United Way Australia — UWA — is committed to respecting your privacy rights and to ensuring we responsibly manage the personal information you give us. We comply with the Privacy Act 1998 and the Australian Privacy Principles through this Policy and through our Code of Ethics.
UWA is also committed to maintaining the safety and wellbeing of all children we work with and their families, as demonstrated in the UWA’s Child Safety, Wellbeing and Protection Policy. There are situations where personal information must be shared with Government entities in order to ensure the safety and wellbeing of children. However, in working with children on a day-to-day basis, their privacy is paramount and legally protected.
UWA will provide clear and transparent guidance and maintain effective processes regarding the collection, handling and protection of:
UWA will also:
This Policy applies to all people who conduct work for UWA in a paid or unpaid capacity. All UWA staff, volunteers and board must understand and comply with this policy as it relates to their program or role;
Personal information This Policy uses the Privacy Act’s definition of ‘personal information’ — information about an identified individual or an individual who is reasonably identifiable. Personal information can also be information or an opinion about an individual who is identified or who is reasonably identifiable, regardless of whether that information is true or recorded in some form. Examples include an individual’s name, signature, contact details, date of birth, records of client contact, photographs, details of friends or family. Individuals include staff, volunteers, clients, their friends and family, donors, and partners
Confidentiality: this refers to the ethical, legal, and contractual duties as UWA staff and volunteers not to misuse or disclose confidential information.
Privacy: is an obligation or right enshrined in legislation that governs how personal information can be gathered, used and disclosed.
Australian Privacy Principles (APP) are legally binding principles which are the cornerstone of the Federal Privacy Protection Framework, contained in Schedule 1 of the Privacy Act. They set out the standards, rights and obligations relating to the management of personal information.
Confidential commercial information is valuable and sensitive information regarding UWA’s business operations, which is not publicly available. Examples include UWA intellectual property, lists of clients and contact details, supplier lists, employee remuneration data.
Informed consent: Consent to an action or intervention given with full knowledge of the risks involved, probable consequences, and the alternatives. UWA staff must disclose sufficient information to the client for him / her (or his / her guardian) to give an informed consent. What constitutes ‘sufficient information’ varies with the jurisdiction. In relation to media photos and information, the client needs to understand how this could be used by others on the internet, or for advocacy purposes.
A Data Breach occurs when personal information held by UWA is accessed, acquired, used or disclosed without authorisation/permission, or is lost. For example, when
Thus compromising the security or privacy of the individual and UWA. A data breach can harm an individual whose personal information is affected. They can, for example, suffer distress or financial loss.
Commonwealth Privacy Act (1988)
Child protection legislation for each State or Territory
Child Safety, Wellbeing and Protection Policy and Resources
Code of Ethics
When working with children and their families, UWA staff, volunteers and partners ensure:
The information we collect will vary depending on your interaction with UWA. We may collect:
We may also collect information that isn’t classified as personal information because it doesn’t identify you; for example, we may collect anonymous answers to surveys or aggregated information about how visitors use our website.
If we do have to collect sensitive information to perform a specific function, we’ll do so only if you have given your consent.
We usually collect information directly from you unless it’s unreasonable or impracticable to do so. We may collect personal information from you:
We may also collect personal information about you from third parties including:
In some cases, UWA may be required or authorised to collect personal information about you, both directly from you and from law enforcement bodies and other government agencies. This is particularly the case if we’re required to conduct background checks relating to you and your potential work with children, people with disabilities, in relation to aged care, or working with other vulnerable people. Examples of such laws include the Child Protection (Working with Children) Act 2012 (NSW), the Disability Inclusion Act 2014 (NSW), the Commonwealth Aged Care Act 1997, regulations relating to those laws, and similar laws in other States and Territories.
If you choose not to provide us with some information that we request, it could mean we’re unable to provide you with services to the same standard or at all, and may be unable to permit you to volunteer with us.
We collect, hold, use and disclose personal information about you so we can provide the best possible service to our donors, beneficiaries and supporters, for example:
When we provide personal information to third party service providers, we require those service providers to maintain your privacy and to use the information strictly for the purpose of providing the service.
Your personal information will not be shared, sold, rented or disclosed other than as described in this Policy unless specifically authorised in writing by you.
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
We secure personal information in hard copy format in a suitable filing system in our offices. Personal information in electronic form is held on a secure server protected by a proprietary firewall product. Further, access to information stored on such a server is controlled by a restricted password access system. Personal information is destroyed or de-identified when no longer needed.
Because the Internet is inherently insecure, we can’t provide any assurance regarding the security of transmission of information you communicate to us online. We also can’t guarantee the information you supply will not be intercepted while being transmitted over the Internet. This means any personal information or other information you transmit to us online is transmitted at your own risk.
We may send you direct marketing communications and information about our services or opportunities we consider may be of interest to you. These may be sent by mail, text or email, in accordance with laws such as the Commonwealth Spam Act 2003.
You consent to us sending you those direct marketing communications by any of these methods. If you indicate a preference for a method of communication, we’ll endeavour to use that method whenever it’s practical to do so. You can opt out of receiving marketing communications from us by contacting us (see below) or by using opt-out facilities provided in the marketing communications; we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
You may at any time request correction of or access to your personal information in any of our records. We may charge a fee to cover our administrative costs in providing this information.
There may be cases where we can’t correct or grant you access to the personal information we hold; for example, we may refuse your request if we disagree with your grounds for amendment or if granting access would interfere with the privacy of others. If that happens, we will give you written reasons for our refusal.
Any request for the correction of or access to personal information should be addressed to our CEO.
How can you complain about breaches of privacy?
If you believe your privacy has been breached, please contact our Chief Executive Officer and provide details of the incident so we can investigate it
We will confirm how we are addressing your complaint and what you expect as an outcome. We will also inform you whether we will conduct an investigation and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response.
If you’re not satisfied with outcome of our investigation, you can lodge a formal complaint with the Office of the Australian Information Commissioner. For more information, go to www.oaic.gov.au
We may disclose personal information to our related bodies corporate, licensors and third party suppliers and service providers (such as data hosting and other IT service providers) located overseas for some of the purposes listed above.
In this regard we may disclose personal information to persons in other countries, including the USA, Canada and the UK. With regard to children enrolled in the Dolly Parton Imagination Library, we provide personal information to the Dollywood Foundation in the US. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
If you have any questions about this Policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact us by:
Mail Chief Executive Officer
United Way Australia
PO Box Q759
Queen Victoria Building
We may change this Policy from time to time. Any updated versions of this Policy will be posted on our website.