As a not-for-profit organisation, we manage employee records, communicate with our stakeholders, conduct publicity campaigns with media and online, fundraise, handle feedback, and report to our funders.
Cottage by the Sea, Queenscliff (CBTS) collects personal information from our participants, their caregivers, representatives, employees, volunteers, supporters (donors), family, friends including those applying to work with us, and others.
We are committed to meeting our legal requirements under the Privacy Act 1988 (the Act), Australian Privacy Principles (the Principles) and other legislation. We take all reasonable efforts to safeguard all personal information.
In general we:
- Ensure fair, open and transparent management of information
- Collect, use and disclose only the information we need for its intended purpose or to comply with the law
- Take reasonable steps to ensure accuracy of information
- Maintain records and amend where required
- Ensure appropriate storage and security
- Destroy or de-identify information not needed for the intended purpose as soon as practical
- Ensure all of our staff are aware of privacy expectations
CBTS will only collect information by lawful and fair means and may collect information in a variety of ways, including:
- Forms, such as enrolment forms and employment/volunteer forms
- Electronically, via email or website
- Phone calls
- Member and stakeholder lists
- Organised meetings or conferences
- Mailing lists
- Direct personal contact
CBTS will always collect personal information directly from an individual unless it is unreasonable or impractical for us to do so.
What information do we collect, and why?
Children and Young People (participants)
We collect identity, contact details, health information and sensitive details (facts and opinion), to facilitate our programs and update family/carers where necessary. Some of this information may come from a third party (eg: school, agency, medical practitioner, etc). Participants can choose not to provide a specific detail and this may reduce our ability to provide services – although we will always do our best regardless.
At times, we seek to share a participant’s personal experience publicly via media, social media, newsletters or website. We only do this with written permission. Otherwise, we have protocols in place to ensure de-identification and only reporting of a general nature for an incident that generates media interest.
Employees
We collect information from people applying for employment and volunteering, and during their time at CBTS for these purposes. This includes identity, contact details, employment and education history, referee details and opinion, medical details, criminal history, financial information (banking, tax and superannuation) and other details.
Supporters
We usually collect identity, contact and financial details when a donation is made. Credit card details are stored encrypted when making regular monthly, quarterly or annual donations. We are guided by the Fundraising Institute of Australia Code of Conduct and use contact details to let supporters know about events and other fundraising campaigns by mail and email, which can be opted-out at any time.
If identity or contact details are not provided, we cannot provide a receipt or details about upcoming events and opportunities.
Other
Anyone attending a CBTS event may be filmed or photographed. For individuals, we seek to obtain written consent prior to using their image for any promotional purposes. For crowd scenes, in a public place or while on CBTS property, it would be impractical to seek consent and we may use these images and not include any personal details (such as name, even if known.)
CBTS has security CCTV cameras in external and public access areas.
Overseas disclosure
We do not disclose personal information overseas unless:
- It is to the person themselves
- Using third party providers who may store data offshore such as; MYOB, Facebook, Blackbaud, etc. We encourage users to read third-party Privacy Policies and Guidelines.
- Written consent is provided when completing our donation form.
- When completing our donation form it is deemed as consent for us to provide the information to relevant third party providers, as a permitted general situation or authorised by Australian law. Noting that credit card details are encrypted when stored.
- Information is de-identified
- It is a permitted general situation or authorised by Australian Law (eg: offshore payment or data processing such as credit cards)
How can you access your personal information? Who else has access?
Child and Young People (Participants) and Families
We disclose participant’s information:
- For the primary purpose of providing a service for our programs
- When we have the participant, parent/guardian’s consent
- To health professionals (in an emergency, this may be done without notice or express consent)
- When legally required (eg: mandatory reporting)
- Unlawful activity or to prevent a serious and imminent threat to life, health or safety (to an individual or the public)
- As de-identified data for research, compilation of statistics, and public health
- During a formal quality review
You can access other personal information we hold about you by providing a written request, which we will respond to as soon as reasonably possible. We will need to confirm your identity before providing access and we may charge a reasonable fee.
