Protecting Your Privacy
United Way Australia — UWA — is committed to respecting your privacy rights and to ensuring we responsibly manage the personal information you give us. We comply with the Privacy Act 1998 and the Australian Privacy Principles through this Policy and through our Code of Ethics.
UWA is also committed to maintaining the safety and wellbeing of all children we work with and their families, as demonstrated in the UWA’s Child Safety, Wellbeing and Protection Policy. There are situations where personal information must be shared with Government entities in order to ensure the safety and wellbeing of children. However, in working with children on a day-to-day basis, their privacy is paramount and legally protected.
UWA will provide clear and transparent guidance and maintain effective processes regarding the collection, handling and protection of:
- Personal and sensitive information regarding individuals, and
- Confidential commercial information regarding business operations at UWA.
UWA will also:
- Take reasonable steps to protect personal information from misuse and loss and from unauthorized access, modification or disclosure
- Destroy or permanently de-identify personal information no longer needed and or after legal requirements for retaining documents have expired
- Ensure people know what information is being held, what purposes it is held for and how it is to be collected, used, disclosed and who will have access to it (see Attachment 1 for client information sheet)
This Policy applies to all people who conduct work for UWA in a paid or unpaid capacity. All UWA staff, volunteers and board must understand and comply with this policy as it relates to their program or role;
- Maintain confidentiality in their role and during any disciplinary process
- Notify their manager immediately of any suspected or actual breach.
Personal information This Policy uses the Privacy Act’s definition of ‘personal information’ — information about an identified individual or an individual who is reasonably identifiable. Personal information can also be information or an opinion about an individual who is identified or who is reasonably identifiable, regardless of whether that information is true or recorded in some form. Examples include an individual’s name, signature, contact details, date of birth, records of client contact, photographs, details of friends or family. Individuals include staff, volunteers, clients, their friends and family, donors, and partners
Confidentiality: this refers to the ethical, legal, and contractual duties as UWA staff and volunteers not to misuse or disclose confidential information.
Privacy: is an obligation or right enshrined in legislation that governs how personal information can be gathered, used and disclosed.
Australian Privacy Principles (APP) are legally binding principles which are the cornerstone of the Federal Privacy Protection Framework, contained in Schedule 1 of the Privacy Act. They set out the standards, rights and obligations relating to the management of personal information.
Confidential commercial information is valuable and sensitive information regarding UWA’s business operations, which is not publicly available. Examples include UWA intellectual property, lists of clients and contact details, supplier lists, employee remuneration data.
Informed consent: Consent to an action or intervention given with full knowledge of the risks involved, probable consequences, and the alternatives. UWA staff must disclose sufficient information to the client for him / her (or his / her guardian) to give an informed consent. What constitutes ‘sufficient information’ varies with the jurisdiction. In relation to media photos and information, the client needs to understand how this could be used by others on the internet, or for advocacy purposes.
A Data Breach occurs when personal information held by UWA is accessed, acquired, used or disclosed without authorisation/permission, or is lost. For example, when
- a USB or mobile phone that holds a individual’s personal information is stolen
- a database containing personal information is hacked
- someone’s personal information is sent to the wrong person
Thus compromising the security or privacy of the individual and UWA. A data breach can harm an individual whose personal information is affected. They can, for example, suffer distress or financial loss.
Commonwealth Privacy Act (1988)
Child protection legislation for each State or Territory
Other Related Policies
Child Safety, Wellbeing and Protection Policy and Resources
Code of Ethics
Child safety and protection and personal information
When working with children and their families, UWA staff, volunteers and partners ensure:
- They do not discuss children and families with others either at work or outside work, except for the purpose of confidential consultation or professional supervision.
- Any photos, for any purpose including posting on social media, are taken only with the informed consent of the child (at least verbally) and their guardian (see Annexure A – Informed Consent Procedure). Prior to any publication, including social media, the guardian’s informed consent must be provided on a standard form and kept in a confidential and locked file or electronically on a protected computer. When photographing children at events avoid portraits or close identification if the purpose is for marketing on social media. The child’s safety and privacy is paramount.
- Except for supervision or consultation with staff managers, or organisational data requirements, UWA staff and volunteers must not disclose information or communications from children and families UWA works with unless the disclosure is necessary to protect the child from risk of harm, or that disclosure is necessary in order to comply with the law.
- If de-identified information is collected for advocacy purposes, this is clearly explained in permission forms
- All records containing personal information on the children and their families is securely stored electronically. Where hard copy information is necessary this must be stored securely in a locked cabinet and destroyed or entered into the electronic records as soon as possible.
- Client information pamphlets/ sheets outlining our privacy commitments should be available to all children and families we work with.
What personal information do we collect and hold?
