Effective from 10 September 2018
We are committed to respecting your privacy. In handling your personal information, we are regulated by and are committed to complying with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (Privacy Law).
Personal information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode and contact details. It may also include financial information, including your credit card information.
Where lawful and practical, you have the right to remain anonymous or to make use of a pseudonym, however, if you choose to remain anonymous or to use a pseudonym, we may not be able to provide all of our services as we may need to use your personal information to provide specific services to you.
Collection of Personal Information
We may collect the following types of personal information:
- mailing and/or street address;
- email address;
- telephone number and other contact details;
- age or date of birth;
- gender identity;
- drivers licence details and other forms of personal identification;
- education qualifications and/or employment history; and
- any other personal information that may be required in order to facilitate your dealings with us. If you are a donor and/or a supporter, we may collect the following additional information from you:
- your employer details, if you participate in work place giving;
- a history of your donations, correspondences and other interactions with us;
- your interests and opinions;
- credit card or bank account details; and
If you are one of our clients (that is, a young person who uses our services), we may collect the following additional information regarding your:
- accommodation and living situation;
- country of birth;
- language spoken at home;
- cultural identity;
- gender identity
- income and financial situation;
- Medicare number when accessing the health service;
- disability type (if any);
- relevant health information;
- relevant experiences to assess support needs (e.g.: experiences of violence, substance use, legal issues);
- names and date of birth of your children;
- name and date of birth of your partner;
- details of other support people (name, relationship, contact phone number); and
- date, time and name of BYS service/s accessed.
We may collect this information from you:
- when you access and/or use our services and website, including by joining our mailing list;
- when you communicate with us either in person or through correspondence, telephone, social media, chats or email, or when you share information with us from other applications, services or websites;
- when you donate to us goods, services or money;
- via your participation in any marketing initiative or promotional activities or events;
- via your purchase of any items from us;
- in writing, including through completing applications or surveys; or
- when the law requires.
We will generally collect personal information directly from you. We may use third party contractors, such as call centres and mail houses, to collect personal information from you. We use reasonablecommercial endeavours to engage with providers whose privacy policies are similar to ours in material respects, and we retain copies of such policies on file for this purpose. We may also collect personal information from third parties (such as government agencies (e.g.: Centrelink) and law enforcement agencies where this is authorised or required by law) and publicly available sources of information.
Please do not submit your personal information to us if you do not wish for us to collect it.
Some personal information (for example, race, ethnicity, and health information) is sensitive and requires a higher level of protection under the Privacy Law. We will only collect such sensitive information when we have your express consent for us to do so and the collection is reasonably necessary for us to provide our services, or where the information is required or authorised by law or necessary for the establishment, exercise or defence of a legal claim.
Health information is a type of sensitive information and is any information about your health or disability, as well as personal information collected while you are receiving a health service. We will only collect such health information when we have your express consent for us to do so and the collection is reasonably necessary for us to provide our services, where there is a Permitted Health Situation (as outlined in Section 16B of the Privacy Law), or where the information is required or authorised by law or necessary for the establishment, exercise or defence of a legal claim.
Why do we collect, use and disclose personal information?
We may collect, hold, process, use and disclose your personal information for the following purposes:
- providing our services to you and others, and administering our programs for young people and their accompanying children;
- confirming your identity when you make enquiries, answering your queries and addressing any feedback you may have;
- engaging service providers and government agencies relating to the delivery of services;
- to report to our funding bodies according to our contractual obligations;
- maintain appropriate relationships with supporters/donors;
- managing and processing donations and providing receipts;
- sending you information about your donation and about our activities;
- providing notification of upcoming events or services;
- fulfilling our obligations as medical service providers and supplying efficient and effective medical service;
- responding to feedback or complaints;
- conducting surveys and research;
- training our personnel;
- complying with licensing, legislative and regulatory requirements;
- improving our service delivery (including in order to resolve a complaint);
- managing our relationship with you; and
- to subscribe you to our e-communications.
If we receive unsolicited personal information about or relating to you and we determine that such information could have been collected in the same manner if we had solicited the information, then we will treat it in the same way as solicited personal information and in accordance with the Privacy Law. Otherwise if we determine that such information could not have been collected in the same manner as solicited personal information, and that information is not contained in a Commonwealth record, we will, if it is lawful and reasonable to do so, destroy the information or de-identify the information.
Do we use your personal information for direct marketing?
We may send you direct marketing communications and information about our services. This may take the form of emails, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Privacy Law. You will be given the option to sign up for our email newsletter. You may opt-out of receiving marketing materials from us by contacting us at firstname.lastname@example.org or by using the opt-out facilities provided (for example, an unsubscribe link).
