Privacy Policy
Purpose
To describe how Women with Disabilities Victoria (WDV) protects Personal Information in accordance with Australian privacy laws.
Scope
This policy applies to all Personal Information collected by WDV about any person, including Personal Information belonging to members, employees, job applicants, consultants, suppliers, board directors, program and partner organisations.
General Principles
- WDV will only collect Personal Information when it is reasonably necessary to carry out our functions, services and activities.
- WDV will only collect Personal Information from the person the information belongs to and with their consent, unless:
- we have the person’s consent to collect their Personal Information from another person or organisation; or
- if it is necessary in an emergency to collect their Personal Information from another person or organisation.
- For the purposes of this policy, Personal Information includes Sensitive and Health Information.
- WDV will provide the same level of protection to all Personal Information it collects, irrespective of whether it would be classified under privacy laws as Personal, Sensitive or Health Information.
- WDV will explain why we want to collect Personal Information and how we will use it. We will do this by using Privacy Collection Statements, by promoting this Policy and by responding to requests for further information.
- WDV will take all reasonable steps to keep Personal Information accurate, up-to-date, confidential and secure.
- WDV will destroy or de-identify Personal Information if it is no longer reasonably necessary for us to keep the information to carry out our functions, services and activities.
- Any person may ask to remain anonymous or use another name in their dealings with WDV.If, however, a person chooses not to provide Personal Information, WDV may not be able to provide them with access to some services or activities.
- Any person may request access to their Personal Information held by WDV, including to update and/or correct that information.
- Complaints about possible breach of privacy by WDV should be reported immediately to the Director Business Operations. Complaints will be dealt with promptly and confidentially.
What is Personal Information?
- Privacy laws generally protect three (3) different types of information: Personal, Sensitive and Health Information.
- Personal Information is information or an opinion that could be used to identify a person. Examples include: a person’s name; address; telephone number; email address; date of birth; gender; signature; driver licence number; tax file number and other financial information.
- Sensitive Information is a special category of Personal Information. It is information or opinion about a person’s: racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; sexual preferences or practices; or criminal .
- Health Information is a special category of Sensitive Information. It is information or opinion about a person’s: physical and mental health; disability; preferences about health care and treatment; use of health services; bodily donations (for example, blood, organs), biometrics and genetics.
- Sensitive Information and Health Information have greater protection under privacy laws than other Personal Information. A person’s consent is always required before collecting Sensitive Information and Health Information. A person’s consent is not always required under privacy laws when collecting Personal Information.
Gender and Disability Information
- WDV undertakes systemic advocacy on behalf of women and non-binary people with disabilities.To carry out our role WDV requests Personal Information about gender, sexual and disability identities from members, employees, board directors, program participants and other stakeholders.
- Under current privacy laws, information about gender, sexual and disability identities have different levels of protection:
- Information about gender identity and sex are not classified as Sensitive Information and consent is not required before collecting such information;
- Information about sexual identity is classified as Sensitive Information and a person’s consent is requiredbefore collecting such information;
- Information about disability is classified as Health Information and a person’s consent is required before collecting such information.
- WDV recognises that safety and consent are critical for women and non-binary people with disabilities. For that reason, WDV will provide the same level of protection to all Personal Information it collects, irrespective of whether it would be classified under privacy laws as Personal, Sensitive or Health Information.
- Consequently, WDV will only collect Personal Information from the person the information belongs to and with their consent, unless:
- we have the person’s consent to collect their Personal Information from another person or organisation; or
- if it is necessary in an emergency to collect their Personal Information from another person or organisation.
Why does WDV collect Personal Information?
- WDV will only collect Personal Information when it is reasonably necessary to carry out our functions, services and activities, including delivery and promotion of:
- membership services;
- programs, training, activities and events;
- surveys, questionnaires and research;
- newsletters, publications and other direct marketing;
- advocacy and campaigns;
- fundraising;
- recruitment and employment;
- financial management and reporting;
- information technology and telecommunications;
- accessibility and reasonable adjustments;
- corporate and governance reporting;
- reporting to funding bodies and government agencies;
- quality assurance, legal compliance and audits;
- responding to inquiries and complaints; or
- for other purposes consented to or permitted by law.
