Our commitment to protecting your privacy. This privacy policy applies to the collection, storage, use and disclosure of personal information. By or on behalf of Carers Australia LTD. Referred to in this policy as “Carers Australia”, “our”, “we” or “us”.  Please read it carefully.

We are committed to protecting your personal information, and ensuring its privacy, accuracy and security. We handle your personal information in a responsible manner in accordance with the Privacy Act 1988 (Act). And the Australian Privacy Principles (APPs).

By giving us your personal information when you contact use any of our services or products, visit our website www.youngcarersnetwork.com.au. You agree to your information being collected, stored, used and disclosed as set out in this Privacy Policy.

Definitions

Personal information

‘Personal information’ means information or an opinion about an identified individual. Or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.

Sensitive information

‘Sensitive information’ (a type of personal information), means information or an opinion about an individual’s race or ethnic origins. Political opinions and associations, religious beliefs or affiliations, philosophical beliefs, sexual preferences or practices. Trade or professional associations and memberships, union membership, criminal record, health or genetic information or biometric information.

Whose personal information do we collect?

We may collect your personal information from a range of sources. This includes from you, your parents or guardians, recruitment agencies, contractors, business partners, our member organisations and government agencies.  For example, we may collect your personal information when you request or acquire a product or service from us. (Including when you receive government assistance or a grant that we administer, or when you receive, join or participate in our programs and services. This includes advocacy services or other carer supports and services. When we provide a service or product to us, apply for employment or communicate via our website, by email, telephone or in writing.

Wherever reasonable and practicable, we collect personal information from the individual to whom the information relates.  If you provide personal information about someone other than yourself. You agree that you have that person’s consent to provide the information for the purpose for which you provide it to us.  You also agree that you have told the person about this Privacy Policy and where to find it.

What types of personal information do we collect and hold?

The personal information we may collect includes:

  • names (for you, your parents, guardians and other family members, etc.) Gender, addresses, e-mail addresses, phone numbers, payment and bank account details. Occupation, work experience, qualifications, professional memberships and affiliations. Photographs, audio and video recordings and other information to assist us in carrying out our functions and activities. Providing and marketing our products and services.
  • information about prospective, current and former staff and directors. As required in the normal course of human resource management and the operation of a community organisation.
  • information about current and previous Carers Australia suppliers and clients with whom Carers Australia has dealings.

We will only collect your sensitive information if you have consented to us doing so. For example, as part of information collected about directors and employees for company and human resource management purposes. Or where required or permitted by law.

How do we collect personal information?

We only collect personal information by lawful and fair means.  We usually collect personal information from:

  • face-to-face meetings, interviews and telephone calls.
  • business cards.
  • subscriptions to our publications – for example, Carers National News.
  • application forms – such as application forms for government assistance programs and grants administered by us. application forms to join or participate in programs provided by us.
  • our member organisations.
  • consent forms – such as a consent form to use your name and photo in our publications.
  • events – for example, events held by us or sponsored by us, such as fundraising events or educational workshops/conferences.
  • electronic communications – for example, e-mails and attachments (including CVs). Forms filled out by people, including as part of acquiring a product or service from us.
  • third parties – for example, from your parents or guardians, recruitment agencies, referees, representatives or agents.
  • our website, including if you use it to contact us, engage in the discussion forum, give us feedback or to make a donation.

How do we deal with unsolicited personal information?

If we receive personal information about you that we have not requested. We will determine that we could not have lawfully collected that information under the APPs had we asked for it. We will destroy or de-identify the information if it is lawful and reasonable to do so.

Do you have to disclose your identity when dealing with us?

Where lawful and practicable, we will give you the option of interacting with us anonymously or using a pseudonym.

Use and Disclosure

Use of personal information

We only use your personal information for the purpose for which it was provided to us. For related purposes or as required or permitted by law.  Such purposes include:

  • in the ordinary course of carrying out our functions and activities.  For example, supplying or acquiring services or products. Administering government assistance programs and grants, administering our programs and services. Providing carer support and services, organising fundraising events, communicating with our member organisations. Responding to your enquiries and feedback. Providing information about our events, news, publications and products and services that may be of interest to you.
  • market research and product and service development, so that we can tailor our future services and products accordingly;
  • performing general administration, reporting and management functions.  For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers;
  • employment-related purposes, such as recruiting and providing services to staff.
  • advocacy and research.
  • other purposes related to or in connection with our functions and activities. Including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes.

Disclosure of personal information

We may disclose, and you consent to us disclosing, your personal information to third parties:

  • engaged by us to provide products or services, or to undertake functions or activities, on our behalf.  For example, providing our IT systems and services, processing donations, processing payment information and managing databases.
  • that are authorised by you to receive information we hold.
  • that are our member organisations, where the personal information is relevant to the functions or activities of those member organisations.
  • that are our business partners, joint ventures, partners or agents.
  • such as our external advisers, and government agencies.  For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity. Serious misconduct or reporting to government agencies and bodies on our administration of assistance, programs and grants.
  • as required or permitted by law.

Marketing use and disclosure

We may use and disclose your personal information. This is to provide you with information about our services and products that we consider may be of interest to you.  (Other than sensitive information). You may opt out at any time. If you do not, or no longer, wish to receive marketing and promotional material.  You may do this by contacting us via e-mail or in writing requesting that we no longer send you marketing or promotional material. Or where applicable, clicking the “Unsubscribe” button.

