Privacy Policy

Last updated: February, 2024
  1. Purpose
    • PEF is committed to upholding the privacy of individuals, in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (Privacy Act).
    • PEF (in support of its objects) routinely collects personal information about individuals who access, provide or participate in PEF’s activities, funding support, services and events.
    • This policy has been developed in accordance with the Privacy Act and explains:
      • the kinds of information that we collect and hold;
      • how we collect and hold personal information;
      • the purposes for which we collect, hold, use and disclose personal information;
      • how a person may request to access or correct personal information and seek the correction of that information; and
      • how a person may complain about our privacy practices and how we will deal with such a complaint.
  1. Scope
    • This policy governs and applies to the privacy practices of PEF, including its officers, employees, contractors and volunteers to the extent they are undertaking PEF business.
    • The personal information collected and held by or on behalf of PEF is the property of PEF.
    • PEF is not a health service provider for the purposes of the Privacy Act.
  2. Definitions

“PEF” or “we”, “us” and “our”

Perth Eye Foundation Ltd, of care of 10 Stirling Highway, Nedlands  WA  6009.

“hold”

Possession or control of a record that contains the personal information, as defined in section 6(1) of the Privacy Act 1988 (Cth).

“Law”

Broadly refers to any legislative requirement; common law; mandatory code, standard or guideline; writ, order, injunction or judgment; regulatory requirement of a state or federal government agency, whether formal or informal, no matter how expressed, including by way of order, notice, determination or direction; and local government legislation, including regulations, by-laws, declarations, ministerial directions and other subordinate legislation, in any applicable jurisdiction.

  1. What is personal information?
    • Personal information
      • “Personal information” refers to any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion, regardless of whether it is true.
      • The most common examples of personal information are:
        • contact details – which may include name, address, telephone number, email;
        • personal details – which may include date of birth, gender, areas of interest; and
        • financial information – which may include bank account details or income.
      • Sensitive information
        • “Sensitive information” is a subset of personal information and, due to its sensitive nature, it is afforded a higher degree of privacy protection in relation to its handling under the Privacy Act.
        • Information about a person’s health information is classified as sensitive information.
        • Sensitive information also refers to information about a person’s race or ethnic origin, political opinions or membership of political associations, religious beliefs or affiliations, membership of a professional, trade association or union, sexual orientation or practices or criminal record.
        • PEF will seek to ensure that, when third parties provide reports, information or data to PEF, it does not include sensitive information.
        • Although PEF does not ordinarily seek to collect sensitive information for its functions and activities, any such information PEF receives will not be used or disclosed without the individual’s consent.
  1. Why do we collect personal information?
    • We will only collect and maintain a record of personal information if it is reasonably necessary to pursue at least one of our functions and activities, or otherwise required or authorised under Law. See Appendix A for information about the broader purposes for which we may collect personal information.
    • We will primarily collect personal information for the following purposes.

TABLE 1 (Primary purposes of collection):

i.

Consider and assess grant applications.

ii.

Support our relationships and communications with grant applicants, grant recipients and other industry stakeholders.

iii.

Procure and process donations and funding.

iv.

Conduct or facilitate research or surveys for purposes related to PEF and its objects.

v.

Provide education or information relevant to PEF’s objects, and to respond to enquiries.

vi.

Market, advertise or otherwise promote PEF.

vii.

Manage our accounts and administrative services.

viii.

Handle complaints and incidents.

ix.

Comply with our legal obligations.

x.

Deliver any other functions or activities in support of PEF’s objects.