How does WDV collect Personal Information?
- Personal Information may be collected in many ways. For example:
- in person: at meetings, interviews, programs and events;
- in writing: from emails, membership forms, workplace forms, job applications, surveys and questionnaires;
- by telephone: in a phone conversation, by texting;
- online: at online meetings or events; via social media; by visiting our website
- WDV will explain why we want to collect Personal Information and how we will use it.We will do this by using Privacy Collection Statements, by promoting this Policy and by responding to requests for further information.
- WDV Employees shouldseek review and endorsement of proposed Privacy Collection Statements from their Manager or the Director Business Operations.
- WDV will make Privacy Collection Statements available in a format accessible to the person from whom we are requesting Personal Information, as required.
- Further information about Privacy Collection Statements is at Appendix 2.
Unsolicited Personal Information
- Unsolicited Personal Information is Personal Information about a person that WDV has received but did not request.
- Examples include: misdirected mail; unsolicited correspondence; a petition that contains names and addresses; a resumé submitted by a person on their own initiative and not in response to an advertised vacancy.
- When WDV receives unsolicited Personal Information, we will consider whether it is reasonably necessary for WDV to keep the information to carry out our functions, services or activities.
- If it is reasonably necessary for WDV to keep the information, WDV will notify the person concerned and seek their consent to WDV keeping the information.
- If it is not reasonably necessary for WDV to keep the information or the person does not consent to WDV keeping the information, WDV will destroy or de-identify the information.
Direct Marketing – the Right to Opt Out
- Where WDV uses Personal Information we have collected to distribute direct marketing material promoting our programs, services and activities, we will provide recipients with the opportunity to opt out of receiving such information.
- If a recipient of WDV’s direct marketing does not indicate a wish to opt out of receiving the material, WDV will assume we have their consent to send them similar material in the future.
- Any person who does not wish to receive direct marketing material from WDV may ask to opt out at any time.
Cookies
- We use cookies and similar tools on our website to enhance your experience. Cookies are small data files that are stored by your browser on your device and help us understand how you interact with our site during each visit. This allows us to improve our website and provide you with a better experience.
Cookies and other tools used across our site are employed for internal purposes, such as gathering statistics on website traffic. While most browsers are set to accept cookies by default, you have the option to adjust your browser settings to block cookies and reject other tools that may be used by our site.
Google Analytics
- We use Google Analytics to monitor traffic on our websites. The information generated by Google Analytics is used to create reports about the use of our website. Google will store this information on its own external servers.
We use this information to see how many people are visiting our website, which pages they look at and how long they look at certain pages for. These results do not identify users individually, and we do not use this data to identify you
Protecting Personal Information
- WDV will take all reasonable steps to ensure Personal Information is securely stored and protected, including by ensuring:
- Personal Information is only available to those who reasonably need that information to carry out WDV functions, services and activities;
- paper records containing Personal Information are secured in locked cabinets;
- electronic records containing Personal Information are secured through use of passwords, folder access controls, virus protection and firewalls;
- physical access to WDV premises is secure;
- Personal Information is not inappropriately shared verbally in workspaces, whether in person, online or on the telephone; and
- WDV employees and board directors apply this Policy, including when working from home.
- If Personal Information, excluding a personal phone number and email contact address, is kept on a personal device not owned by WDV the information must be transferred to WDV’s secure systems and deleted from the personal device as soon as possible.
- WDV recognises that people may choose to share Personal Information, including Sensitive and Health Information, during our programs, activities and events. We respect that such information belongs to those people and should not be shared further, in any medium, without their written or recorded consent.
