Privacy Policy
September 2018
About this policy
This policy is for the Human Rights Law Centre’s Human Rights Act website only. We have a separate comprehensive privacy policy for the entire organisation available at www.hrlc.org.au
The Human Rights Law Centre (ABN 31 117 719 267) is committed to respecting privacy in compliance with legislation and best practice. This Privacy Policy explains how the Human Rights Law Centre collects, uses, discloses and otherwise handles personal information collected through our Human Rights Act website in accordance with the Australian Privacy Principles (APPs) which are contained in the Privacy Act 1988 (Cth) (Privacy Act) and other relevant legislation such as spam and health records laws.
For the purposes of this policy, ‘personal information’ means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
If you have any questions or feedback about this policy or the way in which the HRLC handles personal information you can contact us on the details below. You can also request a hard copy of this policy using the details below.
Contacting Us
The Privacy Officer
Human Rights Law Centre
PO Box 319, Melbourne VIC 8007
Ph: (03) 8636 4450
admin@hrlc.org.au
What types of personal information do we collect?
The types of personal information that we collect about you will depend on the type of dealings you have with us.
For example, if you:
opt to receive updates about or get involved with Human Rights Act campaign activities, we may collect your name, organisation and contact details and details about the information you access in our publications and notifications;
donate to the HRLC, we may collect your name, email address and address, payment details, amount and frequency of donations, communication preferences, and records of any contact or correspondence you have with us, as well as any interests, opinions or preferences you provide to us;
otherwise engage with Human Rights Act website, we may collect your name, email address, phone number and communication preferences;
What if you don't provide us with your personal information?
In some circumstances we allow individuals the option of not identifying themselves, or of using a pseudonym, when dealing with us (e.g. when viewing our website). Donations may also be made anonymously, but in this case the HRLC may not be able to issue a tax-deductible receipt.
How do we collect personal information?
We collect personal information through the Human Rights Act website when you engage with the site, for example by subscribing for updates or donating.
Why do we collect personal information?
The main purposes for which we collect, hold, use and disclose personal information obtained through this website are:
updating supporters on campaign activities;
asking supporters to take actions to support the campaign;
undertaking campaign advocacy;
processing donations;
seeking donations and managing donor relationships;
disseminating media releases and alerts;
answering queries and resolving complaints;
recruiting volunteers;
evaluating our work and reporting externally to funders;
understanding what motivates supporters to donate; and
understanding which areas of our work supporters, the social media community, and people visiting our website are interested in.
Direct marketing
Direct marketing is the promotion of goods and services directly to you including through emails, phone calls, SMS and hardcopy post. Our direct marketing involves communications such as emails about our work, alerting you to publications such as advocacy reports or our annual report and communications seeking donations to our fundraising appeals.
We may contact you from time to time for the purpose of direct marketing if you have engaged with us in the past and provided us with your contact details (e.g. by subscribing to our newsletters, by making a donation, or by attending one of our events) and have not opted out of receiving communications from us. We may also use the information provided to us to communicate with you via social media.
We will only contact you for the purpose of direct marketing materials if you have consented or you would reasonably expect to receive them. We will clearly identify that the HRLC authorised any direct marking material and we will maintain a simple mechanism to opt out. We will not use your sensitive information for the purposes of direct marketing unless you have given us prior consent.
We may also send direct marketing materials to potential future supporters using information sourced from public directories and partner organisations.
Opting out from receiving our communications
You can opt out from particular email communications, by using the unsubscribe button included in the email.
You can opt out of receiving other communications from us by notifying us of your communication preferences by email at HumanRightsAct@hrlc.org.au, by phone on (03) 8636 4450, or by sending a letter to the Privacy Officer at the address above.
If you receive a marketing call from us, you can opt out from receiving future calls by telling us that you no longer wish to receive these calls.
Who do we disclose your personal information to?
The nature of the services provided by the HRLC means that it may be necessary for us to disclose your personal information to other parties. We will ordinarily let you know who we will disclose your personal information to when we collect the information from you (unless there are practical reasons for not informing you).
Common third parties we might need to disclose your personal information to include:
financial institutions for payment processing;
contracted service providers which include:
information technology service providers;
event organisers; and
marketing, communications, analytics, and research service providers.
In the case of these contracted service providers, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
We normally publish the names of donors who donate over a certain amount in a financial year in our annual report which is published on our website. However, donors can choose to remain anonymous when they donate online by selecting the relevant box on the web form, or by telling us when they donate by cheque or bank transfer.
Cross border disclosures
We may disclose personal information to our contracted information technology service providers that are hosted off-shore.
Storage and security of the information we hold
Supporter and transaction records
The security of your personal information is important to us. We are PCI DSS compliant and use recommended industry standards when storing and dealing with your personal and financial information
The steps we take to secure the personal information we hold include:
website and Salesforce (our cloud-based supporter database software) protection measures including encryption and credit card tokenisation, firewalls and anti-virus software;
access restrictions to our computer systems and mobile devices (such as login and password protection);
secure destruction of hard copy donation forms once the payment has been processed and the data is no longer required;
restricted access to our office premises;
staff training and implementation of workplace policies and procedures that cover access, storage and security of information, including ensuring appropriate care is taken to maintain security of confidential information on our premises (e.g. from visitors, cleaners and staff employed by the other legal agencies we share offices with) or temporarily removed from the premises (e.g. taken to court).
Website security
While the HRLC strives to protect the personal information and privacy of users of our website, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact the HRLC by telephone or post (contact details above).
You can also help to protect the privacy of your personal information by letting us know as soon as possible if you become aware of any security breach.
Third party websites
Links to third party websites that are not operated or controlled by the HRLC are provided for your convenience. The HRLC is not responsible for the privacy or security practices of those websites. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.
Access and correction to personal information
We will take reasonable steps to provide you with access to your personal information. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
We will take reasonable steps to correct your personal information if we are satisfied that it is inaccurate, out of date, incomplete, irrelevant or misleading. If we have provided your personal information to third parties we will also notify them of the correction if you ask us to do so, unless it is impracticable or unlawful.
Requests to access and correct your information should be made by email, post or phone using the details provided above. Note that we will need to verify your identity before processing your request. We will endeavour to respond to your request within 30 days.
If we do not agree with your request to access or correct your information, we will provide you with written reasons for our decision and available complaint mechanisms.
Complaints
If you have a complaint about how the HRLC has collected or handled your personal information, please contact our Privacy Officer using the details provided above.
We will endeavour to respond to your complaint within 30 days of receipt of the Privacy Complaint Form (while complex cases may take longer to resolve, we will keep you updated on the progress of your complaint).
If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Privacy Commissioner, the New South Wales Privacy Commissioner or the Victorian Health Services Commissioner.
Change of Policy
The HRLC may change this Privacy Policy from time to time without prior notice and will update this policy from time to time to ensure its currency and compliance with the Privacy Laws.