Privacy Policy
1. Background
1.1 General
Social Change Central (SCC) (ABN 87 614 389 276) takes your privacy very seriously and is committed to protecting privacy, in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and other applicable privacy legislation.
This Privacy Policy explains how SCC collects, uses, discloses and otherwise handles personal information. If you have any comments or queries about this Privacy Policy or the personal information that SCC holds about you or the way we handle that personal information, please contact us using the contact page or by using our contact details set out below.
Email: hello@socialchangecentral.com.au
1.2 What is personal information?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
1.3 Applicable legislation
SCC complies with the Australian Privacy Principles (APPs) in the Privacy Act where applicable. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
SCC also complies with the Health Privacy Principles in the Health Records Act 2001 (Vic) and the Health Records and Information Privacy Act 2002 (NSW) (State Health Privacy Law) where applicable when we collect and handle health information in those States.
In certain circumstances (for example, where funding agreements with government agencies require it), SCC may also be required to comply with the Information Privacy Principles in the Information Privacy Act 2000 (Vic) and the Privacy and Personal Information Protection Act 1998 (NSW).
1.4 Employee records
SCC is generally exempt from the Privacy Act when it collects and handles employee records and this Privacy Policy does not apply to that information. However, the Privacy Act still applies to personal information about job applicants, contractors and volunteers, and State Health Privacy Law still requires us to protect the privacy of employee health information. This Privacy Policy will apply in those circumstances.
2. What personal information does SCC collect?
2.1 General
The kind of personal information that we collect about you will depend on the type of dealings you have with us. For example, if you:
become a member of SCC, we may collect your name, organisation name, legal structure, mission and location, contact details and payment details
provide services to our members, we may collect your name, organisation and contact details
register for a subscription to a SCC publication, we may collect your name, organisation and contact details and details about the information you access in our publications
make a donation to SCC, we may collect your name, organisation, contact details, the amount and frequency of your donation and payment details
attend a professional development or training program or attend another SCC event, we may collect your name, organisation, contact details, payment details (if applicable) and any dietary and accessibility requirements
participate in our surveys, we may collect your name, organisation contact details and your survey responses
download a SCC resource from our website, we may collect your name, organisation and contact details and details of the resource you downloaded
use a web application, we may collect your name, email address, and data inputted where we have indicated that data will be collected
send us an enquiry, we may collect your name, contact details and details of your query
make a complaint, we may collect your name, contact details, the details of your complaint, information collected in any investigation of the matter and details of the resolution of the complaint
apply for a role at SCC, we may collect the information you include in your application, including your cover letter, resume, contact details and referee reports.
2.2 Sensitive information
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.
SCC only collects sensitive information where it is reasonably necessary for our functions or activities and either:
the individual has consented; or
we are required or authorised by or under law (including applicable privacy legislation) to do so.
2.3 What if you don’t provide us with your personal information?
In some circumstances we allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with us (for example, when viewing our website or making general phone queries). Donations may also be made anonymously, but in this case SCC may not be able to issue a receipt.
3. How does SCC collect personal information?
3.1 Methods of collection
SCC will collect personal information by lawful and fair means as required by the Privacy Act. We will also collect personal information directly from you where this is reasonable and practicable.
We collect personal information in a number of ways, including:
through our website (for example, if you choose to join the SCC mailing list or subscribe to SCC online through our secure payment gateway)
when you correspond with us (for example by email, letter, email or telephone)
on hard copy forms
in person (for example, at job interviews)
from referring third parties
at events or forums
3.2 Collection notices
Where SCC collects personal information about you, we will take reasonable steps to notify you of certain matters. We will do this at or before the time of collection, or as soon as practicable afterwards.
4. Why does SCC collect personal information?
4.1 General
SCC provides individuals and organisations with information and services including a directory of opportunities to assist them to create positive social impact. We also seek to promote positive social impact through advocacy and policy work and education, using evidence from the stories of our members and the people they help.