Disclosure of Personal Information to Third Parties, including Overseas
- To carry out our activities, WDV may disclose or allow access to Personal Information by third parties. This may include:
- contractors and suppliers engaged by us or acting on our behalf;
- Government and regulatory bodies;
- project partners and funding bodies;
- financial institutions;
- legal guardians, executors, trustees, legal and nominated representatives of persons we have dealings with; and
- if WDV is otherwise required by law.
- WDV may disclose Personal Information to external service providers located overseas so they can provide us with services to support our business operations, including but not limited to, data storage, enabling online correspondence, and financial transactions.
- WDV will take all reasonable steps to ensure that third parties protect Personal Information, including by using contractual arrangements to require contractors and suppliers to apply current privacy laws.
Destroying or De-identifying Personal Information
- WDV will not keep Personal Information if it is no longer reasonably necessary to carry out our functions, services and activities.
- In some cases, WDV may reasonably need to keep Personal Information for some years after an activity is complete, for example to meet evaluation and audit requirements under a funding agreement or for use in research and advocacy.
- When Personal Information is no longer needed by WDV, we will take all reasonable steps to destroy or de-identify the information.
Remaining Anonymous or using another name
- Any person may ask to remain anonymous or use another name (a pseudonym) in their dealings with WDV. For example, a person:
- is not required to provide any Personal Information when telephoning WDV with a question about its events or activities;
- may ask to use a pseudonym when participating in an activity. If WDV requires their actual name (for example to meet the evaluation requirements of a funding agreement), it can be recorded confidentially with the person’s consent and the pseudonym used during the activity.
- If, however, a person chooses not to provide Personal Information, WDV may not be able to provide them with access to certain information, services or activities. For example, a person:
- is required to provide their actual name, address and specified contact details when applying to be a WDV member.
- Personal Information should only be linked to a pseudonym in WDV records if it is required or authorised by law; it is impracticable for WDV not to link the information; or the individual has consented to linking their pseudonym to their Personal Information.
Accessing and Correcting Personal Information
- WDV will take all reasonable steps to ensure Personal Information held by us remains up-to-date and accurate.
- Any person may request access to their Personal Information held by WDV, including to update and/or correct information.
- For security reasons WDV may ask for such requests to be made in writing or another accessible and recorded format.
- WDV may also take reasonable steps to satisfy itself that a request to update and/or correct Personal Information is being made by the person concerned or by another person who is authorised to make a request on their behalf.
Privacy Complaints
- Complaints regarding possible breach of privacy by WDV should be reported to the Director Business Operations via: telephone 03 9286 7800; email [email protected]; or the contact form on our website https://www.wdv.org.au/contact-us/
- Complaints will be investigated promptly and confidentially, in accordance with WDV’s Feedback and Complaints Policy.
- Any complaint that WDV has failed to provide access to or correct Personal Information held by us may be made directly to the Office of the Australian Information Commissioner viahttps://www.oaic.gov.au/
- Any complaint that WDV has failed to protect Health Information may be made to the Victorian Health Complaints Commissioner via https://hcc.vic.gov.au/make-complaint
Accountabilities
- The Director Business Operations and CEO is responsible for ensuring this Policy is promoted and implemented.
- The Membership Engagement and Communications Officer (MECO) is responsible for providing members with access to this policy.
Definitions
Board | The body which governs the affairs of WDV. |
Director Business Operations | An employee of WDV who has designated accountability for overseeing human resources, finance, communications, IT systems and infrastructure functions. |
Employee | A person employed by WDV on a full-time, part-time or casual basis, whether ongoing or fixed-term. |
Manager | An employee of WDV who has designated accountability for supervision of employees. |
WDV | Women with Disabilities Victoria, Inc. |
Related Documents
- Privacy Act 1988 (Cwth)
- Australian Privacy Principles
- Health Records Act 2001 (Vic)
Distribution
This policy is to be published on the WDV website and made available to all members, employees, Board directors, program participants, job applicants, contractors and other persons as required.
Authorisation
Signed: Nadia Mattiazzo
Date: 12 August 2024