This Policy establishes the overarching principles and commitment to action by the CFS Foundation with respect to managing the personal information of its clients and users (individuals). It sets the level of responsibility and actions required within the CFS Foundation.
PERSONAL INFORMATION WE COLLECT AND HOLD
Depending on the nature of the product or service that individuals request or receive from the CFS Foundation, the types of personal information that we may collect include:
- Contact details (including email address, landline and mobile phone numbers)
- Date of birth
- Employment (name, position held, address, email address, landline and mobile phone numbers)
We may also collect the following information depending on the product and service we provide:
- Credit card details;
- Bank account number;
- Other information as required by the Anti-Money Laundering Counter-Terrorism Financing Act 2006
When an individual uses the CFS Foundation website, we may collect statistics on the number, date and time of visits, the number of pages viewed and the manner in which the user navigates through the site and may also collect information about an individual’s use of our products and services. When an individual calls, we may collect statistics on the number, date and time of calls, the manner in which the individual navigates through our telephone system.
HOW WE COLLECT AND HOLD THE PERSONAL INFORMATION
If it is reasonable and practical to do so, we will collect personal information directly from the individual or from their application form or via telephone or web. How we collect an individual’s personal information will depend upon how they interact with us. There are occasions on when we may need to collect an individual’s personal information from third parties, with or without their direct involvement. Depending on the nature of the product or service requested or received, the types of persons or organisations from which we may collect personal information include an individual’s personal contact details, employer, market research organisations, third party brokers, credit reporting agencies, government agencies, an individual’s representatives, advisers and other organisations, who jointly with us, provide services to an individual whom also engages with the CFS Foundation.
If the CFS Foundation receives personal information that we did not solicit, the CFS Foundation will within a reasonable period after receiving the information, determine whether or not we could have collected the information had
the CFS Foundation solicited the information. If the CFS Foundation determines that we could not have collected the personal information and the information is not contained in a Commonwealth record, the CFS Foundation will, as soon as practicable but only if it is lawful and reasonable to do so, destroy the information or ensure that the information is de-identified.
At or before the time or, if that is not practicable, as soon as practicable after, the CFS Foundation collects personal information about an individual, the CFS Foundation will take such steps (if any) as are reasonable in the circumstances, to notify the individual of:
- The CFS Foundation’s identity and contact details if:
- The CFS Foundation has collected an individual’s personal information from someone other than the individual; or
- The individual may not be aware that the CFS Foundation has collected the personal information;
- The fact that the CFS Foundation collects, or has collected, the information and the circumstances of that collection, eg. by a recorded telephone message or through verbal notification on incoming and outgoing calls;
- The purposes for which the CFS Foundation collects the personal information.
- The main consequences (if any) for the individual if all or some of the personal information is not collected by the CFS Foundation;
- Any other entity, body or person, or the types of any other entities, bodies or persons to which the CFS Foundation usually discloses personal information of the kind collected by the CFS Foundation;
- This Policy containing information about how the individual may access the personal information about them that is held by the CFS Foundation and seek the correction of such information;
- The CFS Foundation policy containing information about how the individual may complain about a breach of the APP s and how the CFS Foundation will deal with such a complaint; and
- Where the CFS Foundation is likely to disclose the personal information to overseas recipients.
The CFS Foundation will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that we collect, use or disclosure is accurate up-to-date complete and relevant.
Where the CFS Foundation holds personal information, we will take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorized access, modification or disclosure. We have implemented procedures and systems designed to protect individuals’ personal information from loss misuse, unauthorized access or disclosure, alteration or incidental destruction.
When personal information is stored in our systems they are protected from unauthorized access by the use of various protection mechanisms. Only employees of the CFS Foundation and those who perform services on our behalf are authorized to handle or have access to personal information. Our employees are bound by both our employment policies and by confidentiality clauses in their employment agreements. Those who perform services on our behalf are also bound by the same or substantially similar Privacy Principles. Paper documents are protected from unauthorized access or use through the various security systems that we have implemented over our physical premises.
When an individual visits our website, whenever they submit information which may be considered private, we use forms protected by Secure Socket Layer (SSL) encryption technology. When we capture your personal information it is encrypted and passed to our server to ensure it is protected over the internet. Information that we collect as to the activity on our website through the use of ‘cookies’ may identify an individual. This information is only used to validate access to the respective website and for other purposes noted above.
When browsing our website, individuals acknowledge that the internet is not always a secure environment and that the computer and network used contributes to the overall level of effective protection in place.
