(Created May 2018)
Purpose and preamble
In the course of its everyday activities, RBF may collect and use personal information from, or on behalf of donors, supporters or volunteers.
Personal information is also collected from subscribers to RBF’s publications.
This Policy also sets out the broad controls which RBF has adopted to govern the way it uses personal information, the circumstances in which it might disclose personal information to third parties, how members and students can access their personal information held by RBF and what they can do if they are not satisfied with RBF’s treatment of their personal information.
This policy applies to any persons in respect of whom RBF currently holds, or may in the future collect, personal information.
- "Personal Information" - information or opinion, whether true or not, regarding an individual whose identity is apparent or can reasonably be ascertained from the information or opinion
- "Sensitive Information" – is personal information or opinion about a person's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or personal health.
How this Policy applies:This Policy applies to personal information RBF collects from you in the course of any interaction or communication including:
- via one of our websites;
- via social media;
- via telephone;
- via email;
- via fax;• in person; and/or
- in writing.
This Policy also applies to personal information RBF collects from any other third party about you.
The kinds of information RBF may collect
From time to time you may voluntarily supply your personal information to RBF. RBF will record your email address if you send us a message or otherwise use a communication that identifies your email address, subscribe to an email newsletter, or complete a form if this information is requested.
When you provide your personal information, it allows us, for example, to process your donation, or provide you with the relevant information you have requested. You may also supply personal information to RBF through other means, including responding to a survey, filling in a meeting attendance sheet, taking part in a competition, completing a donation form, discussing your issues with a staff member/volunteer or signing up to a campaign. RBF only collects and retains personal information that is necessary for RBF to perform its functions and/or activities.
Depending upon the circumstances you may provide to RBF, and RBF may collect, information such as, but not limited to:
- your name;
- your contact details;
- your social media details (e.g. blogs, twitter, Facebook, LinkedIn);
- your gender;
- your marital/relationship status;
- your age;
- your employment details;
- your educational qualifications; and
- your inquiry or complaint details.
Some personal information collected is considered sensitive information and includes:
- your political opinions;
- your political party membership (if any);
- your union membership (if any);
- your racial or ethnic origin;
- your sexual orientation;
- any disabilities, illnesses or injuries you may have; and/or
- any other health information.
The Privacy Act allows RBF to collect sensitive information which relates solely to RBF’s supporters or people who have regular contact with RBF where the sensitive information relates to RBF’s activities. We will only collect sensitive information where we have received your consent to your personal information being collected, used, disclosed and stored by RBF in accordance with this Policy.
Where you provide information to RBF in relation to a job application the personal information you provide will only be collected, held, used and disclosed for the purposes of considering your potential employment with RBF. Where you provide the details of referees, you confirm that you have informed the referees that you are providing their contact information to RBF and they have consented to RBF contacting them and discussing the personal information you have provided in relation to the job application.
We will collect personal information directly from you unless:
- you have consented to RBF’s collection of your personal information from third parties; or
- when we are legally required to do so; or
- it is unreasonable or impractical to do so.
Where we have collected personal information about you either directly or by other means as set out above, we will notify you at the time, or as soon as practicable, to ensure that you are aware of such collection and its purpose.
You can choose to interact with us anonymously or by using a pseudonym where it is lawful and practicable. For example, you may wish to participate in a blog or enquire about a particular campaign anonymously or under a pseudonym. Your decision to interact anonymously or by using a pseudonym may affect the level of service we can offer you.
If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the APPs. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
Using your information for direct marketing
You consent to our use and disclosure of your personal information for the purposes of direct marketing which may include providing you with information about events, products or services which may be of interest to you.
If you do not want us to use your personal information for direct marketing purposes, you may elect not to receive direct marketing at the time of providing your personal information.
Unsubscribing and opting out
If you no longer wish to receive direct marketing or other communications, you may request at any time to cancel your consent to such communications as follows:
- If subscribing to an email newsletter you may "unsubscribe" at any time from the newsletter mailing list;
- RBF may, from time to time, send you text messages about issues of importance such as events or campaigns. You may “opt out” by texting STOP in reply to a text message from RBF; or
- You may contact us at any time by mail or email directed to our Privacy Officer.
RBF’s websites collect two types of information. The first type is anonymous information.
