1.1. The Foundation is committed to abiding by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) it contains, in particular in relation to handling personal and/or sensitive information, credit information and health or medical information.
1.2. “Personal information” means information or an opinion about an identified individual whose identity is apparent or can be ascertained from the information or opinion – it does not matter whether the information or opinion is true or not.
1.3. “Sensitive information” is any information about a person’s individual preferences, race, religion, political opinions, affiliations, philosophy, memberships, health, genetic or criminal record i.e. details of a person’s life
1.4. All references to the Foundation in this policy also include its Directors, employees, contractors, volunteers and any other person who has access to the information collected.
2. CONSIDERATION OF PERSONAL INFORMATION PRIVACY
The aim of this policy is to ensure that the Foundation considers the privacy of information and to ensure that we manage information in an open and transparent way.
This policy recognises that an individual has to right to:
a. stop unwanted direct marketing
b. correct inaccurate information; and
c. complain about an organisation that has mishandled personal information.
2.1. Kinds of information the Foundation collects
a. The Foundation may collect both personal and sensitive information from individuals, organisations and other legal entities
b. The Foundation only collects sensitive information in circumstances where:
• the individual consents to the collection of the information; and
• the information relates to the activities of the organisation; or
• the information relates solely to individuals who have regular contact with the Foundation in connection with its activities.
2.2. The purposes for which the Foundation collects, holds, uses and discloses information
a. The Foundation holds and uses both personal and sensitive information collected, solely for the purpose of supporting and furthering its charitable objectives and fundraising in support of these charitable objectives; and
b. The Foundation does not disclose information it collects to any outside person, organisation or entity without the consent of the person providing the information.
2.3. How can an Individual access and correct their personal information held by the Foundation
a. An individual can access the information held by the Foundation about them including both personal and sensitive information by:
• requesting such access in writing; and
• supporting such a request with proof of identity.
b. An individual may request that any information held by the Foundation be corrected or altered by:
• requesting such access in writing; and
• supporting such a request with proof of identity
2.4. Making a complaint
a. An individual can complain about a breach of the APP’s related to the information held by the Foundation about them including both personal and sensitive information by following the Complaints Procedure outlined in paragraph 8.1 of this Policy:
b. The Foundation will consider every complaint received about a breach of the APP’s related to an individual’s personal information and will provide a response to that complaint in accordance with the Complaints Procedure.
2.5. Can the Foundation disclose personal information to overseas recipients?
The Foundation will not disclose information to any overseas recipient without the consent of the individual to whom the information relates.
3. ANONYMITY AND PSEUDONYMITY
3.1. Option of dealing with the Foundation anonymously or using a pseudonym
An individual has the option of dealing with the Foundation anonymously or through the use of a pseudonym in relation to any matter of involving information privacy through its website which allows online transactions communications and interactions unless:
a. The Foundation is required or authorised by or under an Australian law or a court/tribunal order to deal with individuals who have identified themselves; or
b. It is impractical for the Foundation to deal with individuals who have not identified themselves.
3.2. Freedom of Speech
The Foundation allows and encourages freedom of speech though its website and social media sites except where the content is deemed to be offensive or inappropriate.
3.3. Collection of Solicited Information
a. Personal Information
The Foundation will only solicit and collect personal information:
• if the information is reasonably necessary for, or directly related to, one or more of the Foundation’s functions or activities; and
• directly from an individual unless it is unreasonable or impractical to do so
b. Sensitive Information
The Foundation will only solicit and collect sensitive information about an individual where:
• the individual consents; and
• the information is reasonably necessary for one or more of the Foundation’s functions or activities; or
• both of the following apply:
(i) the information relates to the activities of the organisation; and
(ii) the information relates solely to the members of the organisation, or to individuals who have regular contact with the organisation in connection with its activities.
4. NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION NOT FROM THE INDIVIDUAL
4.1 Notifying the Individual
At or before the time the Foundation collects an individual’s personal information from a source other than the individual, the Foundation will take such steps as are reasonable in the circumstances to notify that individual:
a. whether the personal information has been obtained from someone other than the individual;
b. if the collection of the information is authorised or required by law;
c. the purposes for which the information is collected;
d. the main consequence(s) for the individual if the information if not collected;
5. DEALING WITH PERSONAL INFORMATION
5.1. Purpose of Collection
Where personal information is collected for a particular purpose, the Foundation will not use or disclose the information for another purpose (a secondary purpose) unless:
a. the individual has consented to this use or disclosure;
b. the individual would reasonably expect the Foundation to use or disclose the information for that secondary purpose and the secondary purpose is related to the original purpose the information was collected;
c. the use or disclosure is required or authorised by law or a court order; or
d. the Foundation reasonably believes that the use or disclosure of the information is reasonably necessary for a enforcement related activity
5.2. If the Foundation uses or discloses personal information as above, a centralised record must be kept of the use or disclosure on the computer server.
6. INTEGRITY OF PERSONAL INFORMATION
6.1. The Foundation will take all steps to ensure information collected is protected from:
a. misuse, interference and loss; and;
b. unauthorised access, modification or disclosure.
6.2. If the Foundation no longer needs the information for any purpose for which it was collected and is not obliged to retain the information by law then we must take such steps as are reasonable to destroy the information.
7. ACCESS TO PERSONAL INFORMATION
On request the Foundation must provide any individual with access to information held related to them, provided they provide the Foundation with proof of identity unless:
a. the Foundation reasonably believes that giving access would pose a serious threat to the life health or safety of any individual or public health or public safety;
b. giving access will unreasonably impact the privacy of others;
c. the request for access is frivolous or vexatious;
d. the information relates to past or present legal proceedings and would not be accessible through discovery in those proceedings;
e. giving access would prejudice any negotiations or be unlawful;
f. denying access is required or authorised by or under Australian law;
g. both unlawful activity or serious misconduct is being engaged in and the giving of access would prejudice the taking of action in relation to the matter;
h. giving access would be likely to prejudice enforcement related activities conducted by or on behalf of an enforcement body; OR
i. giving access would reveal evaluative information generated in connection with a commercially sensitive decision making process.
7.2. When giving access to or correcting personal information, the Foundation will not charge an individual for such access or correction.
7.3. Time to comply with request for access
The Foundation will comply with any request for access within a reasonable period after the request is made and give access to the information in the manner requested by the individual if it is reasonable to do so.
7.4. If not giving access
If the Foundation refuses to give an individual access to information on the basis of one of the matters listed at paragraph 7.1 above then the Foundation will provide written notice of this refusal to the individual setting out:
a. the reasons for the refusal; and
b. the mechanisms available to complain.
If the Foundation believes that information collected and held may be inaccurate, incomplete, out of date, irrelevant or misleading or is the individual requests the Foundation to correct the information, the Foundation will take all reasonable steps needed to correct the information.
8. COMPLAINTS PROCEDURE
8.1. Complaints Procedure
a. Complaints about the Foundation’s handling and/or use of personal or sensitive information can be directed in writing to the Foundation at 5/28 Cavendish Road, Coorparoo Qld 4151 or by telephone 07 3394 5333;
b. All complaints will be acknowledged within 7 days of receipts and an investigation undertaken;
c. The outcome of any investigation will be notified to the complainant within 14 days and appropriate remedial action where applicable will be undertaken within 28 days or as reasonably practicable.
d. If the complainant is not satisfied it is available to them to contact the Privacy Commissioner regarding any issue.
9. SERIOUS DATA BREACH
As soon as practicable after the identification of any serious data breach, the Foundation will take such steps as are reasonable in the circumstances to notify any individual affected as to the nature and extent of the breach in respect of any Personal or Sensitive information.
The MND and Me Foundation Limited
5/28 Cavendish Road
Coorparoo Qld 4151
Telephone: 07 3394 5333
E-mail: [email protected]