This policy may change from time to time.
Table of Contents
- Key points
- Who does this policy apply to?
- General principles
- How is personal information collected?
- What personal information does Eureka Mums collect from individuals?
- Why does Eureka Mums collect personal information?
- How does Eureka Mums store my personal information and is it secure?
- What steps does Eureka Mums take when there is a data breach or privacy incident?
- Links to third party websites
- Who controls the data and how can I access my personal information or correct it?
- Does Eureka Mums disclose information to service providers or people outside of Australia?
- How to contact us or make a complaint
- This policy applies to Eureka Mums including its regional branches known as Eureka Mums and Eureka Mums.
- We do not sell your data to third parties. Eureka Mums treats all information collected as if it were private. We do not sell the information to anyone, including other charitable organisations that assist families, and we do not use your data for our own purposes, except as outlined in this policy.
- We may share some data with trusted service providers. In order to manage and improve our services we may from time to time use a number of third party service providers; for example, we may use Google Analytics to track visits to our websites, or Facebook Pixel to track the effectiveness of our posts. These service providers are located outside of Australia and therefore the data we pass to them will be processed outside of Australia.
- Most data is stored on servers located in Australia. Aside from the circumstances described in the point above, all data collected by us is stored on servers located in Australia.
- We will comply with all Australian laws. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond. We may also need to access data to prevent potentially illegal activities and to screen for undesirable or abusive activity. For example, we have an automated virus scan that checks all file attachments.
- In the event of a data breach or privacy incident, we will follow the requirements under the Notifiable Data Breaches Scheme. At Eureka Mums, we are committed to best practice data management across the information life cycle. In the event of a data breach, Eureka Mums will take immediate steps to contain the breach, assess the breach, remedy the breach and, if necessary, revise any data policies or processes to ensure similar issues do not arise in the future.
‘Eureka Mums’, ‘we’, ‘us’ and ‘our’ mean the organisation carrying on business under the name Eureka Mums, including St Kilda Mums and Geelong Mums;
‘Personal information’ means any information or an opinion (whether true or not and whether recorded in a material form or not) about an individual who is identified or reasonably identifiable from the information;
‘Sensitive information’ is a subset of personal information and means (without limitation) information about an individual’s race, political opinions, religious beliefs, philosophical beliefs, membership of a trade union, sexual preference, criminal record, or health, genetic or biometric information, including “sensitive information” as defined in the Privacy Act 1988 (Cth).
Who does this policy apply to?
Eureka Mums’ services and its websites (www.stkildamums.org, www.geelongmums.org, www.eurekamums.org) are used by a wide range of groups and individuals. These include but are not limited to staff, volunteers, donors, social services, beneficiaries, suppliers and members of the public. The privacy provisions in this policy apply to all service and website users.
We will not share your data with another party, except where
- We are legally compelled to provide it to a third party (e.g. provide information set out in a valid subpoena to authorities during the investigation of a criminal offence), or
- We have engaged a trusted service provider to assist us with a particular transaction (e.g. provision of a donation software platform for fundraising appeals or a financial institution for payment processing).
We will never sell your data to a third party.
Generally, we use the information we collect from you only in connection with providing our services. However, there are some other limited uses, as listed below.
How is personal information collected?
Generally we collect your personal information from you directly. Eureka Mums collects personal information in a number of ways including:
- through our websites (including when an individual chooses to make a donation through the Eureka Mums website or subscribes electronically to publications);
- when individuals correspond with us (including by letter, email or phone);
- in person.
Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information when you make a donation to us. We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites, Twitter or Facebook.
What personal information does Eureka Mums collect from individuals?
The kind of personal information that Eureka Mums collects about individuals depends on the type of dealings they have with Eureka Mums. For example, if a person:
- Donates items to Eureka Mums. Eureka Mums may collect their name, organisation, and contact details.
- Donates money to Eureka Mums. Eureka Mums will collect their name, organisation, contact details, the amount and frequency of their donation, and hold records relating to their donation, including payment and billing information.
