1. PURPOSE OF POLICY
B4D adopted the Australian Privacy Principles (‘APPs’) contained in the Privacy Act 1988 (Cth) (‘the Privacy Act’). The APPs govern the way in which we collect, use, disclose, store, secure and dispose of personal data. This includes compliance with the Notifiable Data Breach
Scheme, as well as the Payment Card Industry Data Security Standard. A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au
In conjunction with the APPs, we align with the European Union General Data Protection Regulation of 2016 (GDPR) which can be obtained from the European Union Law website at https://ec.europa.eu/info/law/law-topic/data-protection/eu-data-protection-rules_en.
What is personal data?
A wide range of identifiers can be ‘personal data’ including a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. When exploring the
links to external resources provided in this document, personal data and personal information are interchangeable.
What are cookies?
Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.
3. B4D APPROACH
We process your data for the primary purposes of meeting our legal, statutory and contractual obligations, providing information to our clients, and for marketing purposes. We may also use your data for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.
When we collect personal data we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.
4. COLLECTION OF INFORMATION
We collect information in the following ways:
- When you send us an email
- When you submit your information via an online form
- When you visit our website
- When you submit your information to us in paper form
- Through direct interaction, whether in person or on the phone, general or program related
- From publicly available information online
- From third parties
Examples of personal data we collect includes names, addresses, email addresses and phone
Where reasonable and practicable to do so, we will collect your personal data only from you.However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party
5. INFORMATION USE
B4D does not carry out automated decision-making but we systematically analyse our databases and the information that we hold about you, in order to improve the services we provide to you.
We may sometimes collect or use types of personal information which may include identification of an individual’s capacity to give using publicly available information sources or information that you provide us with. This allows us to tailor our fundraising and marketing activities to make them as appropriate as possible for our supporters and reflect their interests as closely as possible.
Occasionally, B4D would like to contact you with updates relating to our programs and services or campaigns we are undertaking. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options on our website or by contacting us at firstname.lastname@example.org.
- make our website easier to use
- to support the provision of information and functionality to you
- to better understand how you use our website.
You can set your browser not to accept cookies however, in a few cases, some of our website features may not function as a result.
8. SENSITIVE INFORMATION
The Privacy Act extends additional protections for certain types of information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other
professional body, criminal record, health information, data revealing the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, or data concerning a natural person’s sex life or sexual orientation
The above special categories will be used by us only:
- for the primary purpose for which it was obtained;
- for a secondary purpose that is directly related to the primary purpose; and/or
- with your consent; or where required or authorised by law.
9. MAINTAINING THE QUALITY OF PERSONAL DATA
It is important to us that your personal information is up to date. We will take reasonable steps to make sure that your information is accurate, complete and up to date, but if you find that it is not, advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.
10. DISCLOSURE OF PERSONAL DATA
Your personal data may be disclosed in a number of circumstances including the following:
- Third parties where you consent to the use or disclosure; and
- Where required or authorised by law.
11. INDIVIDUAL RIGHTS
In addition to the rights outlined in the APPs, the following individual rights are extended:
- right to request erasure of one’s data
- right to data portability, meaning the right to receive one’s personal data
- right to object to processing of one’s personal data at any time.
Access to Your Personal Data
You may access the personal data we hold about you to update and/or correct it. If you wish to access your personal data, please contact us as noted below. In order to protect your personal data, we may require identification from you before releasing the requested information. Your personal data will never be released to third parties without your express permission, unless required by law.
12. SAFEGUARDING MEASURES
B4D takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. When your personal data is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently deidentify your personal data unless we are required by law to retain your personal data for a longer period.
We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including:
- Pseudonymisation and aggregation of personal data as appropriate
- Restricted access to personal data based on need (access controls)
- Firewalls and anti-virus/malware
- Data encryption at rest and in transit
- Multi factor authentication (where required)
- File keys and tokenisation (where required)
Data Breach Procedure
In the case of a data breach, a data breach notification from the data controller is mandatory within 72 hours with few exceptions, it will be less than 72 hours if a high risk to the rights and freedoms of involved individuals. Under these circumstance B4D will invoke it’s Crisis and Incident Handling Policy.
13. REPORTING A CONCERN
Phone: +61 3 9008 9030
Address: 262 Lorimer Street, Port Melbourne, Victoria 3207
14. ADMINISTRATION OF POLICY
This policy will be publicly available on the B4D website ensuring accessibility for all relevant parties.