St John Ambulance Australia TAS supports the importance that the community places on the maintenance of confidentiality of individuals’ personal and/or sensitive information. This extends to the collection and management of information held in the records regarding individuals.
St John Ambulance Australia TAS is a volunteer based charity providing first aid services, social inclusion and youth development programs to the TAS community.
We value the privacy of personal information. Our procedures ensure that personal information (also referred to as information or details) and privacy rights are protected.
St John Ambulance Australia TAS is bound by the Australian Privacy Principles (APPs) in the Commonwealth Privacy Act 1988 (Privacy Act). These principles regulate the way that we collect, hold, use and disclose information. You can find out more about these principles by calling the Office of the Privacy Commissioner or visiting the website at www.oaic.gov.au.
1. Collection of personal information
1.1 Types of information we may collect
St John Ambulance Australia TAS collects and holds personal information from customers, employees, contractors, and from other individuals. We only collect personal information that is reasonably necessary for what we do.
The type of personal information we may collect includes the following:
(a) contact information (both home and work) such as full name (first and last), e-mail address, current postal address and phone numbers;
(b) date of birth;
(c) employment details, including but not limited to job title, any training and skills;
(f) your opinions via surveys and questionnaires, if applicable;
(g) details relating to the goods and services obtained from us;
(h) details relating to your donations made to us;
(i) any relevant payment or billing information (including bank account details, credit card details, billing address and invoice details); and
(j) username and password when setting up an account on our website.
1.2 Direct collection
As much as possible, we will collect information directly from an individual, unless it is unreasonable or impracticable for us to do so (in which case we may collect information from other sources). We may also collect individuals' personal information from publicly or commercially-available sources.
1.3 Optional activities
St John Ambulance Australia TAS may collect personal information through the conduct of certain activities, such as when individuals purchase a product, sign up for a service, enter a contest or promotion, fill out a survey or send us feedback. Participation in these activities is voluntary.
1.4 Mandatory information
Depending upon the reason for requiring the information, some of the information we ask for may be identified as either mandatory or voluntary. If mandatory information (or any other information we require) is not provided, we may be unable to effectively provide our services or products. For example, we will not be able to process donations if we do not receive the relevant payment or billing information.
1.5 Website “cookies”
Our website may utilise "cookies" which enable us to monitor traffic patterns and to serve users more efficiently. A cookie does not identify individuals personally but it does identify their computer. Browser settings can notify the receipt of a cookie and provide an opportunity to either accept or reject it in each instance.
IP addresses may be gathered as part of our business activities and to assist with any operational difficulties or support issues with our services. This information does not identify individuals personally.
2. Use and disclose of personal information
2.1 Use and disclosure
We will only use or disclose personal information for the primary purposes for which it was collected (or as consented to by individuals and/or as set out in this section 3). We will generally not use or disclose the information for another purpose (that is, a secondary purpose) without the individual's consent, or in the circumstances set out in this section 3.
The purposes for which we use or disclosure personal information generally include:
(a) if required, the verification of your identity;
(b) fundraising, including the processing of your donations and grants;
(c) the processing of commercial transactions;
(d) undertaking and publishing the results of research and related documentation;
(e) processing your orders, including to communicate concerning such orders;
(f) the provision of our goods and services to you (as applicable), including but not limited to commercial transactions, volunteering and fundraising;
(g) the administration and management of your donations or our goods and services, including charging, billing, credit card authorisation and verification and collecting debts to the extent that such information is not directly provided to our third party hosted payment system for processing;
(h) the improvement of our services (including contacting you about those improvements and participation in surveys about the goods and services);
(i) the maintenance and development of our goods and services, products, business systems and infrastructure;
(j) sending you direct marketing information about our products, services, events, fundraising, and other promotional activities, which we consider may be of interest to you (including by direct mail, telemarketing, email, SMS and MMS messages);
(k) to provide our customer service functions, including handling customer enquiries and complaints;
(l) to offer you updates, or other content or products and services
(m) our compliance with applicable laws;
(n) your employment (or potential employment) by us; and
(o) any other matters reasonably necessary to facilitate the primary purpose and to continue to provide our goods and services.
