Protecting your privacy is very important to us because we are committed to valuing people – our supporters, workers and volunteers – as well as the children and communities we serve. The Australian Privacy Principles, the ACFID Code of Conduct and the Payment Card Industry Data Security Standard also apply to us.
Resolving your privacy issues
At HAS-Aus we really value the contribution our supporters make to our work, so if you have a complaint please let us know. We will do our best to address and resolve any issues you have. If you have any questions, comments or concerns about what is explained here or about our privacy practices generally, please contact us using the heading “Privacy”. Where you ask for a response, you can expect to hear from us within 30 days.
Here’s how to get in touch:
You can call us on +61 470319924
You can email us at firstname.lastname@example.org
Seeing and updating your information
You can see and update key information logging in to Has-Aus and can access all your information by contacting us.
If at any time you want to know what personal information we hold about you please address your request to the Privacy Officer. If you wish to have your personal information deleted, we will take reasonable steps to delete it unless we need to keep it for legal, auditing or internal risk management reasons.
If we use personal information in ways other than as stated in this policy, we will ensure we comply with the requirements of Privacy law.
Protecting children and young people
If you are 15 or over, we will usually assume that you can make your own privacy decisions. Where you are under 15, we may need to confirm your decision with a parent or guardian.
We also expect you to take special care with the images of children from our programs, just as we do. Please honour the consent given by parents or community leaders by not copying these images unless we tell you that you can.
Notification of the collection of personal information from the individual
Notifying the Individual
At or before the time HAS-Aus collects an individual’s personal information from a source other than the individual, the foundation will take such steps as are reasonable in the circumstances to notify that individual:
a) Whether the personal information has been obtained from someone other than the individual;
b) If the collection of the information is authorised or required by law;
c) The purposes for which the information is collected;
d) The main consequence(s) for the individual if the information if not collected.
Dealing with personal information
Purpose of Collection
Where personal information is collected for a particular purpose, HAS-Aus will not use or disclose the information for another purpose (a secondary purpose) unless:
a) The individual has consented to this use or disclosure;
b) The individual would reasonably expect HAS-Aus to use or disclose the information for that secondary purpose and the secondary purpose is related to the original purpose the information was collected;
c) The use or disclosure is required or authorised by law or a court order; or
d) The Foundation reasonably believes that the use or disclosure of the information is reasonably necessary for a enforcement related activity
If the Foundation uses or discloses personal information as above, a centralised record must be kept of the use or disclosure on the computer server.
Integrity of personal information
HAS-Aus will take all steps to ensure information collected is protected from:
a) Misuse, interference and loss; and;
b) Unauthorised access, modification or disclosure.
If the Foundation no longer needs the information for any purpose for which it was collected and is not obliged to retain the information by law then we must take such steps as are reasonable to destroy the information.
Access to personal information
On request HAS-Aus must provide any individual with access to information held related to them, provided they provide the Foundation with proof of identity unless:
a) HAS-Aus reasonably believes that giving access would pose a serious threat to the life health or safety of any individual or public health or public safety;
b) Giving access will unreasonably impact the privacy of others;
c) The request for access is frivolous or vexatious;
d) The information relates to past or present legal proceedings and would not be accessible through discovery in those proceedings;
e) Giving access would prejudice any negotiations or be unlawful;
f) Denying access is required or authorised by or under Australian law;
g) Both unlawful activity or serious misconduct is being engaged in and the giving of access would prejudice the taking of action in relation to the matter;
h) Giving access would be likely to prejudice enforcement related activities conducted by or on behalf of an enforcement body; OR
i) Giving access would reveal evaluative information generated in connection with a commercially sensitive decision making process.
When giving access to or correcting personal information, the Foundation will not charge an individual for such access or correction.
a) All complaints will be acknowledged within 7 days of receipts and an investigation undertaken;
b) The outcome of any investigation will be notified to the complainant within 14 days and appropriate remedial action where applicable will be undertaken within 28 days or as reasonably practicable.
c) If the complainant is not satisfied it is available to them to contact the Privacy Commissioner regarding any issue.
Compliance and Risk Management
HAS-Aus will undertake Privacy compliance audits from time to time but at a minimum of annually, involving:
a) Review of data management;
b) Training of staff;
c) Ongoing assessment of procedures; and
d) Limiting staff access to information on a need to know basis.
Serious Breach of Data
As soon as practicable after the identification of any serious data breach HAS-Aus will take such steps as are reasonable in the circumstances to notify any individual affected as to the nature and extent of the breach in respect of any Personal or Sensitive information.
We may make changes to this policy from time to time without notice. Any changes will be reflected on this page.
This policy was last updated in May 2014