PRIVACY POLICY

1.       PURPOSE

ESTHERS Australia cares about protecting your privacy and is required by law to comply with the Privacy Act 1988  (Cth)  (the  Act),  including  the  Australian  Privacy  Principles  (APPs).    We take  our  privacy  obligations  seriously and this Policy outlines our privacy practices.  It explains how:

  •    we collect, manage, use, store and secure your personal information

  •    you may access and request correction of any record containing your personal information

  •    you may make a complaint about a breach of privacy.

 

2.       SCOPE

The  Policy  applies  to  our  staff,  volunteers,  contractors  and  suppliers  who  handle  personal  information  collected  by  ESTHERS  Australia  and  its  related  entities  from  time  to  time. It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).  By providing your personal information to us, you consent to the use, storage and disclosure of the personal information you provide to us as described in this Policy.

 

3.       HOW WE MANAGE YOUR PERSONAL INFORMATION 

We will:

  •    take all reasonable steps to ensure we are open and transparent about the way we manage your personal information.

  •    maintain adequate security of personal information to seek to protect it from misuse, interference and loss from unauthorised access, modification or disclosure.

  •    establish reporting channels to receive privacy inquiries from you and for reports of privacy breaches to be received and acted upon

  •    conduct risk assessment for all new and significant business projects which consider privacy impacts.

  •    provide an option for you to use a pseudonym or otherwise be anonymous unless it is impermissible, impractical or inhibits the adequacy or quality of service provided to you

  •    appoint a Chief Privacy Officer (currently CEO) to oversee privacy governance processes, ensure compliance with the APPs and report on privacy issues to our Board of Directors and Audit & Risk Committee.

  •    provide this Policy free of charge and in an appropriate form for public access

  •    provide relevant work training and privacy awareness on how the APPs apply to us and how they are reflected in privacy practices, procedures and systems.

  •    periodically review this Policy as well as the privacy practices, procedures and systems across our organisation to ensure that they remain appropriate to the changing environment we operate in and will notify you by, informing you in our regular communications or posting an updated version of this Policy on our websites. 

 

4.     PERSONAL INFORMATION WE COLLECT AND HOLD

Kinds of Personal Information

We will only collect information about you that is reasonably necessary for our functions or activities which are listed below. This may include:

  •    your name, address, contact and bank and credit card details for clients, volunteers, suppliers and donors.

  •    your image, video and sound recordings.

  •    information associated with web browsing, email, text messaging, online chat, phone calls or other electronic interaction with you including your phone number and user name.

  •    for donors, details relating to your donations and information relevant to the purpose of better identifying donor sources.

  •    for others, other information relevant to the purpose of providing services such as family and living circumstances, education qualifications, employment history, financial information including income, tenancy details, rental history and tenancy reference checks, interests, feedback. preferences, user names and passwords, guardianship and service feedback and complaint details sensitive information about you that may include your gender, age, date of birth, health, disability, mental health, racial or ethnic origin, criminal convictions, religious affiliation, tax file numbers, and other particulars required as part of our   funding obligations and/or that are relevant for the proper provision of the services that we provide.

  •    survey and questionnaire responses

How we collect and hold Personal Information 

Where possible, personal information is collected directly from you with your consent at the time of your interaction with us.  In some services, personal information is:

  •    received from third parties where you are transferred or referred to us for the services that we provide;

  •    received from third parties who obtain your personal information from publicly available sources; or

  •    transferred between our own services provided it relates to the primary purpose for which it was collected.

Personal information may be collected in hard copy form or electronic form. Hard copy records are required to be held securely. We hold electronic records in databases with security safeguards. Some of those databases are held by a third party provider. Where consent to collection is sought, it is sought voluntarily from you and we will inform you of what you are consenting to. Our consent agreements are current and specific to the services to be provided to you. We will not collect sensitive information about you unless you have consented; it is required by law; or in other special specified circumstances, for example relating to health services provision and individual or public health or safety.

 Purposes for which we collect, use and disclose Personal Information

We collect, hold and use personal information only for the primary purposes for which it was collected or as set out below including:

  •  to provide services which may include, case management, employment services, counselling, education, volunteering, learning and development and fundraising. Personal information may be shared between more than one legal entity within ESTHERS Australia to provide, expand or improve the services we provide to you or assist with more efficient service delivery

  •    to comply with the requirements of funding bodies as part of a funding agreement with us

  •    to operate fundraising and charitable activity in support of our objectives

  •    to provide customer service functions, including handling customer enquiries,  complaints and feedback

  •    to facilitate proper governance processes such as risk management, incident management, internal audit and external audits.

  •    to gather feedback from you and other individuals about the quality of services that we provide so that the services we provide can be continuously improved.

  •    to undertake marketing, fundraising and promotional activities, including activities to better identify donor sources, events and conferences organised and held by us

  •    to satisfy legal obligations, comply with applicable laws and meet the requirements of bodies which regulate the services we provide.

  •    to understand, through aggregated information, trends and patterns which we use for research and advocacy.

  •    to fulfil other purposes which you have consented to.

