2. Open and transparent management of personal information
- phone: 08 9242 6700
- e-mail: firstname.lastname@example.org; or
- post: PO Box 152, Victoria Park WA 6979
3. Personal information
Personal information means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. The personal information which we collect, store, use and disclose may include:
- your name;
- your contact details;
- your banking details and/or credit card details;
- your age or date of birth; and
- any other personal information provided by you in any correspondence with the Wirrpanda Foundation; and
- your employment history;
- your tax file number, Centrelink and superannuation information;
- educational qualifications;
- your date of birth, gender and current occupation; and
- any other person information provided by you during the course of your interactions with the Wirrpanda Foundation.
Some personal information is considered ‘sensitive information’ for the purposes of the Privacy Act. The sensitive information which we may collect, store, use and may disclose includes information or an opinion about an individual’s:
- race or ethnic origin, language group, and the existence or otherwise of any native title claims or groups to which you are a member;
- membership of a professional or trade association;
- membership of a trade union; and
- criminal record.
4. Anonymity and pseudonymity
In most circumstances, it is impractical for people to communicate with us anonymously. We need to identify you to assist you effectively. However, in circumstances where it is lawful and practicable to do so, we will provide you with the option of not identifying yourself, or using a pseudonym, when entering into communications with us.
5. Collection of solicited personal information
We only collect personal information by lawful and fair means where reasonably necessary for our functions or activities as the operator of a range of education, business, employment and justice services to Aboriginal and Torres Strait Islander Australians across Australia.
We collect personal information which:
- you provide in the course of engaging with one of our education, business, employment and justice services;
- you provide in the course of applying for employment positions at the Wirrpanda Foundation;
- you provide to us in order to subscribe to our mailing list;
- is provided to us by third parties who have disclosed that information to us with your consent (and only if it would be unreasonable or impracticable to collect the information directly from you);
- you provide to us in the course of updating or changing your details;
- is contained in documents or correspondence you provide to us;
- you provide to us in person, by phone, by post, via our website or via other forms of electronic communication (including via social media); or
- you provide during the course of events or training organised by the Wirrpanda Foundation.
Subject to certain exceptions under the Privacy Act, we only collect sensitive information about you if you consent to the collection of the information and the information is reasonably necessary for one or more of the Wirrpanda Foundation’s functions or activities. The provision of sensitive information to the Wirrpanda Foundation on a voluntary basis (including, for example, information you supply when applying for a position with the Wirrpanda Foundation) will be taken to be consent for this purpose.
6. Collection of unsolicited personal information
From time to time, we may receive unsolicited personal information about you. Unsolicited personal information is information we may receive from you which is not in response to a request by us for that information.
Where we receive unsolicited personal information about you (either directly from you or from a third party), we will consider, within a reasonable period, whether we could have collected that personal information from you had the personal information been solicited.
Where we determine that we could not have collected the unsolicited personal information had it been solicited, we will destroy or de-identify that unsolicited personal information as soon as practicable, provided it is lawful and reasonable to do so.
7. Use or disclosure of personal information and lawful basis of processing
We may collect, store (in hard copy or electronic form), use or disclose and otherwise process your personal information for the primary purpose of conducting and supporting our functions or activities as the operator of a range of education, business, employment and justice services to Aboriginal and Torres Strait Islander Australians across Australia. Without limiting the foregoing, we may collect, store, use or disclose your personal information:
- to provide you with one of our education, business, employment and justice services;
- to send you updates and newsletters;
- to contact you should we need to;
- to address any enquiries, complaints or feedback from you; or
- to do anything the Wirrpanda Foundation is required or authorised by law to do.
Further, we may disclose your personal information to:
- third parties where you have given your consent (express or implied);
- government agencies or other similar entities as required or permitted by law; and
- our professional advisors, contractors or other service providers whom the Wirrpanda Foundation may engage from time to time to carry out, advise or assist with the carrying out of the functions or activities of the Wirrpanda Foundation.
