This policy may change from time to time.
Table of Contents
- Key points
- Who does this policy apply to?
- General principles
- How is personal information collected?
- What personal information does St Kilda Mums Inc collect from individuals?
- Why does St Kilda Mums Inc collect personal information?
- How does St Kilda Mums Inc store my personal information and is it secure?
- What steps does St Kilda Mums Inc take when there is a data breach or privacy incident?
- Links to third party websites
- Who controls the data and how can I access my personal information or correct it?
- Does St Kilda Mums Inc disclose information to service providers or people outside of Australia?
- How to contact us or make a complaint
- This policy applies to St Kilda Mums Inc including its regional branches known as Geelong Mums and Eureka Mums.
- We do not sell your data to third parties. St Kilda Mums Inc treats all information collected as if it were private. We do not sell the information to anyone, including other charitable organisations that assist families, and we do not use your data for our own purposes, except as outlined in this policy.
- We may share some data with trusted service providers. In order to manage and improve our services we may from time to time use a number of third party service providers; for example, we may use Google Analytics to track visits to our websites, or Facebook Pixel to track the effectiveness of our posts. These service providers are located outside of Australia and therefore the data we pass to them will be processed outside of Australia.
- Most data is stored on servers located in Australia. Aside from the circumstances described in the point above, all data collected by us is stored on servers located in Australia.
- We will comply with all Australian laws. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also need to access data to prevent potentially illegal activities and to screen for undesirable or abusive activity. For example, we have an automated virus scan that checks all file attachments.
- In the event of a data breach or privacy incident, we will follow the requirements under the Notifiable Data Breaches Scheme. At St Kilda Mums Inc, we are committed to best practice data management across the information life cycle. In the event of a data breach, St Kilda Mums Inc will take immediate steps to contain the breach, assess the breach, remedy the breach and, if necessary, revise any data policies or processes to ensure similar issues do not arise in the future.
‘St Kilda Mums Inc’, ‘we’, ‘us’ and ‘our’ mean the organisation carrying on business under the name St Kilda Mums Inc, including Geelong Mums and Eureka Mums;
‘Personal information’ means any information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information;
‘Sensitive information’ is a subset of personal information and means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information, including “sensitive information” as defined in the Privacy Act 1988 (Cth).
Who does this policy apply to?
St Kilda Mums Inc’ services and its websites (www.stkildamums.org, www.geelongmums.org, www.eurekamums.org) are used by a wide range of groups and individuals. These include but are not limited to staff, volunteers, donors, social services, beneficiaries, suppliers and members of the public. The privacy provisions in this policy apply to all service and website users.
We will not share your data with another party, except where
- We are legally compelled to provide it to a third party (e.g. provide information set out in a valid subpoena to authorities during the investigation of a criminal offence), or
- We have engaged a trusted service provider to assist us with a particular transaction (e.g. provision of a donation software platform for fundraising appeals or a financial institution for payment processing).
We will never sell your data to a third party.
Generally, we use the information we collect from you only in connection with providing our services. However, there are some other limited uses, as listed below.
How is personal information collected?
Generally we collect your personal information from you directly. St Kilda Mums Inc collects personal information in a number of ways including:
- through our websites (including when an individual chooses to make a donation through the St Kilda Mums Inc website or subscribes electronically to publications);
- when individuals correspond with us (including by letter, email or phone);
- in person.
Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information when you make a donation to us. We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites, Twitter or Facebook.
What personal information does St Kilda Mums Inc collect from individuals?
The kind of personal information that St Kilda Mums Inc collects about individuals depends on the type of dealings they have with St Kilda Mums Inc. For example, if a person:
- Donates items to St Kilda Mums Inc. St Kilda Mums Inc may collect their name, organisation, and contact details.
- Donates money to St Kilda Mums Inc. St Kilda Mums Inc will collect their name, organisation, contact details, the amount and frequency of their donation, and hold records relating to their donation, including payment and billing information.
- Purchases items from the St Kilda Mums Inc website. St Kilda Mums Inc will collect their name, organisation, contact details, shipping address, the items purchased and payment and billing information.
- Registers for St Kilda Mums Inc newsletters and exclusive offers. St Kilda Mums Inc may collect their name, organisation, contact details and details about the registration.
- Sends St Kilda Mums Inc an enquiry. St Kilda Mums Inc may collect their name, contact details and nature of the enquiry.
- Applies for a job or volunteer role at St Kilda Mums Inc. St Kilda Mums Inc may collect the information individuals included in their application, including their cover letter, resume/ CV, contact details and referee reports, their tax file number and other identifiers used by government entities or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia.
St Kilda Mums Inc must only collect sensitive information where it is reasonably necessary for its functions or activities and either:
- the individual has consented; or
- St Kilda Mums Inc is required or authorised by or under law (including applicable privacy legislation) to do so.
As St Kilda Mums Inc’ services are provided indirectly to those in need (e.g. St Kilda Mums Inc deals with social workers who deal directly with mothers in need), it does not tend to need to collect sensitive information from any individuals.
If an individual does not wish to provide their personal information to St Kilda Mums Inc, in general, it will not be possible for St Kilda Mums Inc to deal with an individual in this way. The exceptions being individuals not identifying themselves or using a pseudonym when:
- donating goods to St Kilda Mums Inc directly or through another party;
- dealing with St Kilda Mums Inc (when viewing the St Kilda Mums Inc website or when making a general phone enquiry); and/or
- donating money to St Kilda Mums Inc but in these circumstances, St Kilda Mums Inc may not be able to issue a tax-deductible receipt.