Individuals further acknowledge that any transmission of information over the internet is out of our control before it reaches our system. Only once we receive an individual’s transmission we can take reasonable commercial steps to ensure its security. We cannot guarantee the policies and procedures of any other websites that may be linked from our website. They may or may not comply with the same privacy standards that we do and, therefore, you should take care to evaluate their particular privacy standards and procedures as needed.
Where the CFS Foundation holds personal information about an individual and:
- We no longer need the information any purpose for which the information may be used or disclosed by the CFS Foundation under this policy;
- The information is not contained in a Commonwealth record; and
- The CFS Foundation is not required by or under the Australian law; or a court/tribunal order, to retain the information.
The CFS Foundation will take such steps as are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
PURPOSES OF COLLECTION, HOLDING, USE AND DISCLOSURE OF PERSONAL INFORMATION
CFS Foundation will only collect personal information that is reasonably necessary for the CFS Foundation’s functions. We use this information to perform our core business functions. Primarily, we will use an individual’s personal information provide them with the product or service that they have requested and the administration of that product or service. We may also use the information to:
- Develop new products services or fundraising campaigns;
- Conduct our internal administration and operations (such as accounting, risk management, record keeping, statistical analysis, marketing, research, planning, systems development, testing and staff training);
- Conduct client satisfaction surveys; and
- Inform individuals about the activities of the CFS Foundation or our related partners. If personal information is not provided, we may not be able to provide individuals with their requested product or service.
The CFS Foundation holds personal information for the purposes of performing the noted uses on an ongoing basis.
Use and Disclosure
The CFS Foundation may need to disclose individuals’ personal information to another personal or organisation, where that information was collected for a particular purpose (the primary purpose). We will only disclose individual’s personal information, however, where we are allowed to or obliged to do so by law or where we have the individual’s express and implied consent. An individual gives express consent when they clearly and unmistakably state so when speaking to us or in writing. Implied consent is where we have reasonably assumed an individual has given consent from their behavior. Consent to use this information is implied by the individual’s action or continuing with the call. Where we disclose individuals’ personal information to organisations that perform specific essential services for us, we limit this disclosure to the information that they need to perform the required service.
These organisations or contractors are bound by the same or a substantially similar policy as the CFS Foundation. They are only given the right to use the personal information for the specific service or function that they are performing and cannot legally provide or use this information for any other purpose. Depending upon the products or service that individuals have required, we may exchange information about an individuals with, such as:
- Our agents, contractors and external service providers;
- Regulatory bodies, government agencies and law enforcement bodies;
- Financial institutions;
- Credit reporting agencies;
- Debtors collecting agencies;
- Payment systems operators;
- Agents acting on an individual’s behalf, including legal or financial advisers;
- An individual’s executor, administrator, trustee, guardian or attorney;
- Superannuation funds;
- Other organisations or firms who jointly with us, provide products or services to an individual; and
- In the unlikely event that our organisation is sold to another party, our records of personal information will be transferred to that party. We will take steps so that the information will remain subject to the same privacy protections as when we first obtained the information.
If the CFS Foundation needs to use or disclose the information for another purpose (the secondary purpose), it will only occur in instances where:
- The individual has consented to the use or disclosure of the information; or
- The individual would reasonably expect the CFS Foundation to use or disclose the
information for the secondary purpose and the secondary purpose is:
- If the information is sensitive information – directly related to the primary purpose; or
- If the information is not sensitive information – related to the primary purpose; or
- The use or disclosure of the information is required or authorized by or under an Australian law or a court/tribunal order; or
- The CFS Foundation reasonably believes that the use of disclosure of the information is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.
If an individual believes that CFS Foundation has not complied with its obligations concerning their personal information, we invite them to contact us and lodge a complaint. We will aim to resolve complaints when we are first contacted by an individual. If we cannot immediately resolve it, we will take the following steps:
- Advise the individual who is handling the complaint; and
- Keep the individual informed of the progress with respect or resolution of the complaint.
Please refer to the contact details below:
GPO Box 2468
Adelaide SA 5001
1300 270 278
The CFS Foundation does not operate overseas however if we do disclose personal information to an overseas recipient we will take all reasonable steps to ensure that:
- the overseas recipient is subject to similar privacy laws to Australia and the individual has mechanisms to take action against the overseas recipient;
- we reasonably believe the disclosure is necessary or authorised by Australian law; or
- the relevant individual provided express consent to the disclosure.
AMENDMENTS TO THIS POLICY
The CFS Foundation may amend this Policy from time to time as required by law or in relation to updates to our internal practices. Please ensure that you regularly review this Policy in order to keep apprised of any such amendments which may affect you.
END OF POLICY.