The Wirrpanda Foundation will not use your personal information for a secondary purpose unless:
- you consent to the use or disclosure or you would reasonably expect us to use it for a secondary purpose which is related to the primary purpose;
- the use or disclosure is required or authorised by law; or
- the use or disclosure is otherwise permitted by the Privacy Act (for example, as a necessary part of an investigation of suspected unlawful activity).
8. Cross-border disclosure of personal information
We are based in Australia, so your personal information will be processed in Australia. However, we may send your personal information to organisations or persons located overseas. For example, indirect overseas disclosure of your personal information to third parties overseas may occur as we use Cisco OpenDNS, whose servers may be located overseas in countries including, amongst others, the US and countries in the European Union. If we disclose personal information to a third party in a country which does not have equivalent privacy laws to Australia, we will take reasonable steps in the circumstances to ensure that the overseas recipient does not breach the Privacy Act. In particular, we will not send your personal information overseas unless either:
- we reasonably believe that the recipient of the information is subject to a law or binding scheme that has the effect of protecting information in a way that, overall, is at least substantially similar to the way in which the Privacy Act protects personal information and there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme; or
- you have consented to the transfer.
9. Adoption, use or disclosure of government related identifiers
Where we collect your personal information, it will usually be identified by a common identifier, such as your name, address or contact details.
Subject to certain exceptions under the Privacy Act, the Wirrpanda Foundation will not disclose identifiers assigned by Government agencies or their agents, such as tax file numbers, or use those identifiers to identify your personal information.
10. Direct marketing
Unless you request otherwise, we may also use your personal information for marketing purposes to send you news, information about our activities and general promotional material which we believe may be useful or of interest to you. If you do not want us to use your personal information in this manner, please contact us using the contact details provided above in “Section 2 – Open and transparent management of personal information” and we will give effect to your request as soon as possible.
11. Security of personal information
We take reasonable steps to protect your data from misuse, interference and loss, and from unauthorised access, modification or disclosure.
12. Access to personal information
Subject to any exceptions in the Privacy Act, if you have provided us with personal information, you have a right to request access to it. If you are of the belief that the Wirrpanda Foundation holds personal information relating to you and you wish to obtain access to this information, please contact us on the details provided above. We may ask you to provide proof of your identity if you request access to or correction of your personal information.
In the event that a request for access is made, we will review our records to determine what personal information relating to you we hold and endeavour to respond to your request within a reasonable period after the request is made, but in any event, within 30 days.
Once we have notified you of the nature of the personal information relating to you which we hold, we will give you access to your personal information in the manner requested by you, if it is reasonable and practicable to do so.
We do not levy a charge in respect of the making of a request for access to personal information held by us. However, we may charge you for the reasonable costs incurred by us in providing you with access to the personal information held by us.
The Privacy Act provides instances where a holder of personal information may refuse to provide an individual with access to their personal information. If we refuse to give you access to your personal information, we will give you a written notice that sets out our reasons for the refusal and the mechanisms available to complain about our refusal.
13. Correction of personal information
The Wirrpanda Foundation takes reasonable steps to keep your personal information as accurate, complete and up-to-date as possible. We make an effort to ensure this data is of high quality, but this relies on the accuracy and frequency of data provided by you.
You can assist us by notifying us if your circumstances change, such as if your name changes.
If we hold personal information about you and you request that we correct the information, we will take reasonable steps to rectify the situation free of charge if we are satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. If we refuse to correct your personal information, we will give you a written notice setting out our reasons for the refusal and the mechanisms available to complain about the refusal.
14. Complaints, questions or further information
If you wish to make a complaint about a breach of your privacy by the Wirrpanda Foundation, you may contact us using the contact details provided above. All complaints will be investigated by an appropriately qualified representative of the Wirrpanda Foundation. We will endeavour to resolve your complaint as quickly as possible and, in any event, within 30 days. We will notify you of the outcome of the investigation, including how we propose to resolve your complaint and what, if any, corrective measures we will implement.
If you are not satisfied with our handling of your complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). For more information about doing so, visit https://www.oaic.gov.au/privacy/privacy-complaints/.