AUSTRALIAN RESPIRATORY COUNCIL
PRIVACY POLICY
1. Introduction
The Australian Respiratory Council (ARC) is a company limited by guarantee that is committed to protecting the privacy of members, donors, other individuals and organisations that communicate with it.
This policy sets out the processes that will be followed by ARC and its employees in protecting information held by ARC. This policy establishes the reasons for collecting personal information, how the information will be used and to whom if necessary the information is disclosed. The policy ensures that ARC practice is in line with the Australian Privacy Principles (APP) 2001 under the Privacy Act 1988. Content of this policy is arranged to correspond with the APP and is labeled accordingly (APP1 – APP13).
2. Open and Transparent Management of Personal Information (APP1)
This policy is available to ARC donors, members, staff, volunteers, directors, other stakeholders and the public through ARC’s website. Further information can be obtained by contacting the Executive Director by telephone, facsimile or email.
3. Anonymity and Pseudonymity (APP 2)
Individuals may request us to communicate and deal with ARC anonymously or through a pseudonym. The ARC will accommodate your request if it is lawful and practical for the organisation to do so. Feedback may be more forthcoming and robust if individuals have the option of making an unattributed compliment or complaint to an entity.
4. Collection of Solicited Information (APP 3)
ARC collects and holds information about donors, supporters, volunteers, members and partners as necessary to ensure the effective functioning and operation of the organisation. The information held by ARC is limited to that information which is directly provided by an individual or organisation and may include the following:
- Name of person
- Home address of individual
- Home, business phone number and personal email
- Individual interest areas for members
- Date or year of birth as identifier
- Donation history
- Name of organisation (if applicable)
- Name of business (if applicable)
- Address for organisation or business
- Phone and fax number for organisation or business.
ARC does not retain as a part of personal information, bank account details or credit card numbers and expiry dates in its database. If this changes at a future time with the implementation of a monthly giving program, ARC will ensure that all reasonable steps will be taken to secure these personal details.
Donors, supporters, volunteers, members and partners provide ARC with basic personal information, to enable ARC to respond to the individual or organisation in accordance with expectations of their relationship with them. For example, contact details are kept to enable ARC to provide supporters and members with a tax receipt, newsletters regarding funding activities, surveys to capture their opinions in regard to ARC’s activities, invitations to events/meetings and copies of Annual Reports.
The only additional information ARC may hold in relation to the above, is correspondence.
In regard to electronic communication, cookies are used to collect information from ARC’s website in relation to the number of visitors and traffic patterns occurring on the site. The data collected does not include the identity or identifying factors of visitors to the site. Most web browsers are set to accept cookies. If an individual does not wish to receive cookies, the person can set their browsers to refuse them.
5. Dealing with Unsolicited Personal Information (APP 4)
Where reasonable and practicable to do so, ARC will collect personal information directly from an individual. In some circumstances ARC may be provided with information by third parties, in such a case ARC will take reasonable steps to ensure that the individual is made aware of the information provided by the third party.
6. Notification of the Collection of Personal Information (APP 5)
ARC will notify the individual if any personal information has been collected on them as soon as practicable. The advice will consist of but not limited to what information has been collected, the reason(s) for collecting such information and the intention in regard to use of such information.
ARC from time to time may purchase/rent lists of individuals and their contact details from a data supplier for the purpose of marketing to them. The ARC would not receive the information directly, the list is provided directly to the mailing house for subsequent distribution of information packages.
7. Use and Disclosure of Personal Information (APP 6)
ARC holds information provided by a range of individuals and organisations. This may include work address and telephone number, email, personal address and telephone numbers, mailing and/or residential address, information regarding personal interests and date of birth.
Information held regarding a member will be used to: provide copies of ARC publications, notice of meetings, general correspondence and information on benefits and special offers to members. This information will also be used to mail the current fundraising appeal information, newsletters and surveys.
ARC does not use an individual’s personal information for a purpose which:
- Is not related to the offering of products and services
- Is not one that could be reasonably expected of ARC.
ARC will not use the personal information that was provided for a particular purpose unless:
- The person has consented to the use of the information or
- The purpose for which the information is used is directly related to the purpose for which the personal information was obtained.
A person can “opt out” of any or all of ARC’s services at any time by contacting ARC by email, phone or fax. ARC’s fundraising activities provide all individuals the option to not receive further communication of the same nature.
ARC does not disclose any personal information to other organisations except to conduct core business purposes e.g. to facilitate fundraising mail outs. This information is provided to a mailing house on an appeal by appeal basis for the sole purpose of printing and posting the appeal. The information is for “one off” use and is destroyed after the appeal is printed. Contact details are provided at the end of this policy.
ARC does not rent, sell or exchange personal information held on members, donors, supporters or others with any other third party organisation.
At times, it may be necessary for other organisations, suppliers, service providers, contractors and partners to view or access information to facilitate the functions and activities of ARC. Where this occurs, such access shall be in accordance with agreements with such third party providers to comply with the terms of this policy and all relevant privacy laws.
ARC does not release personal information to third parties, including a member of the public, unless:
- The person has consented to the disclosure of the information
- ARC is required by statute or law to disclose, reproduce, use or disseminate the personal information.
All ARC stakeholders are aware of the requirements for protecting the privacy of personal information.
8. Direct Marketing (APP 7)
ARC may use personal information to send messages of direct marketing if:
- The information was collected from the individual
- The individual would reasonably expect ARC to use the information for that purpose
ARC provides a simple tick box on all communications by which the individual may request not to receive direct marketing communications from the organisation. Individuals may also contact ARC to request not to receive direct marketing information. Contact details are provided at the end of this Policy.
