1. Background and Purpose
The Brotherhood of St Laurence (BSL) ABN 24 603 467 024 complies with the Australian Privacy Principles (APPs), which are part of the Privacy Act 1988 (Cth). BSL is also bound by the Health Privacy Principles (HPPs) made under the Health Records Act 2001 (Vic).
We are committed to protecting the privacy of:
- all BSL customers, clients, supporters and donors
- all BSL employees and volunteers
- all contractors and consultants engaged by the BSL
- representatives and agents of the BSL
- BSL trainees, work experience and tertiary students, and youth camp participants
We always aim to act consistently and comply with our statutory obligations under the APPs and the HPPs.
This policy outlines your rights and our policy on the handling of your personal information.
To provide an:
- understanding of your rights relating to privacy; and
- understanding of BSL's collection and handling of personal information.
3. Why we collect information
Under the APPs, we must only use and disclose personal information for the primary purpose(s) for which we collected the information, any secondary purpose that is related to the primary purpose for which you would reasonably expect us to use the collected information and as otherwise permitted or authorised by law.
We primarily collect personal information about our clients and supporters for the purposes of conducting our usual activities and operations, including securing donations or support, conducting research, developing and delivering services to, and advocating for, individuals and families, with our aim being the alleviation and prevention of poverty.
We also collect personal information regarding job applicants, employees and contractors for the purposes of evaluating their suitability for roles at BSL and to satisfy our obligations under the law.
Please refer to ‘How we use and disclose personal information’ below for a comprehensive list of how the information we collect is used in accordance with these purposes.
4. What information do we collect and hold?
The types of personal information that we collect will depend on the circumstances. The usual types of information we collect from individuals may include:
• information about your name, date of birth, place of birth and age
• contact details such as your address, your telephone number and your email address
• copies of your identification documents, such as your driver’s licence
• information regarding your residency status
• information regarding your interests, family and other relationships
• information about your requirements for the services we provide and existing conditions affecting those services
From time to time, we may also collect sensitive information (such as information regarding your gender, sexual orientation or ethnic origin) and/or health information (such as information regarding a person’s disability or mental health condition) about you when we have your consent or when we are required or authorised by law to collect such information.
At all times, it is your choice how much information you would like to provide. However, if you do not provide any or all of the information requested, BSL may be unable to provide goods/services to you or otherwise deal adequately with any requests you have.
If you apply for a role with us, with your consent we may also collect information about your qualifications, experience, character and screening check results (including health, references, background, directorship, financial probity, identity, eligibility to work, vocational suitability and such sensitive information as your criminal record).
At appointment to a role
If you then take on a role with us, we may also collect information about your current or former employment or engagement including information about your training, disciplining, resignation, termination, terms and conditions, staff benefits, emergency contact details, performance, conduct, use of our IT and communications resources, payroll matters, union or professional/trade association membership, recreation, drug/alcohol tests, leave and taxation, banking or superannuation affairs.
We are required and/or authorised to collect your personal information under various laws including the Fair Work Act, Superannuation Guarantee (Administration) Act and Income Tax Assessment Act.
When a financial donation is made
When a financial donation is made, we may collect credit card numbers and/or bank account details along with contact information (name, address, email address and telephone numbers). We collect this data to process donations and provide receipts. Please clearly indicate to us if you prefer your donation to be anonymous. We also use the information to keep our supporters informed about our work.
In the provision of service delivery
We may collect personal information directly from you or in some cases from third parties including your representatives and carers, other not-for-profit organisations, government agencies, information service providers or from public sources.
If we collect sensitive information about you, such as information about health, religion, ethnic origin or criminal record, we will do so only where you consent, provide the information to us voluntarily or where we are otherwise authorised by law. In our health services areas, such as aged services, the collection of sensitive information takes place so that our clients’ needs are properly understood.