Disclosure of personal information

We may disclose, and you consent to us disclosing, your personal information to third parties:

  • engaged by us to provide products or services, or to undertake functions or activities, on our behalf.  For example, providing our IT systems and services, processing donations, processing payment information and managing databases.
  • that are authorised by you to receive information we hold.
  • that are our member organisations, where the personal information is relevant to the functions or activities of those member organisations.
  • that are our business partners, joint ventures, partners or agents.
  • such as our external advisers, and government agencies.  For example, where disclosure is reasonably required to obtain advice, prepare legal proceedings or investigate suspected unlawful activity. Serious misconduct or reporting to government agencies and bodies on our administration of assistance, programs and grants.
  • as required or permitted by law.

Use or disclosure of sensitive information

We will only use or disclose your sensitive information for the purpose for which it was initially collected. Or for a directly related purpose, as required or permitted by law, or where you consent to the use or disclosure.

Disclosure of personal information overseas

We do not disclose personal information to third parties outside Australia, unless required or permitted by law.

How is my personal information kept secure?

We take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure.  Such steps include physical security over paper-based and electronic data storage and premises. Computer and network security measures, including use of firewalls, password access and secure servers. Restricting access to your personal information to employees and those acting on our behalf who are authorised and on a ‘need to know’ basis. Retaining your personal information for no longer than it is reasonably required, unless we are required by law to retain it for longer. And entering into confidentiality agreements with staff and third parties.

Where we no longer require your personal information, including where we are no longer required by law to keep records relating to you. We will ensure that it is de-identified or destroyed.

Notifiable Data Breaches

Eligible data breach

An “eligible data breach” as unauthorised access or disclosure of information, or loss of information. That a reasonable person would conclude is likely to result in serious harm to any individuals to whom the information relates. And it has not been possible to prevent the likely risk of serious harm.

To determine whether access, disclosure or loss of information would likely result in serious harm to any of the individuals involved.  The following factors will be considered:

  • The kind of information.
  • The sensitivity of the information.
  • Whether the information is protected by one or more security measures.
  • If the information is protected by one or more security measures – the likelihood it could be overcome.
  • The kind of persons who could obtain the information.
  • If a security technology or methodology was used in relation to the information. And designed to make the information unintelligible or meaningless to persons who are not authorised to obtain the information.
  • The likelihood that persons who obtained the information. Are likely to have the intention of causing harm to any of the individuals to whom the information relates. This maybe in the form of circumventing the security technology or methodology.
  • The nature of the harm.

Suspected eligible data breach

There may be reasonable grounds for us to suspect there has been a data breach. We will take all reasonable steps to carry out an assessment as soon as practicable. (And within 30 days after we become aware of the suspected breach). We will assess whether or not the data breach is an eligible data breach.

Notification of Eligible Data Breach

If there are reasonable grounds for us to believe that there has been an eligible data breach. And it is not exception under the Act applies, then we will prepare a written statement including:

  • a description of the eligible data breach.
  • the kinds of information concerned.
  • recommendations about the steps that individuals should take in response to the eligible data breach. Any steps we have already taken to address the eligible data breach.

If there is an eligible data breach of more than one entity. We will set out the details of those other entities in the manner described above.

We will provide this statement to the Office of the Australian Information Commissioner (the Commissioner). We will then notify the contents of the statement to each of the individuals to whom the relevant information relates. And to individuals who are at significant risk from the eligible data breach.

If it is not practical to contact you in this way, we may publish the statement on our website.

Exceptions to an Eligible Data Breach

Please be aware there are exceptions under the Act which may not require us to notify an individual/s of an eligible data breach. For example, where we have taken action before any serious harm occurs and, as a result of the action. A reasonable person would conclude the access or disclosure will not be likely to result in any serious harm. Or where the Commissioner has declared that we are not required to give any notification.

Data Quality

We take reasonable steps to ensure that your personal information is accurate, complete and up to date. However, we rely on you to advise us of any changes or corrections to the information we hold about you. If you consider that the information, we hold about you is not accurate, complete or up to date. Or if your information has changed, please let us know as soon as possible.

Access

You may request access to the personal information we hold about you by contacting us.  We will respond to your request within a reasonable time. We will provide you with access to the information we hold about you unless otherwise permitted or required by law. If we deny you access to the information, we will notify you of the basis for the denial unless an exception applies. Where reasonable and practicable, we will provide access to the information we hold about you in the manner you request. No fee applies for requesting access to information we hold about you. However, we reserve the right to charge a reasonable fee where we do provide access.

Correction

If you believe that personal information, we hold about you is incorrect, incomplete or not current. You may request that we update or correct your information by contacting us. We will deal with your request within a reasonable time. If we do not agree with the corrections, you have requested. For example, because we consider that the information is already accurate, up‑to‑date, complete, relevant and not misleading. We are not required to make the corrections. However, where we refuse to do so, we will give you a written notice setting out the reasons.

Identifiers: We do not adopt, use or disclose government related identifiers except as required or permitted by law

Complaints

If you have a complaint in relation to the collection, storage, use or disclosure of your personal information. Please contact our Privacy Officer. You will need to provide us with details of your complaint. And any supporting evidence and information. We will review all complaints received. Our Privacy Officer will respond to you. If you are not satisfied with our response. You may discuss your concerns with or complain to the Australian Privacy Commissioner via www.oaic.gov.au.

Changes to this privacy policy

We reserve the right to revise this Privacy Policy or any part of it every twelve months. Please review this Policy periodically for changes. Any revised policy will be placed on our website at www.carersaustralia.com.au/privacy-policy. Your continued use of our website, services or products, requesting our assistance. Or provision of further personal information after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.

How to contact us: If you have any questions about this Privacy Policy, please contact Carers Australia:

  1. by email to [email protected]
  2. by writing to: PO BOX 5300, Braddon ACT 2612