9. Cross – Borders Disclosures (APP 8)
Whilst ARC does conduct business activities outside Australia there would normally not be ant requirement to share any personal information held with any organisations based outside of Australia.
10. Adoption, Use or Disclosure of Government Related Identifiers (APP 9)
In the course of undertaking its business and activities ARC does not have any need to adopt or use any Government related identifier.
11. Quality of Personal Information (APP 10)
ARC is committed to taking all reasonable steps to ensure that the personal information held is maintained in a form that is accurate, complete and up-to-date. If any of the information provided has changed or is considered incorrect, it is the responsibility of the person concerned to contact ARC to have the information updated. Contact details are provided at the end of this policy.
12. Security of Personal Information (APP 11)
ARC takes all reasonable steps to ensure the storage, use and where necessary transfer of personal information will be undertaken in a secure manner that protects privacy.
ARC’s electronic donor and member database is password protected, secured by a firewall and anti-virus software to ensure, so far as practicable, that it is not accessed by unauthorised parties. Any hardcopy print outs are stored in lockable storage.
ARC’s external access to email and the internet is protected by a firewall/router.
Initial source documents such as surveys. Membership applications are shredded once information has been updated in the database.
Donation forms are retained in locked storage but are destroyed when there is no legal or business requirement to retain this information.
Online donations made on ARC’s website are processed in real time using a secure gateway. Donations are processed in Australia.
Employees, volunteers and contractors of ARC are required to sign confidentiality agreements. Staff are educated on confidentiality provisions.
Where external organisations are required to handle information held by ARC, the organisation will be required to comply with ARC’s security and privacy guidelines by confidentiality agreements.
The purpose of such security is to protect all personal information from misuse, loss, unauthorised access, modifications and or disclosure.13. Access to Personal Information (APP 12)
ARC members and donors are entitled to request access and seek corrections in relation to personal information.
The request for access to personal information will be referred directly to the Executive Director. Please note that to confirm identity it will be necessary for a donor or member to contact ARC personally and to quote their donor or membership number or other relevant personal information to confirm identity. If more detailed information is required, a letter seeking access to information should be directed to the Executive Director and marked “Private and Confidential”. If ARC has concerns regarding any requests for access, ARC reserves the right to respond in writing.
No fee will be charged for lodging a request for access to information. All requests will be responded to within 14 days.
14. Correction of Personal Information (APP 13)
It is an important that personal information is up to date. The ARC will take all reasonable steps to ensure that records containing personal information are accurate, complete and up-to-date. ARC provides the opportunity in all correspondence for recipients to update their personal information.
15. Changes to ARC’s Privacy Policy
ARC may make changes to its Privacy Policy at any time. Any such changes will be published through ARC’s regular means of communication.
16. Complaints
Any questions or concerns relating to this Privacy Policy should be directed to the Executive Director. Concerns and/or questions regarding ARC’s Privacy Policy will be handled according to ARC’s Code of Conduct and ARC’s Complaints Handling Policy which are available on ARC’s website.
There are no fees for lodging a complaint.
17. Contact Details
To update any personal information, request access to personal information held or make a complaint in regard to this policy, correspondence should be directed to:
The Executive Director
Australian Respiratory Council
PO Box 942 Broadway, NSW 2007
Email: arc@thearc.org.au
Phone: +61 2 9223 3166
18. Relevant Legislation
Instrument | Source |
Australian Privacy Principles (APPs) 2001 | www.privacy.gov.au/publications/npps01.html |
Information Privacy Principles (IPPs) 2001 | www.privacy.gov.au/publications/ipps.html |
Fundraising Institute Australia Privacy Policy | www.fia.org.au |
Privacy Act 1988 | www.privacy.gov.au |
Endorsed by the Board of Directors on: 10th May, 2019
To be reviewed annually commencing May 2020
APPENDIX 1
AUSTRALIAN RESPIRATORY COUNCIL
PRIVACY POLICY
GLOSSARY OF TERMS
Access | This involves an organisation giving an individual or organisation information about themselves held by the organisation. Giving access may include allowing an individual to inspect personal information or giving a copy to them. |
Collection | An organisation collects personal information if it gathers, acquires, or obtains personal information from any source and by any means. Collection includes when an organisation keeps personal information it has come across by accident or has not asked for. |
Consent | Consent means ‘express consent or implied consent’ The four key elements of consent are:
|
Consent – express | Express consent is given explicitly, either orally or in writing. This could include a handwritten signature, an oral statement, or use of an electronic medium or voice signature to signify agreement. |
Consent – implied | Implied consent arises where consent may reasonably be inferred in the circumstances from the conduct of the individual and the organisation. |
Disclosure | Disclosure is not defined in the Privacy Act. In general terms an organisation discloses personal information when it makes it accessible or visible to others outside the entity and releases the subsequent handling of the personal information from its effective control. This focuses on the act done by the disclosing party, and not on the actions or knowledge of the recipient. Disclosure, in the context of the Privacy Act, can occur even where the personal information is already known to the recipient. |
Personal Information | Personal information or an opinion (including information on an opinion forming part of a database and whether recorded or not recorded in a material form) about an individual whose identity is apparent or can reasonably, be ascertained from the information or opinion. It includes all personal information regardless of its source. |
Purpose | The purpose of an action is the reason why it is done. The purpose for which an organisation collects, holds, uses and discloses personal information can be relevant to:
|
Use | Use’ is not defined in the Privacy Act. Use is a separate concept from disclosure, many APP requirements apply to both the ‘use’ and ‘disclosure’ of personal information, and in those situations it is not necessary to distinguish both concepts.
Generally, an organisation uses personal information when it handles and
manages that information within it’s effective control. Examples include the organisation:
|