Rett Syndrome Association of Australia Incorporated (RSAA)
Table of Contents
What is personal information?
Why do we collect, use and hold your personal information?
What kind of personal information do we collect, use and hold?
What kind of non-personal information do we collect, use and hold?
How do we collect personal information?
How we deal with unsolicited personal information?
What is the purpose of web browser cookies?
Release of your information to others.
How we hold your personal information and manage the data quality and security of your personal information?
Changes to this Policy.
How do we handle concerns or complaints?
How can you access your personal information and contact us?
Date: July 2020
Document Version: 1.1
Description: Initial Release
1.2. This Policy applies only to the extent that the collection and handling of personal information by RSAA is subject to the Privacy Act.
1.3. We respect your privacy and it is vitally important to us and RSAA is committed to doing everything possible to protect it. We will regularly review our Policy and procedures to ensure they comply with current legislation and reflect feedback from you.
2. What is personal information?
2.1. Personal information is information or an opinion about an individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, or recorded in a material form or not. It includes your name, contact details, age, gender, health and race (health and race are also sensitive information). In this Policy, a reference to personal information includes sensitive Information.
3. Why do we collect, use and hold your personal information?
3.1. We collect, use and hold personal information from you that is reasonably necessary for us to provide you with information, services and products which support our Mission “to enhance the quality of life of persons with Rett Syndrome and their families”.
3.2. We also collect, use and hold your personal information to manage our ongoing relationship with you and perform activities which include (but are not limited to):
a) managing membership subscriptions and donations,
b) distributing newsletters and information (not direct marketing),
c) facilitating workshops, seminars and conferences,
d) administration of Facebook and other social media sites,
e) managing and improving our websites, and
f) complying with legislative requirements.
3.3. If you have any concerns about us using your personal information in any of these ways, please notify us immediately.
4. What kind of personal information do we collect, use and hold.
4.1. We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
4.2. The types of personal information we may collect, use and hold includes contact information (e.g. name, address, email and phone number), photographs, membership information, donations made, subscription information, financial information (credit card details are not retained in accordance with Payment Card Industry Data Security Standards) and comments left on our websites. We may also collect and hold sensitive information, including information about you or your family’s health, race and medical history.
4.3. Any comments or images submitted to our public website or social media will be available to the public and may be reused or republished.
5. What kind of non-personal information do we collect, use and hold?
5.1. We may collect non-personal identification information about users when they interact with our websites. Non-personal identification information may include the browser name, the type of computer and technical information about users’ means of connection to our websites, such as the operating system, the internet service provider and other similar information.
5.2. Your profile picture, which is linked to your email address (also called a hash), may appear beside your name when you do things like comment, post or blog, and may be visible to the public in the context of your comment on our websites.
6. How do we collect personal information?
6.1. We may collect personal information from you in a number of ways, including face-to-face, over the telephone, through an online form, by post or by email. We will always identify RSAA as the collector of the information and provide our contact details.
6.2. We use Google Analytics to collect information from users of our websites, including the number of visits, dates of visits, pages viewed and navigation of the site. The purpose of this collection is to improve user’s experience of the site and to ensure the information remains relevant to our audience.
6.3. Wherever possible, we obtain consent and collect the personal information directly from the relevant individual, or their legal guardian, unless it is unreasonable to do so. Consent may be provided in writing, orally, or may be implied through a person’s contact with us.
6.4. Sensitive information such as an individual’s health, race or medical history will only be collected if it is reasonably necessary for us to provide you with our services and with the consent of the individual or their guardian.
6.5. You can choose not to provide the personal information we request; however, this may prevent us from providing all available services to you, such as membership with RSAA or tax-deductible receipts for any donations made.
7. How we deal with unsolicited personal information?
7.1. From time to time, RSAA may receive personal information about you from public websites or social media sites which enables us to provide support services to you.
7.2. If we receive your personal information without having asked for it, we will:
a) First, within a reasonable period of time, determine whether the personal information could have been obtained from you if sought under clause 6 and if it is reasonably necessary for, or directly related to, our functions or activities.
b) Then, if we determine the information could not have been obtained under clause 6 or it is not reasonably necessary for these purposes, as soon as practicable, we will destroy the information or ensure that it is de-identified, so long as it is lawful and reasonable to do so.
8. What is the purpose of web browser cookies?
9. Release of your information to others
9.1. We will not sell or provide your personal information to any Australian or overseas third parties for marketing or any other purpose unless:
a) you have provided consent,
b) we are required to comply with regulatory requirements, or
c) where required by law or court orders.
9.2. We may share generic aggregated demographic information, not linked to any personal identification information, regarding visitors to our website or RSAA memberships
9.3. The RSAA websites may contain embedded objects which are linked to other websites (for example videos, images or articles) which will behave in the same way as if you have visited the other website.
9.4. We are not responsible for the privacy compliance of any other websites that you may access from the links on our websites.
9.5. If you upload images to our websites, you should avoid uploading any images with embedded location data (such as EXIF or GPS) included. Visitors to our website can download and extract any location information from images.
10. How we hold your personal information and manage the data quality and security of your personal information?
10.1. We will take reasonable steps to ensure:
a) any personal information that we collect, use, hold and disclose is accurate, up to date, complete, relevant and not misleading,
b) to protect the personal information that we hold from misuse, interference, loss, unauthorized access, modification, or disclosure by storing it in secure servers and in a secure record management system, and
c) where permitted by law, to destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act.
10.2. Access to data and personal information is restricted to authorised RSAA Committee members or delegates approved by the RSAA Committee.
11. Changes to this Policy
11.1. RSAA has the discretion to update this Policy at any time in accordance with legislative or operational changes.
11.2. The current Policy will be available on the RSAA website https://rettaustralia.org.au/ or can be requesting via email or mail as stipulated below.
12. How we handle concerns or complaints?
12.1. If you have any concerns or complaints about how your personal information has been collected or handled by RSAA, please contact our Privacy Officer via email or mail as stipulated below.
12.2. We treat any claims of privacy breaches seriously and will do our best to respond to your complaint within seven (7) days of receiving it.
12.3. If you are unhappy with our response, you may contact the Office of the Australian Information Commissioner who may investigate the matter further.
13. How can you access your personal information and contact us?
13.1. Please contact the RSAA President, who is our Privacy Officer, if you would like to seek access to or correct the personal information we hold about you:
Email to: firstname.lastname@example.org
The Privacy Officer
Rett Syndrome Association of Australia Inc.
74 Peter Street
GROVEDALE VIC 3216
13.2. Subject to the Privacy Act, we will, if practicable, generally provide you with access to your personal information and will take reasonable steps to amend any personal information about you which is inaccurate or out of date within a reasonable time.
13.3. We will provide you with reasons if you cannot access your personal information or the information cannot be updated within a reasonable time.
Rett Syndrome Association of Australia Incorporated
ABN: 55 128 238 122
Registered Address: 74 Peter Street, Grovedale, Victoria 3216
Phone: 0418 561 796