The main purposes for which we collect, hold, use and disclose personal information are set out below.
providing services to our members
advocacy
education and information
fundraising
recruiting staff, contractors and volunteers
processing payments
answering queries and resolving complaints
evaluating our work and reporting externally
general administration
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:
required or authorised by or under law (including, without limitation, privacy legislation); or
for which the individual has provided their consent.
4.2 Direct marketing
We may use your personal information to keep you informed and up to date about our work, either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may send this information in a variety of ways, including by mail, email, SMS, telephone, or facsimile.
Where you have consented to receiving marketing communications from us, that consent will remain current until you advise us otherwise. However, you can opt out at any time, as explained below.
Opting out
You can opt out of receiving marketing communications from us by:
advising us if you receive a marketing call that you no longer wish to receive these calls;
using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSes) to opt out of receiving those messages; or
contacting us using the contact details set out in paragraph 1.1.
5. What third parties does SCC disclose personal information to?
We may disclose personal information to third parties where appropriate for the purposes set out under heading 4, including:
our funding providers (although personal information will only be provided with consent)
financial institutions for payment processing
referees whose details are provided to us by job applicants
SCC’s contracted service providers, including:
information technology service providers
conference, function and training organisers
marketing, communications and research agencies
freight and courier services
printers and distributors of direct marketing material
external business advisers (such as recruitment advisors, auditors and lawyers)
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
6. Cross border disclosure of personal information
We do not currently disclose personal information to third parties located overseas. If this changes at some time in the future, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information and this Privacy Policy will be amended accordingly.
7. Data quality and security
7.1 General
We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:
make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.
7.2 Security
The steps we take to secure the personal information we hold include website protection measures (such as encryption, firewalls and anti-virus software), security restrictions on access to SCC’s computer systems (such as login and password protection), controlled access to SCC’s premises, policies on document storage and security, personnel security (including restricting the use of personal information by SCC employees) and training and workplace policies.
Online credit card payment security
SCC processes donations and other online credit card payments using a secure payment gateway. Your complete credit card number cannot be viewed by SCC and all transactions are secured using encryption.
Website security
While SCC strives to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact SCC by post (details in paragraph 1.1 above).
You can also help to protect the privacy of your personal information by letting us know as soon as possible if you become aware of any security breach.
Third party websites
Links to third party websites that are not operated or controlled by SCC are provided for your convenience. SCC is not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.
8. Access and Correction
8.1 General
Please contact us (details in paragraph 1.1 above) if you would like to access or correct the personal information that we hold about you. We may ask you to verify your identity before processing any access or correction requests, to ensure that the personal information we hold is properly protected.
8.2 Access
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
8.3 Correction
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
If we correct personal information about you, and we have previously disclosed that information to another agency or organisation that is subject to the Privacy Act, you may ask us to notify that other entity. If so, we will take reasonable steps to do so, unless this would be impracticable or unlawful.
8.4 Timeframe for access and correction requests
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
8.5 What if we do not agree to your request for access or correction?
If we do not agree to your access or correction request, or if we do not agree to give you access in the manner you requested, we will provide you with a written notice setting out:
the reasons for our decision (except to the extent that, having regard to the grounds for refusal, it would be unreasonable to do so); and available complaint mechanisms.
In addition, if we refuse to correct personal information in the manner you have requested, you may ask us to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, and we will take reasonable steps to do this to associate the statement in such a way that will make it apparent to users of the information.
9. Complaints
If you have a complaint about how SCC has collected or handled your personal information, please contact our us (details in paragraph 1.1 above). We will ask you to complete a Privacy Complaint Form, which asks you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved. We can assist you with completing the Form if required.
Complaints process
We will endeavour to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.
We will try to resolve your complaint in a fair and reasonable way. In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, and tell you when we expect to provide our response.
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information) or, in some instances, other regulatory bodies, such as the Victorian Privacy Commissioner (see here), the New South Wales Privacy Commissioner (see here) or the Victorian Health Services Commissioner (see here).
10. Changes to this Policy
We may amend this Privacy Policy from time to time. If you have any queries about this policy or about how we handle personal information about you, please reach out to us using the contact details in paragraph 1.1 above.