5. How we collect personal information
We may collect information about you in a number of circumstances, including when you:
• complete a form (either physical or online)
• apply to receive our assistance or services
• interact with us directly
• provide feedback or request information from us
• apply for and/or accept a job or volunteer role
• make a donation
• join a mailing or contact list
We may also collect information when we:
• process transactions and administer your accounts
• address your queries and resolve any complaints
• send information updates
• review our quality improvement processes
• comply with any contractual obligations owed to funding agencies
With your consent, we may record conversations and communications between you and our employees. We also record details of our interactions with you, including any contact we have with you in person, by email, online or on the telephone.
Our staff may also record personal information collected from you in the course of preparing notes, recommendations and decisions.
We will only collect personal information via lawful and fair means and when we specifically request or take active steps to collect that information. However, from time to time, personal information may be volunteered to us without us requesting or taking steps to collect that information.
Additionally, we may receive unsolicited personal information when we ask an individual to provide us with certain information and the individual provides us with additional information.
In such a situation, in accordance with our statutory obligations, we will determine whether we could have lawfully collected the information we receive on a volunteer basis had we taken steps to collect that information and, if not, take steps to destroy or de-identify that information (unless we are required or authorised by law to retain the information).
We may also receive personal information about you through publicly available sources of information.
Job applicants and contractors
We always try to collect information about applicants for employment with us directly from them. We also collect information about job applicants:
• through background checks and police checks; and
• from referees and employment agencies
BSL relies on the information collected from job applicants about referees and assumes that the applicant has the consent of the referee to disclose his/her details to BSL.
Please note that we may retain personal information collected from unsuccessful applicants for the purpose of considering the applicant for other roles in the future.
Information about contractors and their employees is collected directly from the contractors and from our clients and their representatives.
6. Dealing with us anonymously of pseudonymously
Under the APPs, you have the right to deal with us on an anonymous or pseudonymous basis. This means that you do not need to provide us with personal information if and when we request that information.
However, if you choose to interact with us in this fashion, or if you do not provide us with personal information when requested, we may be unable to provide you with the services that you request we provide to you.
For example, we may not be able to communicate with you, respond to your enquiries or consider you for positions with us.
We reserve the right to verify the identity of an individual who is seeking access to personal information held by us in order to minimise the risk of releasing personal information of another individual inadvertently, as well as to verify the identity of the individual in the event the individual complains to us about the handling of his/her personal information.
7. How we use and disclose personal information
We may use and/or disclose personal information we collect about an individual to:
• provide support and assistance to our clients
• assess prospective client applications
• process donations and receipts
• identify individuals
• maintain and update our records
• continuously evaluate, develop and improve our programs and services via continuous improvement activities
• assess the effectiveness of our services and programs through quality assurance and risk management activities
• plan for future programs and services
• conduct research
• manage and train our people
• comply with our obligations under laws
• respond to lawful information requests from government agencies, courts or lawyers
• protect our lawful interests
• respond to your queries or concerns
• if you have applied for a job, assess your suitability to perform duties
We will not use and/or disclose personal information collected from you for an unrelated secondary purpose unless we first obtain your written consent or a statutory exception applies (such as it is impracticable to obtain your consent and we believe that collecting, using or disclosing the information is necessary to lessen a serious threat to the life, health or safety of any individual).
We will not use personal information provided as a client to approach you for marketing purposes without your consent.
We may use your personal information to provide you with ongoing promotional materials and marketing communications about our events, programs, services and fundraising initiatives by telephone, email, online or by other means. When we contact you seeking your support, we are trying to raise public awareness of our programs as well as to provide our supporters with current information on social justice issues of the day.
Please remember that you are under no obligation to respond unless you would like to and are able.
You can ask us at any time not to contact you for these purposes anymore.
9. Third party disclosure
We may disclose personal information we collect from individuals to third parties but only on an as-needs basis and in order to fulfil one or more of the purposes for which the information was collected, any secondary purpose related to the primary purpose of collection, or otherwise as required or authorised by law.
We take reasonable steps to ensure that any third party to which we disclose personal information collected from or about an individual takes steps to protect the personal information so disclosed and to destroy or to de-identify the information when the information is no longer required.
