Information is not
made available to unauthorised persons.
Myli have policies and physical safeguards in place to ensure the security of Personal Information as
well as backup and recovery systems to prevent the loss of Personal Information.
Openness
This Privacy Policy is available to anyone who requests a copy. Further upon request Myli will make
available to any person or organisation the type of Personal Information we hold and the purpose of
collecting, holding, using and disclosing that information.
Access and Correction
Where Myli holds Personal Information about an individual that individual will be able to access that
personal information upon request, unless the request
• is frivolous or vexatious;
• would have unreasonable impact on the privacy of others;
• refusal is in accordance with appropriate laws or access is otherwise not required by the Privacy
Act 1988;
• The information relates to existing legal proceedings between Myli and the individual.
A Library member is entitled to see their computer record at any time, on production of their library
card or suitable identification. A parent or guardian is entitled to see the record of a minor for whom
they have signed as guarantor.
Home Delivery volunteers are only provided with medical and Personal Information about their clients
that is necessary for them to make selections and provide a service to that person.
In most circumstances Myli expects that we would be able to provide members with the Personal
Information requested or reasons for denial to access within 45 days of receipt of the request for
access.
Unique Identifiers
Myli assigns unique barcode identifiers to each Library member for the purpose of conducting the
business of the Library Service. Myli will not identify any individual by any Commonwealth government
identifier such as Medicare or Tax File Numbers.
Anonymity
Where it is lawful and practicable, Members have the option of remaining anonymous when
transacting with Myli.
Transborder Data Flows
Myli usually stores survey responses and Personal Information on its databases in Australia and will
keep that information in accordance with the Privacy Act 1988.
Offshore storage
Myli may use SurveyMonkey, Google Analytics or similar applications for the collection, aggregation
and analysis of statistical information and survey data. The information collected is transmitted and
stored securely on offshore servers and accessed by Myli in accordance with this Privacy Policy and
Terms of Use.
Statistical Information
Myli does use some membership information for its own statistical purposes. This allows us to plan for
improving or extending Library services and to meet changes in demand for services. We do not
identify individuals by name or address when compiling this statistical information.
Roles and Responsibilities
The following positions are responsible for approving, implementing, complying with, monitoring,
evaluating reviewing and providing advice on the policy and procedures:
Implementation CEO and Manager Marketing and Strategy
Compliance All employees, volunteers, Board Members and
Community Advisory Committee members
Document Development/review Manager Marketing and Strategy
Interpretation / Advice CEO and Manager Marketing and Strategy
Supporting Documents
This policy should be read in conjunction with all other relevant, Myli policies and procedures, as well
as relevant legislative requirements including:
• Privacy Act 1988
• Australian Privacy Principles
Human Rights Charter
This policy has been considered in relation to the Victorian Charter of Human Rights and
Responsibility Act 2006 and is determined that it does not contravene the Charter.
Monitoring, Evaluation and Review
This policy is to be reviewed as required due to changes in the handling and storage of personal
information by Myli. This Policy may change from time to time and is available on our website.
Myli has appointed a privacy officer (CEO) who can be contacted for all enquiries on this policy,
requests for access, requests for correction and complaints. Any individual who believes Myli has
interfered with their privacy and who is not satisfied they have received an appropriate response from
Myli may complain to the Office of the Australian Information Commissioner’s (OAIC).
Myli – My Community Library Ltd (ABN 92 653 088 610) (Myli)
2/65 Victoria Street, Warragul VIC 3820
Ph: (03) 5622 2849
Myli.org.au
ceo@myli.org.au
Non-compliance, Breaches and Sanctions
Failure to comply with the Myli policy, supporting procedures or guidelines, will be subject to
investigation which may lead to disciplinary and/or legal action.
Definitions and Abbreviations
Detailed information on the Privacy Act 1988 and Australia Privacy Principles including how to make
an official privacy complaint can be accessed on the website of the Office of the Australian Information
Commissioner’s (OAIC) oaic.gov.au.