- Purchases items from the Eureka Mums website. Eureka Mums will collect their name, organisation, contact details, shipping address, the items purchased and payment and billing information.
- Registers for Eureka Mums newsletters and exclusive offers. Eureka Mums may collect their name, organisation, contact details and details about the registration.
- Sends Eureka Mums an enquiry. Eureka Mums may collect their name, contact details and nature of the enquiry.
- Makes a complaint. Eureka Mums may collect their name, contact details, the details of their complaint, information collected in any investigation of the matter and details of the resolution of the complaint.
- Applies for a job or volunteer role at Eureka Mums. Eureka Mums may collect the information individuals included in their application, including their cover letter, resume/ CV, contact details and referee reports, their tax file number and other identifiers used by government entities or other organisations to identify individuals, information from police checks, working with children checks (or similar), and information about their right to work in Australia.
Eureka Mums must only collect sensitive information where it is reasonably necessary for its functions or activities and either:
- the individual has consented; or
- Eureka Mums is required or authorised by or under law (including applicable privacy legislation) to do so.
As Eureka Mums’ services are provided indirectly to those in need (e.g. Eureka Mums deals with social workers who deal directly with mothers in need), it does not tend to need to collect sensitive information from any individuals.
If an individual does not wish to provide their personal information to Eureka Mums, in general, it will not be possible for Eureka Mums to deal with an individual in this way. The exceptions being individuals not identifying themselves or using a pseudonym when:
- donating goods to Eureka Mums directly or through another party;
- dealing with Eureka Mums (when viewing the Eureka Mums website or when making a general phone enquiry); and/or
- donating money to Eureka Mums but in these circumstances, Eureka Mums may not be able to issue a tax-deductible receipt.
Why does Eureka Mums collect personal information?
The main purposes for which Eureka Mums collects, holds, uses and discloses personal information include:
- to request donations of financial gifts, goods or services
- to respond to requests for material aid from social service agencies
- to maintain contact with our volunteers
- for administrative purposes
- for purposes of organising collections of donations
- for the engagement of service providers, contractors or suppliers relating to the operation of our organisation, or
- for other organisational purposes
Eureka Mums may also use your personal information for the purpose of emailing you our newsletters or posting you a thank-you note.
If you make a donation of money or goods in kind we may add you to our email distribution list, so that you receive updates and reports on the impact of your giving and other opportunities to support our cause. We may also use your personal information to send direct marketing messages or conduct telemarketing.
If you are a recipient of material aid from Eureka Mums your details will not be added to our email distribution list.
If you do not want to receive any communication from us, please contact us at email@example.com. You can also use the unsubscribe function to opt out of our on electronic communications. If you do not provide us with the personal information we have requested, we may not be able to complete or fulfil the purpose for which such information was collected, including providing the material aid required.
How does Eureka Mums store my personal information and is it secure?
Eureka Mums holds personal information in a number of ways, including in hard copy documents, electronic databases, and email contact lists.
We take reasonable steps to:
- ensure the personal information that Eureka Mums collects and uses is accurate, up to date and (in the case of use) relevant;
- protect the personal information that is collected from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs, subject to other legal obligations and applicable retention requirements.
While Eureka Mums will endeavour to always exercise due care in collecting and using personal information, it cannot guarantee that unauthorised access to individuals’ personal information will not occur. In the event of a data breach or privacy incident, Eureka Mums will follow best practice processes and ensure that the breach is contained and remedied and any policies and processes are updated if necessary. Further details on Eureka Mums’ approach are set out in the section below.
Eureka Mums takes the following steps to secure the personal information that it collects:
- website protection measures (including encryption, firewalls and anti-virus software);
- security restrictions on computers (including login and password protection);
- operational processes aimed at minimising the risk of a data breach (including a clean desk policy, shred all policy, secure cabinets for hard copy documents, encrypted USBs etc...)
- controlled access to Eureka Mums premises; and
- related policies on data governance and processes relating to information security (including restricting the use of personal information to Eureka Mums employees).
What steps does Eureka Mums take when there is a data breach or privacy incident?