Why does St Kilda Mums Inc collect personal information?
The main purposes for which St Kilda Mums Inc collects, holds, uses and discloses personal information include:
- to request donations of financial gifts, goods or services
- to respond to requests for material aid from social service agencies
- to maintain contact with our volunteers
- for administrative purposes
- for purposes of organising collections of donations
- for the engagement of service providers, contractors or suppliers relating to the operation of our organisation, or
- for other organisational purposes
St Kilda Mums Inc may also use your personal information for the purpose of emailing you our newsletters or posting you a thank-you note.
If you make a donation of money or goods in kind we may add you to our email and SMS distribution list, so that you receive updates and reports on the impact of your giving and other opportunities to support our cause. We may also use your personal information to send direct marketing messages, SMS or conduct telemarketing.
If you are a recipient of material aid from St Kilda Mums Inc your details will not be added to our email distribution list.
If you do not want to receive any communication from us, please contact us at email@example.com. You can also use the unsubscribe function to opt out of our electronic and / or SMS communications. If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing the material aid required.
How does St Kilda Mums Inc store my personal information and is it secure?
St Kilda Mums Inc holds personal information in a number of ways, including in hard copy documents, electronic databases, and email contact lists.
We take reasonable steps to:
- ensure the personal information that St Kilda Mums Inc collects and uses is accurate, up to date and (in the case of use) relevant;
- protect the personal information that is collected from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs, subject to other legal obligations and applicable retention requirements.
While St Kilda Mums Inc will endeavour to always exercise due care in collecting and using personal information, it cannot guarantee that unauthorised access to individuals’ personal information will not occur. In the event of a data breach or privacy incident, St Kilda Mums Inc will follow best practice processes and ensure that the breach is contained and remedied and any policies and processes are updated if necessary. Further details on St Kilda Mums Inc’ approach are set out in the section below.
St Kilda Mums Inc takes the following steps to secure the personal information that it collects:
- website protection measures (including encryption, firewalls and anti-virus software);
- security restrictions on computers (including login and password protection);
- operational processes aimed at minimising the risk of a data breach (including a clean desk policy, shred all policy, secure cabinets for hard copy documents, encrypted USBs etc...)
- controlled access to St Kilda Mums Inc premises; and
- related policies on data governance and processes relating to information security (including restricting the use of personal information to St Kilda Mums Inc employees).
What steps does St Kilda Mums Inc take when there is a data breach or privacy incident?
A data breach or privacy incident may result from unauthorised people accessing / disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
- accidental download of a virus on to a St Kilda Mums Inc computer
- discussing or sharing of personal information on Facebook
- non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin / shredder)
- leaving an unlocked smart phone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy).
In the event of a data breach or privacy incident, St Kilda Mums Inc will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
- the breach / incident will be identified and reported to the Privacy Officer(s) at St Kilda Mums Inc;
- the breach / incident will be contained so further access/disclosure/loss etc will not arise;
- the seriousness of the breach / incident will be assessed between the relevant personnel together with the Privacy Officer(s) at St Kilda Mums Inc;
- regardless of the seriousness of the breach or incident, remedial action will be taken to reduce any potential harm to individuals;
- in cases where serious harm is likely, St Kilda Mums Inc will notify the relevant individuals, the OAIC, and issue a public statement that will be made available on it website;
- following each breach / incident, St Kilda Mums Inc will conduct a review of policies and processes and make any adjustments to avoid further breaches and incidents of a similar nature.
Cookies: “Cookies” (i.e. small text files placed on your computer when you first visit the site) are used on St Kilda Mums Inc’ websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. Cookies are primarily used to enhance your online experience. If you visit our websites to read or download information, such as news stories or articles, much of the information we do collect is statistical only (e.g., the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our sites more useful and attractive to you.
Google Analytics and Facebook Pixel: St Kilda Mums Inc uses these tools on its website and social media pages to track the effectiveness of its content. These tools allow us to provide measurement services and target content.
Links to third party websites
St Kilda Mums Inc websites may contain links to third party websites, including sites maintained by businesses who provide us with financial support and donations for goods-in-kind. Those other websites are not subject to our privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies. St Kilda Mums Inc does not endorse, approve or recommend the services or products provided on those third party websites.
Who controls the data and how do I access it or correct it?
A data controller means the legal entity or person with the right to make decisions regarding the purposes, and the methods, of processing data. This includes the security measures concerning the operation and use of the data.
Where St Kilda Mums Inc is the data controller you can request access to the personal information we hold about you, or request that we change that personal information to correct it if you believe it is inaccurate, incomplete or not up-to-date.
We will allow access or make the changes to the personal information within a reasonable timeframe, unless we consider that there is a sound reason under any relevant law to withhold the information, or not make the changes.
If we do not agree to make your requested changes to personal information, you may make a statement about the requested changes and we will attach this to the record.
If you wish to have your personal information deleted, please contact us and we will delete that information wherever practicable.
You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).
Does St Kilda Mums Inc disclose information to service providers or people outside of Australia?
St Kilda Mums Inc uses a number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia and use servers outside Australia / in the cloud, including Facebook and Google, which are both based in the United States. If St Kilda Mums Inc transfers information overseas for other purposes, it will only do so with the consent of the individuals or otherwise in accordance with law.
How to contact us or make a complaint
- Emailing: firstname.lastname@example.org
- Calling: 1300 789 509
- Sending a letter to us: Attention Privacy Officer, St Kilda Mums Inc, PO Box 356, Balaclava VIC 3183.
We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.