Our commitment to privacy
Compassion Australia respects and values our supporters and volunteers and the children we serve. We are committed to managing your personal information responsibly in accordance with the Australian Privacy Principles under the Privacy Act 1988 and other applicable laws. This policy sets out our policies for collecting, storing, using, and disclosing your personal information, and the part you can play to protect your privacy.
In this policy, “we”, “our” and “us” refers to Compassion Australia and, subject to the following paragraph, “you” refers to any person about whom we collect personal information. This policy does not apply to our acts and practices directly related to an employee record held by us relating to an employee or former employee, where those acts and practices are exempt from the Australian Privacy Principles.
What kinds of information do we collect about you?
We will only collect personal information about you that is reasonably necessary for the purposes referred to in the following sections of this policy.
The types of information we will usually collect including the following –
(a) your name, email, postal address, telephone number and other contact details,
(b) information associated with your web browsing, email, text messaging, social media or other electronic interaction, including your username and social media profile handle,
(c) records of your dealings with us, including by telephone (which may include, with your prior consent, a recording of a telephone conversation) or email, or your interactions with us via social media,
(d) your preferences about how we communicate with you, and the nature of the information we send you, and
(e) your responses to any surveys we conduct or questionnaires we ask you to complete.
We may collect additional information about you depending upon the nature of the interactions we have with you. Examples of the additional information we may collect include –
(f) if you are a supporter or potential supporter –
• your financial payment details, and
• information such as your gender, age, date of birth or other demographic information and, in the case of a supporter, information about your church membership, and
(g) if you participate in an event or in an interview with us which is recorded electronically, your image, video and sound recordings,
(h) if you propose participating in a field trip (for example, visiting a sponsored child or a project), sensitive information such as your medical information and the results of background checks (such as police checks or working with children checks) and other reference checks about you we think are necessary to undertake,
(i) if you apply to work with us (including as a volunteer) –
• information that we reasonably need to consider your application, such as information about your qualifications, work history and experience, and
• the results of background checks (such as police checks or working with children checks) and other reference checks about you we require.
We may collect personal information about children (for example, when children contact us or participate in an event we conduct or are involved with). Where children do not have sufficient maturity and understanding to consent to our collection of their personal information, we will require their parents or guardians to consent on their behalf.
You can decline to give us any personal information we ask for, but that may mean we cannot provide you with some or all of the services you have requested. If you have any concerns about the personal information we ask for, please let us know.
How we collect personal information?
We usually collect personal information directly from you. We may collect and update your personal information over the phone, by email, over the internet or social media, or in person.
If it is unreasonable or impractical for us to collect personal information from you, we may collect it from other parties who have obtained it from publicly available sources or have obtained it from you and have your permission to give it to us. An example is where we engage an external service provider who provides services to you at our request and in so doing collects your personal information which, with your permission, it provides to us for the purposes set out in this policy.
Except as otherwise allowed by law, we will only collect sensitive information about you with your consent.
Why do we collect personal information and how do we use it?
We collect your personal information and use it to enable us to deal with you more efficiently and effectively and meet your needs. We also collect your personal information to improve what we do and meet other organisational requirements.
Specifically, we will use your personal information for the following purposes –
(a) to verify your identity when you contact us,
(b) to send you important information, such as information about a child or program you support, and receipts for donations you make,
(c) to plan, promote and administer our activities, appeals and events, and send you information about them,
(d) to organise and manage events or activities in which you will participate (such as field trips),
(e) to respond to your requests for information and other general enquiries
(f) to receive and manage any complaint you may make,
(g) to gather your feedback about the services we provide and how they can be improved,
(h) to undertake research, and develop and expand our services,
(i) to teach and train our staff, volunteers, contractors or other workers,
(j) to recruiting staff (including volunteers),
(k) to facilitate proper governance processes such as risk management, incident management, compliance monitoring or external audit,
(l) to enable us to satisfy our legal obligations, comply with applicable laws and meet the requirements of relevant regulators and accrediting bodies, and
(m) for such other purposes as we may advise you in writing from time to time. You can choose not to provide use with your personal information, and you can remain anonymous or use a pseudonym in your dealings with us where it is lawful and practicable for you to do so (for example, when making a general enquiry). However, generally, it is not practicable for us to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect personal information about you, you may be unable to utilise our services or participate in our events, programs or activities.
How do we interact with you via the internet?