 

Disclosure to third parties

We will not disclose your personal information to other external organisations except:

  •    as required by funding agreements

  •    as required by law

  •    for transfer to another service provider in accordance with funding agreements

  •    where we have your consent to do so through your acceptance of this Policy and the disclosure relates to the goods or services we provide to you

  •    for a purpose permitted by this Policy; or

  •    if you request us to do so.

Examples of organisations and/or third parties that your personal information may be provided to include:

  •    external service providers where you are transferring to a service provider that is not part of us.

  •    a government agency, as required by our funding agreements (which may be for example by portal directly into the agency’s database system) 

  •    third party service providers who assist us with the delivery of services or who provide services to or partner with us to enable us to deliver services, or in undertaking quality assurance of our services.

  •    third party service providers who assist us with fundraising activities or strategy, identifying donor sources or analysis of our fundraising activities, strategy or patterns (including data collectives)

  •    third parties who assist us with co-ordination of volunteers, community activities and advocacy.

  •    government or non-government agencies where we have a reasonable concern regarding your safety or wellbeing.

  •    third parties who collate and/or analyse information for the purposes of research and advocacy.

  •    third parties for the electronic storage of information, some of which may be overseas

Whilst we seek to ensure through our contracts with external parties that they comply with the Act regarding the use of your personal information, we have limited control around how some external parties (for example, government agencies) use your personal information.

 

5.     YOUR RIGHTS - HOW YOU CAN ACCESS AND CORRECT YOUR PERSONAL INFORMATION

When you provide us with personal information using our online chat portal, to complete a transaction, place a donation, purchase a ticket and verify your credit card we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

You may be aware that a new European Union law, called the General Data Protection Regulation or “GDPR” gives certain rights to individuals in relation to their personal data. Accordingly, rights to individuals regarding data we have is as follows:

    Right of Access – the right to be informed of and request access to the personal data we process about you. Requests are made to the same point of contact to whom you provided your personal information. 

    Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete. Where you inform us that information held by us about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will correct it where we agree with you.  Notices by you to us to amend information held about you are made to the same point of contact to whom you provided your personal information.  If, having received and considered an application from you to amend your information, we do not consider that the information should be amended, we will not amend it but we will include a note with the information that you consider that it should be amended, and advise you accordingly

    Right to Erasure – the right to request that we delete your personal data;

    Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data;

    Right to Object –

    • the right, at any time, to object to us processing your personal data on grounds relating to your particular situation;

    • the right to object to your personal data being processed for direct marketing purposes;

    Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service; and

    Right not to be subject to Automated Decision-making – the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

How do I withdraw my consent?

   Right to Opt-out:

If you do not wish to receive marketing or promotional communications from us, you should ‘unsubscribe’ online where a link is provided.  In other circumstances, you should contact us on the email addresses below and we will cease the relevant marketing or promotional communication:

   For donors:  finance@esthers.com.au

   other individuals: info@esthers.com.au

Where we are providing services to you, we need to be able to communicate with you in relation to those services.

 

6.     OVERSEAS DISCLOSURE 

We may store personal information that we collect about you with third parties who store it overseas for our use. We do not disclose personal information about you overseas without your consent.   However, we may use overseas or cloud-based data hosting facilities which may result in personal information provided to us being transferred to, and stored at, a destination outside Australia. You are taken to expressly agree and consent to the transfer, storing or processing of your personal information outside of Australia in submitting it to us.  In providing consent, you understand and acknowledge that countries outside Australia do not always have the same privacy protection require ments as Australia in relation to personal information.

If you do not agree to the transfer of your personal information outside Australia, you should contact ESTHERS Australia’s  at: Email:  info@esthers.com.au | Phone: 0479 055 777 | Post: CEO at ESTHERS Australia Ltd. PO Box 507, SORELL, TAS 7172

7.  HOW LONG WE RETAIN YOUR DATA

We will retain your personal information in accordance with applicable laws or requirements of any government or other funding body’s record-keeping requirements.

 

8.     MANDATORY NOTIFIABLE DATA BREACHES

We will comply with the notification and other requirements of the Act where your personal information held by us has been inadvertently lost or disclosed or improperly accessed and that loss, disclosure or access may result in serious harm to you.

9.     WHAT TO DO IF YOU HAVE A PRIVACY ENQUIRY OR COMPLAINT

If you have an enquiry or a complaint concerning collection, use or management of your personal information, please direct your enquiry or complaint to the staff member who is your ordinary contact.  Our staff will outline options regarding how your enquiry or complaint may be resolved. 

We will aim to respond and resolve your enquiry or complaint in a timely and appropriate manner.  If we don’t, you may:

   take it to a more senior manager, and/or

   call us on 0479 055 777 for consideration of alternative action.

Where none of the above approaches by you has resolved the issue, your enquiry or complaint should be put into writing and forwarded to:  ESTHERS Australia Chief Executive Officer, PO Box 507 SORELL, TAS 7172 will treat your enquiry or complaint confidentially.  You may contact the Australian Information Commissioner wherever you believe that your rights to privacy have been breached by us.

10.  CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it

 

Effective From April 2019

this policy was last updated 25/04/2020