2.2 Circumstances where we may not seek consent
We may use or disclose personal information without consent :
(a) for a secondary purpose, where the individual would reasonably expect us to use or disclose their information for that purpose, and where that secondary purpose is related to the primary purpose of collection (or directly related, in the case of sensitive information);
(b) if we reasonably believe the use or disclosure is necessary to lessen or prevent a serious threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety;
(c) if we have reason to suspect that unlawful activity or misconduct of a serious nature, relating to St John Ambulance TAS’s functions or activities, has been, or is being, engaged in, and we reasonably believe the use or disclosure is necessary in order to take appropriate action; or
(d) if the use or disclosure is required or authorised by or under an Australian law, or a court or tribunal order, or otherwise where the Privacy Act permits us to do so.
If you have received communications (such as direct marketing materials) from us or from organisations that work with us, and you no longer wish to receive those sorts of communications, please contact our Privacy Officer by:
· By email email@example.com
· by telephone on 1300 78 5646
· by post at 177 Main Rd, Moonah TAS 7009 and we will ensure you are removed from the relevant mailing lists and that the relevant communications cease. simpler
3. Cross Border Disclosure
3.1 Disclosure of personal information overseas
Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or other St John Ambulances.
Prior to disclosing personal information to third party service providers operating outside Australia, St John Ambulance Australia TAS takes reasonable steps (in those circumstances) to ensure that the overseas recipient will handle that information in a way that does not breach the APPs. St John Ambulance Australia TAS engages all third party service providers operating outside Australia under contractual arrangements that require those parties to comply with the Privacy Act and the APPs.
4. Data quality and security
At all times we will take reasonable steps to ensure personal information is safe including:-
(a) making sure that the personal information we collect, use or disclose is accurate, complete up to date and relevant;
(b) protecting personal information from misuse, interference, loss, unauthorised access, modification or disclosure both physically and through computer security methods; and
(c) destroying or permanently de-identifying personal information if it is no longer needed for any purpose for which we are permitted to use or disclose it.
We cannot guarantee the security of all transmissions or personal information, especially where the Internet is involved. Notwithstanding this, we have implemented appropriate internal procedures to respond to the unauthorised access, modification or disclosure of personal information in a manner which constitutes a data breach (Security Incident) including, but not limited to, taking reasonable steps to contain the Security Incident, undertaking a preliminary assessment of the Security Incident and (where appropriate following the results of that assessment) implementing appropriate changes. Where required under the Privacy Act, or in any instance where we feel it is appropriate to do so, we will notify affected individuals and the appropriate authorities if a Security Incident occurs.
5. Access, correction and deletion of personal information
An individual is entitled to have access to personal information relating to them which we possess, except in some circumstances provided by law. We may also charge a fee for providing access (which will be limited to the amount of our reasonable expenses incurred in responding to your request, including photocopying and administrative expenses). We will not charge a fee for you to lodge a request for access.
The accuracy of your personal information held by us depends largely on the information you provide to us. If you become aware that the personal information we hold about you is inaccurate, incomplete, out of date, irrelevant or misleading, then you should contact us. We will correct our records of your personal information.
If we disagree with you about the accuracy of the personal information we hold about you, we will keep a record that there is a difference of opinion about that information.
If we do not correct your personal information, as requested, we will give you a written notice setting out our reasons for refusal, along with details of how you may complain about the refusal.
Individuals wishing to access, or to correct or update their personal information should contact the Privacy Officer.
5.3 Destruction of personal information
Generally we will destroy personal information we no longer need for the purposes for which we collected it, or for the purposes of fulfilling our legal obligations.
However, we do maintain some personal information, such as past transactions for our accounting and audit requirements.
Alternatively, a copy may be requested from the Privacy Officer.
7. Contacting our Privacy Officer
St John Ambulance Australia TAS has appointed a Privacy Officer to:
· address compliance with the Privacy Act generally;
· address concerns about the manner in which St John Ambulance Australia TAS collects, uses and discloses personal information; and
· handle any complaints about an alleged breach of the Privacy Act by St John Ambulance Australia TAS
Any complaints about an alleged breach of the Privacy Act must be made in writing to the Privacy Officer at the contact details set out below. St John Ambulance Australia TAS Inc. aims to respond to any requests for access and queries (or complaints) at first instance within 30 days of the date of receipt of the request or query (or complaint).
Please contact our Privacy Officer by email at firstname.lastname@example.org or write to us:
177 Main Rd, Moonah TAS 7009
If you are not satisfied with the manner in which we have handled your request, enquiry or complaint, you are entitled to contact the Australian Privacy Commissioner by telephone on:
1300 363 992 or by email: email@example.com.
More information about Privacy Act and the APPs is available from the Office of the Australian Information Commissioner at www.oiac.gov.au.