  • Information may also be used or disclosed for a secondary purpose if required or authorised by Law, or where an individual would reasonably expect PEF to use or disclose such information for that secondary purpose and it directly relates to the primary purpose of collection.
  • Table 2 below details the types of personal information we collect for the purpose of carrying out our functions and activities.
  1. What personal information do we collect?
    • The types of personal information we collect depends on how and why an individual is engaging with us.
    • Generally, we may collect personal information about individuals when they interact with us, for example, when calling or emailing us, visiting our website or accessing our publications, accepting an event invitation or when applying to access grant funding.
    • As part of these interactions, we may collect the following types of personal information:

TABLE 2 (Types of personal information we collect):

Members, volunteers, contractors, service providers, suppliers

  • Contact details;
  • Personal details (name and date of birth);
  • Preferences (e.g. dietary).
  • Work experience, employment details, qualifications and registrations, skills, experience, performance or conduct, references, professional memberships;
  • Financial details (e.g. taxation, banking or superannuation details);
  • Some sensitive information in limited circumstances (e.g. criminal record check).

Grant applicants

  • Contact details;
  • Personal details (name);
  • Preferences (e.g. dietary).
  • Work experience, qualifications and registrations, skills, experience, references, professional memberships;
  • Financial details (e.g. bank account details).

Donors

  • Contact details;
  • Personal details (name);
  • Preferences (e.g. dietary).
  • Financial details (e.g. history of transactions, credit card and bank account details).

Other stakeholders

  • Contact details;
  • Personal details (name);
  • Preferences (e.g. dietary).
    1. How do we collect personal information?
      • Collecting personal information

    We may collect information through various systems and processes, such as:

    • orally (e.g. face-to-face, telephone or voice message);
    • writing (e.g. letter, survey, email, referral);
    • digital (e.g. electronic form or message on social media applications or websites);
    • publicly (e.g. publicly available sources such as websites or social media).
    • Collecting personal information from third parties
      • Wherever practicable we will only collect information from an individual personally. However, an individual may provide consent for us to collect personal information about them from third parties, such as authorised representatives.
      • We will only collect personal information from a third party without the individual’s consent if it is:
        • unreasonable or impracticable for us to collect that information from the individual and the information is necessary for our functions and activities; or
        • authorised or required by Law.
      • Receipt of unsolicited personal information
        • If we receive personal information about an individual from the individual or third parties which we did not request, we will determine whether we are permitted to collect the information in accordance with the Privacy Act.
        • If we determine that we are not permitted to collect that personal information, we will, as soon as practicable, lawfully destroy the information or ensure that it is de-identified.
        • If we determine that we are permitted to collect the personal information, we will ensure that the information is handled with in a manner that complies with the Privacy Act.
    1. How do we use or disclose personal information?
      • Use and/or disclosure
        • Subject to this policy and the Law, we will use or disclose an individual’s personal information for the purpose it was collected.
        • We will only use or disclose an individual’s personal information for another purpose in the following circumstances:
          • where the individual (or their authorised representative) has consented;
          • where the use or disclosure is directly related to the reason the individual engaged with us and they would reasonably expect us to use or disclose their personal information in this way (e.g. relationship management, communication, engagement and reporting, administration, payments, audit and quality assurance, compliance, incident monitoring); or
          • as required or authorised under Law or court/tribunal order.
        • We will never commercialise or sell personal information. However, if due to a structural review, ownership or control of all or part of our assets/operations changes, we may transfer personal information to the new entity/owner.
        • Table 1 and Appendix A provide more information about the purposes for which we may collect personal information (i.e. our specific functions and activities) and how we may use or disclose personal information.
        • PEF may share personal information amongst its Board, committees (including Program Partner Advisory Panel) and staff where appropriate to achieve its functions and activities.
        • On occasion, PEF may disclose personal information to certain third parties. If this happens, PEF will require the third party to protect the personal information to the same standards as PEF, usually through a confidentiality agreement.
        • The types of third parties to whom personal information may be disclosed include:
          • PEF’s consultants, auditors, lawyers, contractors and service providers that provide goods or administrative or other services in connection with the activities of PEF;
          • organisations who provide services or undertake activities in conjunction with or in association with PEF (e.g. other not-for-profit organisations, educational institutions, medical institutions);
          • where PEF collects an individual’s information from someone else, or another entity, to that person or entity; and
          • an individual’s agent (with an individual’s authority).
        • Direct marketing
          • We may use or disclose personal information (other than sensitive information) for fundraising, marketing or promotional information in relation to other activities or functions, if:
            • we collected the information directly from an individual;
            • the individual consented to, or would reasonably expect us to, use or disclose the information for that purpose; and
            • the individual has not opted-out in receiving fundraising or marketing communications from us by following the opt-out instructions provided in the communication.
          • This may take the form of email, SMS, mail or other forms of communication.
          • From time to time, we will produce publications (including information brochures, reports and newsletters) and run promotional campaigns to raise awareness of our activities, raise funds and provide information to the public and other stakeholders. Some of these publications include photographs, video footage and sound recordings in electronic media. We will ensure we have obtained the individual’s prior consent before using or publishing any image or recording of the individual.
          • If an individual previously consented to receive marketing communications from us, they can change their mind at any time by informing our Secretary in writing. Please refer to clause 13 below for the contact details.
        • Overseas disclosure