The web server makes a record of your visit and logs the following information for statistical purposes:• the user's server address; • the user's top level domain name (e.g. com, .gov, .net, .au, etc.); • the date and time of the visit to the site; • the pages accessed and documents downloaded; • the previous site visited; and • the type of browser used.
No attempt will be made to identify users or their browsing activities except, in the unlikely event of an investigation, where a law enforcement agency may exercise a warrant to inspect the internet service provider's logs.
Disclosure of personal information
RBF respects the privacy of personal information and will take reasonable steps to keep it strictly confidential and only use or disclose the personal information about an individual for the purpose for which the information is collected. Personal information is not used or disclosed for a secondary (related) purpose, except in accordance with the APP’s.
RBF will disclose personal information to third parties if it is necessary for the primary purposes of collecting the information, or for a related secondary purpose, if the disclosure could be reasonably expected by the individual. Where such disclosure is necessary, RBF will require that the third party undertake to treat the personal information in accordance with the APP’s.
RBF may also use or disclose personal information about an individual for a secondary purpose if it has obtained the individual’s consent (either express or implied).
RBF will not otherwise disclose personal information unless the individual has given consent or that disclosure is required by law.
No personal information is disclosed to third parties for the purposes of direct marketing. Personal information (such as name and address), is used, from time to time, for the purpose of forwarding information in the form of journals, newsletters and circulars, unless an individual requests that their personal information is not used for that purpose.
RBF will take all reasonable steps to ensure that all personal information held is secure from unauthorised access or disclosure. However, RBF does not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
Nonetheless, RBF has various security measures designed to protect against the loss, misuse and/or alteration of the information under its control. These security measures include:
- Firewalls, user identifiers and passwords - to prevent the hacking of our database and ensure access only by authorised personnel. This includes situations where information may be stored on servers managed by third parties;
- Clauses in employee agreements requiring confidentiality;
- Appropriate security access to RBF’s facility at Ridleyton;
- The use of passwords for access to database information and the use of security levels within the database to ensure that staff, members and students only access the information required to perform their duties/activities;• Security bins for the disposal of written information; and
- Secure storage areas for personal and student files.
Security arrangements are monitored and reviewed regularly and all staff made aware of organisational systems for the processing, storing and transmitting of personal information and the protective security policies associated with this.
An eligible data breach occurs if:
- There is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by Group; and
- The access, disclosure or loss is likely to result in serious harm to any individuals to whom the information relates.
In the case of an eligible data breach as described above, RBF will notify affected individuals that the breach is likely to result in serious harm. In addition, RBF will make a mandatory notification to the Privacy Commissioner.
RBF will not adopt as our own identifier a government related identifier of an individual, such as a tax file number or Medicare card number and will only use or disclose a government related identifier where the use or disclosure:
- is reasonably necessary for RBF to verify your identity for the purposes of our activities or functions;
- is reasonably necessary for RBF to fulfil its obligations to an agency or a State or Territory authority;
- is required or authorised by or under an Australian law• is required in order to comply with requirements and regulations to conduct activities as a Registered Training Organisation; or
- is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
Accessing personal information
A person may request to access personal information about them held by RBF. Such a request must be in writing to the Privacy Officer. RBF will grant a person access to their personal information as soon as practicable, subject to the circumstances of the request.
RBF will inform individuals when personal information is provided to an organisation providing services to RBF when required by the APPs to do so. Providers of services to RBF have undertaken to treat all personal information provided to them by RBF consistent with the provisions of the Privacy Act and the APPs.
- A request to access personal information will be rejected if:
- the request is frivolous or vexatious;
- providing access would have an unreasonable impact on the privacy of another person;
- providing access would pose a serious and imminent threat to the life or health of any person;
- providing access would prejudice RBF’s legal rights; or• there are other legal grounds to deny the request.
RBF may seek to recover reasonable costs associated with providing such access. If, for any reason, access is refused, written reasons for the refusal will be provided.
Correcting personal information
RBF will take reasonable steps to ensure the accuracy and completeness of the personal information we hold. However, if a person believes that the personal information held about them is inaccurate or out of date, then they should contact RBF in writing.
Variations to the Policy
This Policy may be varied from time to time and an updated version will be posted on RBF’s websites. Please check our websites regularly to ensure that you have the most recent version of the Policy.
Privacy officer contact details
The Privacy Officer
Rosemary Bryant Foundation
191 Torrens Road
Ridleyton SA 5008