We may exchange your personal information with your representatives, our agents or contractors, related organisations and our third party service providers who perform tasks on our behalf, for example data processing and storage services, payment processing, banking, marketing, professional services (including legal, accounting, auditing and business consulting), research, tele-services, payroll, staff benefits, training, website or technology services, and mailing services that send our letters.
If you are a client, we may sometimes disclose personal information to government agencies for purposes such as informing decisions about funding or third parties involved in your care. This may include disclosure of information to, for example, your health practitioners or allied health service providers. In doing so, we will take into account the provisions of relevant laws such as the Aged Care Act.
If you have applied for a position with us, we may exchange your personal information with your referees, police, Centrelink, recruitment consultants, academic institutions, screening check providers, health service providers, professional and trade associations, previous employers and law enforcement agencies.
We may also disclose personal information (including sensitive information) about you when required by law or court order or where we are required to do so as a result of any obligations we owe under any contract.
We may disclose personal information about an individual to a third party if we consider it reasonably necessary to do so in order to identify, contact or bring legal action against a third party in order to defend an action brought against us or to enforce our legal rights.
Additionally, we may disclose personal information about an individual to our professional advisers, insurers and auditors for the purpose of their provision or performance of their duties owed under contract to us.
10. Cross-border disclosure
Some of the third parties described above may be located in other countries such as the USA.
Please note that in many cases those parties will be subject to other privacy and confidentiality obligations requiring them to protect personal information.
11. Our website and email
We do not collect personal information about you when you visit BSL websites, unless you choose to provide such information.
Through the use of ‘cookies’ we anonymously track your visit in order to compile statistical information about the use of our website. If you prefer not to allow the use of ‘cookies’, you should be able to adjust your browser to turn them off or notify you when ‘cookies’ are being used.
Our website may also use Google Analytics from time to time.
12. How we hold personal information
We hold personal information electronically and in hard copy form, both at our own premises and with the assistance of our service providers. We take a range of steps to protect the security of personal information from misuse, interference and loss, and unauthorised access, modification and disclosure. This may include, among other things, techniques such as firewalls, access controls, user authentication, encryption, intrusion detection and site monitoring.
Changes may be made to this policy from time to time. We will give notice of these changes on our website and intranet.
14. Accessing, updating and further information
We will, at your request, provide you with access to any information which we hold about you in compliance with the APPs or HPPs. To gain access to this information you should contact us (see details below) and ask for an ‘Access to personal information form’.
You can also update or seek the correction of the information we have collected about you and let us know of your preferences for how we communicate with you by contacting us.
When we receive a request to access and/or correct the personal information we hold about an individual, we will comply with our statutory obligations and we will respond to such a request within a reasonable period of time.
Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction within the information.
If we deny any request for access or correction, we will provide you with our reasons.
Where we grant a request to access, we may charge you a fee for accessing the personal information, as permitted by law.
You have the right to complain if you believe we have breached this policy or your rights under the APPs and HPPs.
If you have any queries or concerns about the way that we handle your personal information, please let us know and we will endeavour to promptly resolve your enquiry or concern.
We may be required to verify the identity of the person making the complaint and may request additional details from you regarding your concerns. We may also need to engage or consult with other parties to investigate and deal with your issue.
We will keep records of your request and any resolution.
Contact: Privacy Officer
Telephone: (03) 9483 1389
If you do not wish to send your comments using email you can send them in writing to the following postal address:
Brotherhood of St Laurence
67 Brunswick Street
FITZROY VIC 3065
Resolution of privacy concerns
For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at https://www.oaic.gov.au/ or phone 1300 363 992.
Related documents and legislation
- Privacy Act 1988 (including the Australian Privacy Principles)
- Privacy and Data Protection Act 2014 (Vic) (including the Information Privacy Principles)
- Health Records Act 2001 (including the Health Privacy Principles)
- Aged Care Act 1997 (including the Quality of Care Principles 2014)
- Freedom of Information Vic 1982