Privacy Policy

1. Background

1.1 General

Social Change Central (SCC) (ABN 87 614 389 276) takes your privacy very seriously and is committed to protecting your privacy. We adopt privacy best practices to ensure the proper handling of your information.

This Privacy Policy explains how SCC collects, uses, discloses and otherwise handles personal information. If you have any comments or queries about this Privacy Policy or the personal information that SCC holds about you or the way we handle that personal information, please contact us using the contact page or by using our contact details set out below.

Email: hello@socialchangecentral.com.au

1.2 What is personal information?

Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.

1.3 Privacy practices

While SCC is exempt from mandatory compliance with the Privacy Act due to our status as a small business, we voluntarily follow good privacy practices inspired by the Australian Privacy Principles (APPs) where appropriate for our operations.

In circumstances where we may collect limited health information, we respect the privacy principles in relevant state legislation such as the Health Records Act 2001 (Vic) and the Health Records and Information Privacy Act 2002 (NSW).

In certain circumstances (for example, where funding agreements with government agencies require it), SCC may also need to comply with additional privacy legislation applicable to those arrangements.

1.4 Employee records

SCC is generally exempt from the Privacy Act when it collects and handles employee records and this Privacy Policy does not apply to that information. However, State Health Privacy Law still requires us to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances.

2. What personal information does SCC collect?

2.1 General

The type of personal information we collect about you will depend on your interactions with us. We may collect various categories of information depending on the services you use and your relationship with us, including but not limited to:

  • Identity and contact information: Such as your name, email address, postal address, phone number, organisation name, and job title.

  • Demographic and professional information: Such as your industry sector, professional role, organization type, mission, and areas of interest.

  • Transaction and financial information: Such as payment details, donation amounts, subscription details, and purchase history.

  • Interaction data: Information about how you engage with our content, services, and communications.

  • Correspondence and feedback: Information contained in your communications with us, including inquiries, complaints, survey responses, and feedback.

  • Application information: If you apply for a role or opportunity with us, relevant information such as your qualifications, experience, and references.

This information may be collected in various contexts, including when you become a member, subscribe to our publications, make donations, attend our events, use our online resources, contact us with queries, or apply for opportunities with us.

2.2 Sensitive information

Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.

SCC only collects sensitive information where it is reasonably necessary for our functions or activities and either:

  • the individual has consented; or

  • we are required or authorised by or under law to do so.

2.3 What if you don't provide us with your personal information?

In some circumstances we allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with us (for example, when viewing our website or making general phone queries). Donations may also be made anonymously, but in this case SCC may not be able to issue a receipt.

3. How does SCC collect personal information?

3.1 Methods of collection

SCC will collect personal information by lawful and fair means. We will also collect personal information directly from you where this is reasonable and practicable.

We collect personal information in a number of ways, including:

  • through our website (for example, if you choose to join the SCC mailing list or subscribe to SCC online through our secure payment gateway)

  • when you correspond with us (for example by email, letter, email or telephone)

  • on hard copy forms

  • in person (for example, at job interviews)

  • from referring third parties

  • at events or forums

3.2 Collection notices

Where SCC collects personal information about you, we will take reasonable steps to notify you of certain matters. We will do this at or before the time of collection, or as soon as practicable afterwards.

4. Why does SCC collect personal information?

4.1 General

SCC provides individuals and organisations with information and services including a directory of opportunities to assist them to create positive social impact. We also seek to promote positive social impact through advocacy and policy work and education, using evidence from the stories of our members and the people they help.

The main purposes for which we collect, hold, use and disclose personal information are set out below.

  • providing services to our community 

  • advocacy

  • education and information

  • fundraising

  • recruiting staff, contractors and volunteers

  • processing payments

  • answering queries and resolving complaints

  • evaluating our work and reporting externally

  • general administration

  • business transactions, including potential sale, transfer or merger of some or all of our assets or business

We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:

  • required or authorised by or under law; or

  • for which the individual has provided their consent.

4.2 Direct marketing

We may use your personal information to keep you informed and up to date about our work, either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may send this information in a variety of ways, including by mail, email, SMS, telephone, or facsimile.

Where you have consented to receiving marketing communications from us, that consent will remain current until you advise us otherwise. However, you can opt out at any time, as explained below.

Opting out

You can opt out of receiving marketing communications from us by:

  • advising us if you receive a marketing call that you no longer wish to receive these calls;

  • using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes) to opt out of receiving those messages; or

  • contacting us using the contact details set out in paragraph 1.1.

5. What third parties does SCC disclose personal information to?

We may disclose personal information to third parties where appropriate for the purposes set out under heading 4, including:

  • our funding providers (although personal information will only be provided with consent)

  • financial institutions for payment processing

  • referees whose details are provided to us by job applicants

  • SCC's contracted service providers, including:

    • information technology service providers

    • conference, function and training organisers

    • marketing, communications and research agencies

    • freight and courier services

    • printers and distributors of direct marketing material

    • external business advisers (such as recruitment advisors, auditors and lawyers)

  • parties involved in a business asset transaction, such as a potential buyer or transferee of our business or assets (including customer databases and mailing lists)

6. Cross border disclosure of personal information

We may disclose personal information to third parties located overseas as part of providing services to you. These disclosures are made only in the context of operating our services and providing you with access to our platform. When we disclose personal information overseas, we take reasonable steps to ensure that overseas recipients handle that information in accordance with appropriate privacy standards and practices.

7. Data quality and security

7.1 General

We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:

  • make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;

  • protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and

  • destroy or permanently de-identify personal information that is no longer needed for any purpose permitted under this policy.

7.2 Security

The steps we take to secure the personal information we hold include website protection measures (such as encryption, firewalls and anti-virus software), security restrictions on access to SCC's computer systems (such as login and password protection), controlled access to SCC's premises, policies on document storage and security, personnel security (including restricting the use of personal information by SCC employees) and training and workplace policies.

Online payment security

SCC processes online payments and donations using a secure payment gateway. Your complete credit card number cannot be viewed by SCC and all transactions are secured using encryption.

Website security

While SCC strives to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact SCC by email (details in paragraph 1.1 above).

You can also help to protect the privacy of your personal information by letting us know as soon as possible if you become aware of any security breach.

Third party websites

Links to third party websites that are not operated or controlled by SCC are provided for your convenience. SCC is not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

8. Access and Correction

8.1 General

Please contact us (details in paragraph 1.1 above) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.

8.2 Access

We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.

8.3 Correction

If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.

If we correct personal information about you, and we have previously disclosed that information to another agency or organisation, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.

8.4 Timeframe for access and correction requests

Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.

8.5 What if we do not agree to your request for access or correction?

If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out:

  • the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so); and

  • available complaint mechanisms.

In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this to associate the statement in such a way that will make it apparent to users of the information.

9. Complaints

If you have a complaint about how SCC has collected or handled your personal information, please contact us (details in paragraph 1.1 above). We will ask you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved. We can assist you with this process if required.

Complaints process

We will endeavour to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.

We will try to resolve your complaint in a fair and reasonable way. In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the complaint. If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.

If you are unhappy with our response, you may have options to escalate your complaint depending on the nature of your concerns.

10. Changes to this Policy

We may amend this Privacy Policy from time to time. If you have any queries about this policy or about how we handle personal information about you, please reach out to us using the contact details in paragraph 1.1 above.