Sharing your personal information
We may use and disclosure your information to a third party if you have given us prior consent to do so. We may be legally obliged to provide information in certain circumstances, such as when the safety of a person is at risk or a warrant or subpoena has been issued to BYS.
- our employees, related entities (other than for sensitive information), agents and contractors;
- our business associates, third party suppliers, service providers and others for purposes directly related to the purpose for which the personal information is collected;
- professional advisers and agents;
- payment systems operators (for example, merchants receiving card payments);
- our existing or potential agents, business partners or partners;
- organisations to whom we outsource functions (including information technology providers, print service providers and mail houses);
- with your consent (express or implied), to specific third parties to receive information held by us; and/or
- other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.
We may share information about you with suppliers that we engage to help us provide certain services and/or functionality – for example online payment processing. We will use commercially reasonable endeavours to take steps to control and be responsible for the use of your information by such suppliers. While we cannot guarantee the security of this information, we will use all reasonable endeavours to ensure the third party protects the personal information from unauthorised use or disclosure (Data Breach). If we become aware of a Data Breach from the third party, we will notify you of the Data Breach and will endeavour to work with you to limit the potential impact.
We reserve the right to disclose your personal information without your consent if the disclosure is:
- to comply with applicable laws and government or regulatory bodies’ lawful requests for information;
- required in order to investigate an unlawful activity;
- required by an enforcement body for investigate activities; or
- necessary to prevent a serious and imminent threat to a person’s life, health or safety, or to public health or safety.
Subject to obtaining your consent, we may also supply personal information about you to third parties other than as set out above.
Disclosure of health information
We will only use or disclose health information for the primary purpose it was collected, any directly related secondary purpose and if otherwise required or authorised by law. Health information may also be used or disclosed in a Permitted Health Situation (as outlined in Section 16B of the Privacy Law).
Using our services and cookies
We may collect personal information about you when you use and access our products and services (including our website).
In addition to personal information, we may collect information about you automatically when you use our services, or visit our website. While we may not use browsing information in respect of our website to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.
We may also use ‘cookies’ or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our website may not work as intended for you if you do so. If you choose not to receive our cookies, we cannot guarantee that your experience with the website will be as quick or responsive as if you do receive cookies.
The information collected by cookies and web beacons is not personally identifiable, it includes general information about your computer settings, your connection to the internet, for example, the operating system and platform, IP address, your browsing patterns and timings of browsing on the website and geographical location.
Keeping your personal information secure
We may hold your personal information in either electronic or hard copy form. Electronic information is stored in password protected secure data bases, record management systems and electronic files. All hard copy personal information is secured in locked cabinets.
We take the security of your personal information very seriously and will use reasonable commercial endeavours to take steps to have appropriate physical, technical and administrative procedures in place to help protect your personal information from unauthorized access, use or disclosure as required by law in Australia. However, we cannot guarantee the security of your personal information.
We only retain your personal information for as long as is necessary for the purposes for which it was collected and we are required to keep it to comply with any laws. We will take such steps as are reasonable in the circumstances to destroy or de-identify personal information which we no longer need. These measures may vary depending on the personal information held.
In the unlikely event that there is an unauthorised use or disclosure of your personal information, we will notify you of the Data Breach and will undertake an investigation into how the Data Breach occurred and its likely severity. As part of this, we will endeavour to work with you and the Office of the Australian Information Commissioner to limit the impact, and any reoccurrence, of the breach.
Accessing or correcting your personal information
You can access the personal information we hold about you by contacting us using the information below. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. Such circumstances include the following:
- access would create a serious threat to safety;
- providing access will have an unreasonable impact upon the privacy of other individuals;
- denying access is required or authorised by law;
- the request is frivolous or vexatious;
- legal proceedings are underway or anticipated, and the information would not be accessible through the process of discovery in the proceedings;
- negotiations may be prejudiced by such access;
- providing access is likely to prejudice law enforcement; or
- access would reveal a commercially sensitive decision-making process.
We may also need to verify your identity when you request your personal information.
If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.
Making a complaint
If you think we have breached the Privacy Law, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.
If you believe we have not adequately dealt with your complaint, you may complain to the Office of the Australian Information Commissioner about the way we handle your personal information. The Commissioner can be contacted at:
GPO Box 5218 Sydney NSW 2001
Phone: 1300 363 992
The Quality and Practice Development Coordinator PO Box 1389
Fortitude Valley Qld 4006
Ph: (07) 3620 2400