You can visit our website (www.compassion.com.au) without identifying yourself. If you identify yourself (for example, by providing your contact details in an enquiry), any personal information you provide to us will be managed in accordance with this policy.
You can use the settings in your browser to control how your browser deals with cookies. However, in doing so, you may be unable to access certain pages or content on our website.
Our website may contain links to third-party websites. We are not responsible for the content or privacy practices of websites that are linked to our website.
We also use website pixels which monitor how you have engaged with our website and allow us to distribute information through online advertising which may be of interest to you through your digital browsing and social media use. You can use the settings in your social media account and web browser to control the use of pixels.
How do we hold information?
We store information in paper-based files or other electronic record keeping methods in secure databases (including trusted third-party storage providers based in Australia and overseas). Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and from unauthorised access, modification or disclosure.
We maintain physical security over paper and electronic data stores, such as through locks and security systems at our premises. We also maintain computer and network security, for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to our computer systems.
Secure Socket Layer (SSL) encryption is used when collecting or transferring credit card information via the internet and reasonable measures are taken to comply with the Payment Card Industry Data Security Standard.
Otherwise, our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Users of our websites are encouraged to exercise care in sending personal information via the internet.
We take steps to destroy or de-identify information that we no longer require.
Do we use your personal information for marketing?
We may use or disclose your personal information to inform you about our services, upcoming appeals and events, or other opportunities that may interest you. If you do not want to receive marketing communications, you can opt-out at any time by using the opt-out option in the communication we send you, by contacting us using the contact details below or, in an appropriate case, use the settings in your social media account and web browser to control the use of pixels.
If you opt-out of receiving marketing material from us, we may still contact you about our ongoing relationship with you.
Do we disclose your personal information to other people?
We engage third parties to perform a range of administrative, management and operational functions for us. For example, we may engage contractors and service providers to provide us with services such as –
• data collection, processing, analysis and storage (including cloud storage),
• provision of a call-centre,
• secure hosting of credit card information,
• event management and hosting,
• market research and supporter stakeholder satisfaction surveys,
• payroll and payment services,
• information technology services and support, including website maintenance / development,
• printing, archiving, mail-outs.
We will only disclose your personal information to these contractors and service providers where it is required to enable them to provide services to us. We will take reasonable steps to ensure that those contractors and service providers do not breach the Australian Privacy Principles in relation to your personal information.
We may also disclose your personal information to a third party if required –
(a) to manage risk, liabilities and claims (for example, liaising with insurers and legal representatives),
(b) to obtain advice from consultants and other professional advisers, or
(c) to meet our legal obligations.
Do we disclose your personal information overseas?
By reason of the nature of our ministry and our international affiliations, we work with organisations and contractors and service providers who are located outside Australia.
We may disclose your personal information to affiliated organisations located outside Australia, including affiliated organisations in the United States of America and the countries in which we support development programs or undertake field trips.
We may use such services such as overseas or cloud-based data hosting facilities and overseas call-centre facilities, which result in personal information being transferred to, used, or stored at a location outside Australia including, but not limited to, Japan, Philippines, Singapore and the United States of America.
Unless we have your consent, or an exception under the Australian Privacy Principles applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.
How can you access or seek correction of your personal information?
You are entitled to access the personal information we hold about you. This can be done on-line via your MyAccount or by request to us using the contact details below. If you request to access your data or seek correction of it, we may need to verify your identity before acting on your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. You can help us do this by updating your personal information online via your MyAccount or by letting us know if you notice errors or discrepancies in the information we hold about you or if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
We may decline your request to access or correct your personal information in certain circumstances in accordance with the Australian Privacy Principles. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.
If you wish to request the deletion of your personal information please contact us by using the contact details set out below. We will delete your personal information (or, in the alternative, de-identify it) if required by the Australian Privacy Principles or, otherwise, in our discretion. We will provide you with written notice about the action taken in response to your request and explain our reasons (if required).
What should you do if you have a complaint about the handling of your personal information?
You may make a complaint about privacy to us by contacting our Privacy Officer by way of the contact details set out below.
We will first consider your complaint to determine if there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
If you are not satisfied with our response to your complaint, or you consider that we may have breached the Australian Privacy Principles or the Privacy Act, you can make a complaint to the Office of the Australian Information Commissioner. The Office of the Australian Information Commissioner can be contacted by telephone on 1300 363 992 or by using the contact details on the website www.oaic.gov.au