There are some instances under the Act where we can deny a request such as impacting on another person’s privacy. If we deny a request, we will advise reasons in writing.
Please note; information will not be provided over the phone, unless we are certain the enquirer is the individual or the legal or nominated representative.
If a detail we hold is incorrect or outdated, you can let us know at any time and we will amend information. At times, we may not agree to remove or change it but may add separate information to the file.
Employees/Volunteers
Unsuccessful employment/volunteer applications are held for a period of time in case suitable for other opportunities. We will destroy any application, and no longer consider it as part of the recruitment pool, on request from the Applicant.
Whilst our employees/volunteers do not have a legal right to access under the Privacy Act, they can make a written request to their manager to review their file contents. They cannot make any changes to their records but may add a note to their file if they wish.
Supporters, Donors and Others
If information we hold about a supporter/donor is incorrect or not up to date, we will update it as soon as possible after information has been provided on how and why it is incorrect, and we are certain the enquirer is the individual or the legal or nominated representative.
In the unlikely event that we are unable to provide you with access to your personal information, we will advise the reasons.
We sometimes use third-party service providers to conduct surveys, collect information and register events. At times, these providers operate from overseas. A supporter can choose to opt-out from communication at any time.
How we safeguard your information
We secure information by giving access to only relevant staff/volunteers for the primary collection purpose.
CBTS uses a range of hardware and software security measures to protect your information. We keep all paper records safe. Current participant records are securely kept with program staff only, past records are kept with key access with limited staff members. Note: all documents are kept in locked storage areas.
Information collected via our website, is stored securely in our databases and only accessed by authorised staff/volunteers.
Our website uses cookies to track site visits and improve user experience. Our online credit card processor may also use cookies for identification and anti-fraud purposes. Cookies can be disabled but some site functions may become unavailable.
Social media providers, including Facebook, Twitter, Eventbrite, GiveNow, LinkedIn, Survey Monkey and other sites set cookies through our website, which may enhance your profile on their website or contribute to data they hold. We encourage you to read their privacy and data policies.
Our website may contain links to other sites of interest. We cannot control, or be responsible for, their content or privacy practices.
Certain sections of our websites (eg: donation payments) are secured using SSL technology to encrypt data between your browser and the website. We make every possible effort to make donations and transactions within our website as secure and safe as possible.
However, everyone should be aware that there are inherent risks associated with the transmission of information over the internet including by email. While all reasonable efforts are made to secure information transmitted to this website, there is a possibility that information you submit could be observed by a third party while in transit. By using our online system, you acknowledge that you do not hold CBTS liable for any security breaches, viruses, or other malicious software that may infect your computer or any loss of data, revenue or otherwise that may occur.
From time to time, we contact our regular supporters directly to update or confirm their personal or account details. When we do this, we provide you with sufficient information from our existing database (including, where appropriate, the last four digits of your credit card) for you to be satisfied that the caller is our representative.
If you receive a request for your full credit card number and CCV number, you should consider this a hoax, disregard and report the contact to www.scamwatch.gov.au or contact our Finance Department as soon as possible.
If you have questions about how we handle privacy
please contact our office during business hours
How to make a complaint about your privacy
We encourage anyone who may have an issue about how CBTS has managed personal information to resolve it directly with us first:
The Privacy Officer – Adam Wake, CEO
29 Flinders Street
Queenscliff, Vic 3225
T: 03 5258 1663
You can also choose to make an external complaint. Among other agencies, you can lodge your complaint with:
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney, NSW 2001
T: 02 9284 9666
E: [email protected]
www.oaic.gov.au/privacy/privacy-complaints
Our policy is subject to reviews and updates. When this happens, an updated version of the Privacy Statement will be made publicly available.