    We will not transfer personal information to an overseas recipient unless we have the individual’s consent or we are required to do so by Law.

    • Our website and cookies
      • If an individual has engaged with us via our website we may collect browsing information or cookies.
      • Cookies (and other similar tracking technologies) help us provide users with a better website, by enabling us to monitor which pages users find useful and which users do not. Cookies do not us give access to a user’s computer or any information about the user, other than the data the user chooses to share with us.  Users can choose to decline cookies by modifying browser settings.
      • We will only collect identifiable personal information through our website if it has been provided to us via the contact form or donation.
    1. How do we protect personal information?
      • Information security measures
        • We may hold personal information in either electronic or physical form.
        • We take reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. We will use a number of physical, administrative, personnel and technical measures to protect personal information.
        • The processes and systems we use to safeguard personal information include:
          • limiting access to systems on which information is processed and stored;
          • ensuring physical records are securely stored;
          • integrating data security measures into our risk management strategies;
          • using password protection and multi-factor authentication for access to certain business systems;
          • monitoring of internal access to personal information in our systems;
          • monitoring and regularly reviewing our third party providers (including cloud computing) to ensure compliance with the Privacy Act;
          • monitoring and regularly reviewing our information and communications technology systems (including hardware and software); and
          • monitoring and regularly reviewing our practice against our own policies and against industry best practice.
        • When personal information is no longer required, as appropriate we will take all reasonable steps to destroy, delete or de-identify it in line with our Records Management Policy.
      • Cloud storage
        • We may store personal information with a third party cloud storage provider. If we do, we will take reasonable steps to ensure that the third party cloud storage provider:
          • protects personal information in accordance with the Privacy Act; and
          • is located within Australian territories.
    1. Accessing and correcting personal information
      • An individual may contact PEF at any time requesting access to their personal information. This request should be made in writing. We may need to verify your identity before responding to your request.
      • Access will be provided unless the request is unreasonable or the applicable privacy laws permit or require PEF to decline that access. PEF will provide a written notice for any refusal as per the applicable Law.
      • PEF seeks to maintain the accuracy of personal information. Individuals are encouraged to contact PEF through our Secretary if the information held is incorrect or to notify PEF if personal information has changed.
    2. How to make a complaint about our privacy practices
      • If an individual has a complaint about our privacy practices or suspect that we have been involved with an interference with a person’s personal information, they should contact our Secretary, in writing, using the contact details set out in clause 13.
      • The following information should be included in a written compliant:
        • name;
        • preferred contact details;
        • a clear description of the complaint/concerns; and
        • any supporting materials.
      • Once we have received a complaint, we will take steps to investigate the issues raised and endeavour to respond within a reasonable period of time (usually 30 days).
      • In response to a complaint, our Secretary (or other relevant officer) will contact the complainant by telephone or in writing to:
        • ask for more information about the complaint;
        • notify the complainant of the outcome of our investigation; or
        • arrange to meet with the complainant to discuss the complaint.
    1. Related Documents, Legislation and Policy
      • Privacy Act 1988 (Cth).
      • PEF Records Management Policy.
    2. Contacts

    For questions about this policy, contact the Chair or the Company Secretary by email: secretary@pertheyefoundation.org.au.