A data breach or privacy incident may result from unauthorised people accessing / disclosing, changing, losing or destroying personal information. Examples of situations where a data breach or privacy incident may occur include:
- accidental download of a virus on to a Eureka Mums computer
- discussing or sharing of personal information on Facebook
- non-secure disposal of hard copies of personal information (e.g. not keeping hard copies in secure cabinets or not disposing of them in a secure bin / shredder)
- leaving an unlocked smart phone on public transport.
A data breach or privacy incident can occur due to human error or technical failures, can be accidental or deliberate and can apply to information in a number of forms (e.g. electronic as well as hard copy).
In the event of a data breach or privacy incident, Eureka Mums will respond in the following way which is in line with the Notifiable Data Breaches Scheme in the Privacy Act 1988 (Cth):
- the breach / incident will be identified and reported to the Privacy Officer(s) at Eureka Mums;
- the breach / incident will be contained so further access/disclosure/loss etc will not arise;
- the seriousness of the breach / incident will be assessed between the relevant personnel together with the Privacy Officer(s) at Eureka Mums;
- regardless of the seriousness of the breach or incident, remedial action will be taken to reduce any potential harm to individuals;
- in cases where serious harm is likely, Eureka Mums will notify the relevant individuals, the OAIC, and issue a public statement that will be made available on it website;
- following each breach / incident, Eureka Mums will conduct a review of policies and processes and make any adjustments to avoid further breaches and incidents of a similar nature.
Cookies: “Cookies” (i.e. small text files placed on your computer when you first visit the site) are used on Eureka Mums’ websites. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. Cookies are primarily used to enhance your online experience. If you visit our websites to read or download information, such as news stories or articles, much of the information we do collect is statistical only (e.g., the domain from which you access the internet, the date and time you access our site, and the internet address of the website from which you linked directly to our site) and not personally identifiable. We use this information about the number of visitors and their use of the sites in aggregate form to make our sites more useful and attractive to you.
Google Analytics and Facebook Pixel: Eureka Mums uses these tools on its website and social media pages to track the effectiveness of its content. These tools allow us to provide measurement services and target content.
Links to third party websites
Eureka Mums websites may contain links to third party websites, including sites maintained by businesses who provide us with financial support and donations for goods-in-kind. Those other websites are not subject to our privacy policies and procedures. You will need to review those websites directly to view a copy of their privacy policies. Eureka Mums does not endorse, approve or recommend the services or products provided on those third party websites.
Who controls the data and how do I access it or correct it?
A data controller means the legal entity or person with the right to make decisions regarding the purposes, and the methods, of processing data. This includes the security measures concerning the operation and use of the data.
Where Eureka Mums is the data controller you can request access to the personal information we hold about you, or request that we change that personal information to correct it if you believe it is inaccurate, incomplete or not up-to-date.
We will allow access or make the changes to the personal information within a reasonable timeframe, unless we consider that there is a sound reason under any relevant law to withhold the information, or not make the changes.
If we do not agree to make your requested changes to personal information, you may make a statement about the requested changes and we will attach this to the record.
If you wish to have your personal information deleted, please contact us and we will delete that information wherever practicable.
You can obtain further information about how to request access or changes to the information we hold about you by contacting us (see contact details below).
Does Eureka Mums disclose information to service providers or people outside of Australia?
Eureka Mums uses a number of service providers to handle specific types of data that we collect. Some of these service providers are located outside Australia and use servers outside Australia / in the cloud, including Facebook and Google, which are both based in the United States. Other than these providers, Eureka Mums does not tend to transfer personal information interstate or overseas.
If Eureka Mums transfers information overseas for other purposes, it will only do so with the consent of the individuals or otherwise in accordance with law.
How to contact us or make a complaint
- Emailing: firstname.lastname@example.org
- Calling: 1300 789 509
- Sending a letter to us: Attention Privacy Officer, Eureka Mums, PO Box 356, Balaclava VIC 3183.
We will respond to your request usually within 48 hours and, at a maximum, within 30 days of receiving it, and treat seriously any claims of privacy breaches.