At Reconciliation NSW, protecting your privacy is important to us. This policy explains how we manage personal information within our organisation.
What is ‘personal information’?
‘Personal information’ is any information, or an opinion about an individual, which can identify a person and may include a person’s name, address, telephone number, email address and profession/occupation (whether the information is true or not or recorded in a material form or not).
‘Sensitive information’ is a category of personal information and includes a person’s race or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, memberships, sexual orientation or health, genetic or biometric information.
How we collect personal information
We collect personal information about you in the following ways:
- when you make a donation;
- when you apply for a membership with us;
- when you order products or services from us;
- when you register for or attend one of our events;
- when you submit a query or request to us on our website or social media sites;
- when you speak to our representatives;
- when you respond to a survey that we run or fill in forms on our website;
- by tracking your use of our websites and social media profiles;
- from third parties who are entitled to disclose that information to us; and
- when you apply to volunteer or work with or for us in any capacity.
Where we collect personal information from you, we will generally do so ourselves. However, in some cases we may collect personal information from a third party, such as through your representatives, contractors who provide services to us (such as Eventbrite), or third parties who refer you to us because they think you may be interested in our products or services.
Kinds of personal information we collect
The kinds of personal information that we collect and hold about you may include:
- identifying information, such as your name, date of birth and location;
- whether you identify as Aboriginal and/or Torres Strait Islander;
- contact information, such as your postal address, email address and telephone number;
- social media handles and other social media profile information that you make available to us or to the public;
- financial information, such as credit card, bank account or other payment details;
- records of our communications with you, including any messages you send us;
- information about your use of our website and social media profiles, including internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use log files and cookies to gather this information; and
- any information you provide to us through our office, surveys, or visits by our representatives.
Without this information we may not be able to provide you with our products or services (or with all of the features and functionality offered by our products or services) or to respond to queries or requests that you submit to us.
Consequences of not providing personal information
If you do not provide your personal information, we may not be able to accept your donation or application for membership, respond to your query or otherwise provide you with any goods or services.
Purposes for which we use personal information
We will not collect other sensitive information about you unless you have consented for us to do so, or the collection of the information is required or authorised by Australian law.
We use personal information that we collect about you for the following purposes: to verify your identity when you are dealing with us;
- to determine your eligibility to become a member or acquire any of our products and services;
- to answer your queries and requests;
- to comply with our legal and regulatory obligations;
- to carry out analysis and research;
- to monitor use of our products and services;
- to assess, maintain, upgrade and improve our products and services;
- to carry out education and training programs for our staff;
- to manage and resolve any legal or commercial complaints or issues;
- to carry out planning and forecasting activities and other internal business processes;
- to keep you informed about our programmes, partnerships, activities, and events; to distribute our online newsletters;
- to connect you and organisations in the pursuit of reconciliation;
- to provide policy advice, frameworks, resources and toolkits;
- to monitor national progress towards reconciliation;
- to run our website and social media accounts; and
- to process your donations and provide you with receipts.
We may sometimes use or disclose personal information for another purpose other than those listed above. However, we will only do so where you have consented for us to do so, you would reasonably expect Reconciliation NSW to use or disclose the information, or the disclosure is required or authorised by Australian law.
People to whom we disclose personal information
We may share personal information about you with:
- your representatives, advisers and others you have authorised to interact with us on your behalf;
- our staff and volunteers who need the information to discharge their duties;
- our agents and service providers, for example we occasionally hire other companies to provide services on our behalf, including but not limited to handling membership or customer support inquiries and communications, processing transactions or customer freight shipping;
- payment system operators and financial institutions;
- professional advisers who we engage to provide advice on our business; and
- government authorities who ask us to disclose that information, or to other people as required by law.
We will never sell your personal information to any third party.
Transfer and disclosure of your personal information overseas
In some cases the people to whom we disclose your personal information may be located overseas, such as internet and other service providers who store their data overseas, and majority of our servers are based in the United States.
For each visitor to reach the site, we expressively collect the following non-personally identifiable information, including but not limited to browser type, version and language, operating system, pages viewed while browsing the site, page access times and referring website address. This collected information is used solely internally for the purpose of gauging visitor traffic, understanding our membership base, trends and delivering personalized content to you while you are at this site.
Storage and security of personal information
We generally store the personal information that we collect in electronic databases, some of which may be held on our behalf by third party data storage providers. Sometimes we also keep hard copy records of this personal information in physical storage facilities. We use a range of physical and technical security processes and procedures to protect the confidentiality and security of the information that we hold, and we update these from time to time to address new and emerging security threats that you become aware of.
We will take reasonable steps to destroy or permanently de-identify personal information about an individual if it is no longer needed and is not required to be retained by law.
Access and correction
If you want to access any of the personal information that we hold about you or to correct some aspect of it (e.g. because you think it is incomplete or incorrect), please contact us using the contact details set out below. To protect the integrity and security of the information we hold, we may ask that you follow a defined access procedure, which may include steps to verify your identity. In certain cases we may charge you an administration fee for providing you with access to the information you have asked for, but we will inform you of this before proceeding. There may be cases where we are unable to provide the information you request, such as where it would interfere with the privacy of others or result in a breach of confidentiality. In these cases we will let you know why we cannot comply with your request.
All personal information is securely held by Reconciliation NSW, with access restricted to authorised staff only. Where personal information is stored by third parties, Reconciliation NSW takes steps to ensure that it is securely stored.
We try to meet the highest standards in order to protect your privacy. However, if you are concerned about the way in which we are managing your personal information and think we may have breached the Australian Privacy Principles, or any other relevant obligation, please contact us using the contact details set out below. Complaints must be lodged in writing. We will make a record of your complaint and refer it to our internal complaints resolution department for further investigation. We will deal with the matter within a reasonable time, and will keep you informed of the progress of our investigation.
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved satisfactorily, you are entitled to make a complaint to the Office of the Australian Information Commissioner.
Changes to this policy
We may make changes to this policy from time to time, to take into account changes to our standard practices and procedures or where necessary to comply with new laws and regulations. The latest version of this policy will always be available on our website.
If you want any further information from us on privacy matters, please contact us at firstname.lastname@example.org.