1.   PURPOSE

The Pacific Community (SPC) Privacy Policy provides a framework for how SPC will handle any personal information that it collects in its day to day operations.   It aims to ensure that SPC respects personal information and that it is appropriately protected and used.

2.   SCOPE

This policy applies to:

• all SPC staff, whether full-time, part-time or casual
• non-staff personnel, including SPC contractors, students and internsany  implementing  partners  or  other  persons  SPC  contracts  and  that  handle  personal information.

3.   DEFINITIONS

Personal information is any information about an identified individual, or an individual who is reasonably identifiable. It will be personal information where the information is true or not, and whether the information is recorded or not.

Examples of personal information include a person’s name and address, photograph, details of the qualifications, an email address, their geo-location.

4.   COLLECTION AND HOLDING OF PERSONAL INFORMATION

SPC only collects personal information for purposes that are directly related to its official functions or activities, and only when it is necessary for or directly related to those purposes. These purposes include the following:

• providing development assistance to Member States and/or Territories
• undertaking scientific research in any of SPC’s key sectoral areas
• conducting surveys or censuses for development assistance at a Member’s request
• seeking feedback on SPC’s functions and activities to improve its services
• providing information about SPC’s activities
• selection, recruitment, engagement and management of staff, consultants and contractors

SPC will usually collect personal information directly from the individual, either in person, in correspondence, in an application form, over the phone or over the internet, or through a mobile application. Sometimes SPC will collect personal information from another third party, for instance from other development partners or through a publicly available source.

5.   ELECTRONIC COLLECTION

SPC will not collect personal information from individuals who only browse the SPC website.

SPC may collect personal information about someone when they engage with any of SPC’s social networking services (twitter, facebook, mobile aps), or engage with SPC by email. For example when an individual:

• asks to be on an email list
• makes an enquiry
• fills in any online surveys run by SPC
• uses an SPC mobile application.

 SPC also uses a range of analytic tools to collect or view website traffic information. These sites have their own privacy policy.

The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on SPC’s site and the next site visited. This information is used to maintain, secure and improve SPC’s website.

6.   CONFIDENTIALITY

As a leading scientific and technical organisation, SPC is committed to preserving the levels of confidentiality necessary to protect its reputation as an intergovernmental organisation and a research institution. SPC will also observe any additional confidentiality provisions in agreements where it holds or collects personal information on behalf of its Members or other development partners.

7.   DISCLOSURE

SPC will generally only disclose personal information where:

• the disclosure was consented to either at the time of collection, or afterwards
• it is necessary to fulfil the purposes of the original collection, for instance if SPC collected the information on behalf of one of our members
• if SPC is working with a development partner or other agency assisting with delivering a project
• it is necessary for SPC to refer information to law enforcement entities.

8.   STORAGE AND SECURITY OF PERSONAL INFORMATION

SPC will take steps to protect the security of the personal information it holds from internal and external threats by:

• assessing the risk of misuse, interference, loss and unauthorised access, modification or disclosure of personal information it holds
• taking measures to address those risks
• conducting audits from time to time to assess compliance.

9.   COMPLAINT

A person may complain to SPC about how it has handled their personal information. In that case, the person should write to the Deputy Director-General Noumea, providing the following information:

• their contact details
• their complaint, including how the alleged behaviour negatively impacted the person copies of any information supporting the allegations
• how they would like SPC to resolve the complaint.

SPC will consider all the information and determine what if any action should be taken to resolve the complaint. SPC will endeavour to provide an initial response to the privacy complaint within 10 working days.