The information we collect will vary depending on your interaction with UWA. We may collect:
- personal details such as your name, date of birth and employment history
- personal details of your child, such as name and date of birth
- information on how to contact you, such as email, phone or mailing address
- information about when you’ve supported us, including when you volunteer with us or make a donation
- your Working with Children Clearance (or other vulnerable people) and criminal history
- if you wish to enrol your child in the Dolly Parton Imagination Library, some of the details above as well as the languages spoken in your home and whether you or your child identifies as Aboriginal or Torres Strait Islander
- a record of when you’ve interacted with us in other ways, such as asking for information, spoken to our staff or volunteers, or participated in a media interview
- details of the services we provide to you or services you’ve enquired about, and any additional information needed to deliver those services and to respond to your enquiries
- information you provide to us directly through our website or indirectly through using our website or online presence
- information you provide to us through our service centre, customer surveys or visits by our representatives
We may also collect information that isn’t classified as personal information because it doesn’t identify you; for example, we may collect anonymous answers to surveys or aggregated information about how visitors use our website.
If we do have to collect sensitive information to perform a specific function, we’ll do so only if you have given your consent.
How we collect your personal information?
We usually collect information directly from you unless it’s unreasonable or impracticable to do so. We may collect personal information from you:
- through your access and use of our website or our social media sites
- during conversations between you and our representatives
- when you complete a form or other written submission
- any other interaction between you and us
We may also collect personal information about you from third parties including:
- third parties such as law enforcement agencies and other government entities
- Australia Post with regard to updating your address details
- service providers such as our bankers or donation processing providers
In some cases, UWA may be required or authorised to collect personal information about you, both directly from you and from law enforcement bodies and other government agencies. This is particularly the case if we’re required to conduct background checks relating to you and your potential work with children, people with disabilities, in relation to aged care, or working with other vulnerable people. Examples of such laws include the Child Protection (Working with Children) Act 2012 (NSW), the Disability Inclusion Act 2014 (NSW), the Commonwealth Aged Care Act 1997, regulations relating to those laws, and similar laws in other States and Territories.
If you choose not to provide us with some information that we request, it could mean we’re unable to provide you with services to the same standard or at all, and may be unable to permit you to volunteer with us.
We do not maintain any record of your credit card information in our system.
Why do we collect your personal information?
We collect, hold, use and disclose personal information about you so we can provide the best possible service to our donors, beneficiaries and supporters, for example:
- to provide services to you and to send communications requested by you
- to answer enquiries and provide information or advice about our services
- to assess the performance of our website and to improve its operation
- for our administrative, marketing (including direct marketing), planning, service development, quality control and research purposes
- to ensure we hold accurate information about you and how you’ve interacted with us
- to give you opportunities to support us
- to enable you to participate in our volunteering activities
- to process and record your donations
- to process and respond to any complaint you may make
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any government authority of any country
When we provide personal information to third party service providers, we require those service providers to maintain your privacy and to use the information strictly for the purpose of providing the service.
Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy unless specifically authorised in writing by you.
How do we hold your personal information?
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
We secure personal information in hard copy format in a suitable filing system in our offices. Personal information in electronic form is held on a secure server protected by a proprietary firewall product. Further, access to information stored on such a server is controlled by a restricted password access system. Personal information is destroyed or de-identified when no longer needed.
Because the Internet is inherently insecure, we can’t provide any assurance regarding the security of transmission of information you communicate to us online. We also can’t guarantee the information you supply will not be intercepted while being transmitted over the Internet. This means any personal information or other information you transmit to us online is transmitted at your own risk.
Do we use your personal information for direct marketing?
We may send you direct marketing communications and information about our services or opportunities we consider may be of interest to you. These may be sent by mail, text or email, in accordance with laws such as the Commonwealth Spam Act 2003.
You consent to us sending you those direct marketing communications by any of these methods. If you indicate a preference for a method of communication, we’ll endeavour to use that method whenever it’s practical to do so. You can opt out of receiving marketing communications from us by contacting us (see below) or by using opt-out facilities provided in the marketing communications; we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
How can you access and correct your personal information?
You may at any time request correction of or access to your personal information in any of our records. We may charge a fee to cover our administrative costs in providing this information.
There may be cases where we can’t correct or grant you access to the personal information we hold; for example, we may refuse your request if we disagree with your grounds for amendment or if granting access would interfere with the privacy of others. If that happens, we will give you written reasons for our refusal.
Any request for the correction of or access to personal information should be addressed to our CEO.
How can you complain about breaches of privacy?
If you believe your privacy has been breached, please contact our Chief Executive Officer and provide details of the incident so we can investigate it
We will confirm how we are addressing your complaint and what you expect as an outcome. We will also inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response.
If you’re not satisfied with outcome of our investigation, you can lodge a formal complaint with the Office of the Australian Information Commissioner. For more information, go to www.oaic.gov.au
Do we disclose your personal information to overseas recipients?
We may disclose personal information to our related bodies corporate, licensors and third party suppliers and service providers (such as data hosting and other IT service providers) located overseas for some of the purposes listed above.
In this regard we may disclose personal information to persons in other countries, including the USA, Canada and the UK. With regard to children enrolled in the Dolly Parton Imagination Library, we provide personal information to the Dollywood Foundation in the US. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
If you have any questions about this Policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact us by:
Mail Chief Executive Officer
United Way Australia
PO Box Q759
Queen Victoria Building
We may change this Policy from time to time. Any updated versions of this Policy will be posted on our website.