Your privacy is important to us. We want to ensure that you know what information we collect about you, how we store it and use it.
Hello Sunday Morning (“HSM”) (ABN 82 145 512 125) is a non-profit organisation. HSM is committed to protecting and securing the privacy and confidentiality of your Personal Information.
“Personal Information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether the information is recorded in a material form or not.
The types of Personal Information collected by HSM may include:
- The names, contact information and financial information of our individual donors and funders;
- Details of donors’ donation history and correspondence or interactions with HSM;
- The names, contact information and employment, work experience and academic history of potential staff and directors, interns or volunteers;
- The names and email addresses of people who subscribe to our weekly newsletter;
- Contact details of people who have agreed to participate in research, HSM events or marketing campaigns.
In addition, we may also collect and hold Sensitive Information about our employees, directors, interns and volunteers.
“Sensitive Information” includes information or opinion about an individual’s racial or ethnic origin, political opinion, religious belief or affiliations, philosophical beliefs, professional or trade union membership; sexual orientation or criminal record, or Health Information.
“Health information” (which is also ‘Sensitive information’) is (a) information or an opinion about: (i) the health or a disability (at any time) of an individual; or. (ii) an individual’s expressed wishes about the future provision of health services to him or her; or any other Personal Information about you when a Health Service Provider collects it.
“A Health Service Provider” is an organisation that provides a health service and holds health information is covered by the Privacy Act 1988 (Privacy Act), even if they’re a small business or providing a health service is not their primary activity.
How we collect Personal Information
We usually collect your Personal Information directly from you when you provide it over the phone, through the HSM website, through an online form, web-based survey link, or in person at any event, or via a donation.
You can remain anonymous or use a pseudonym when you contact us and/or if you make a donation. However, if you choose not to provide us with your Personal Information, we may not always be able to follow up your request. For example, if you do not provide us with Personal Information, such as your name and contact details, we may not be able to provide you with an official tax-deductible receipt or assist you fully in relation to your query or complaint.
HSM provides products and services for adults only (i.e., only individuals 18 years of age or older). We do not knowingly collect or solicit Personal Information from children (i.e. individuals younger than 18 years of age). If you are a child, please do use HSM’s services or products or send any Personal Information about yourself to us. If we learn that we have collected the Personal Information of a child, we will delete that information as quickly as possible. If you believe a child may have provided us with Personal Information, please contact us at email@example.com
Cookies, our website and your privacy
So we can understand how you came to the HSM website and related social media platforms (eg facebook; twitter) and how you use it, we rely on cookies provided by third parties. This enables us to assess the effectiveness of our online activity to encourage participation in our products and services (eg DAYBREAK, HSM events). We may also use your browsing history on the HSM website to send related messages on our work or for research purposes. Cookies do not reveal Personal Information, such as your name, address, phone numbers or email address. You can adjust your browser to disable cookies, but this may restrict your ability to access certain areas of the HSM website.
How we store your Personal Information
HSM understands the importance of protecting your Personal Information from misuse, loss or unauthorised access or use and will take all reasonable steps to ensure that your Personal Information is secure.
HSM holds your Personal Information securely through physical and electronic means. Physical access to our offices is restricted and is secured by an alarm. Personal or Sensitive information of past, current or potential directors, employees, and any volunteers or interns is stored electronically with access restricted to specific HSM human resources department employees. Personal Information regarding individual donors is stored in a secure third-party payment gateway with access restricted to HSM’s finance personnel.
We use security encrypted forms to protect the Personal Information you provide us electronically and secure online payment systems. Our in house IT system is secured with a firewall and anti-virus scanners and your information is stored in secure data bases on a third party server located in Australia and only authorised HSM personnel have access to your information and only when it is required for them to perform their duties.
Cross border disclosure of Personal Information
As is the case with many organisations, HSM uses third party software for payroll, donation processing and other organisational functions. If the software provider is not located in Australia and subject to Australian privacy laws, we seek to use software that is password protected, has two step authentication and uses security encryption, particularly for financial information and to minimise the amount of identifiable information we export into these systems Access to these sites on behalf of HSM is limited to a restricted number of HSM personnel who are required to access and use the information as part of their employment duties.
We endeavour to store your information and use software solutions and suppliers hosted or located in Australia, to provide some certainty regarding the privacy laws which apply to any Personal Information you provide to us. However, if you are using our website and are located outside Australia, we store and process information outside your country and may process information using software from third parties located outside Australia (e.g., the United States of America). You acknowledge and agree that as a condition of providing us with your Personal Information, you can legally transfer it to Australia (if you are located outside Australia) and to any other country (if you are located within Australia or a country other than the location of our third party software providers).
Where there is a need to engage suppliers hosted or located outside Australia, HSM will take reasonable steps to negotiate compliance with Australian privacy laws and if that is not possible to ensure that the supplier provides contractual assurances that it complies with its country’s privacy laws. In addition, HSM will seek to ensure that the contract it enters into with suppliers documents:
- the type of Personal Information to be disclosed by HSM to the supplier and the restricted purpose of disclosure;
- the supplier’s obligations in relation to collection, use, disclosure, storage, destruction or de-identification of Personal Information;
- the supplier’s complaints handling process for privacy complaints;
- the supplier’s data breach response plan which includes a mechanism to immediately notify the supplier of Personal Information (e.g. HSM) of the nature of the breach, Personal Information affected and the remedial action taken or to be taken
- provides a mechanism for suppliers of Personal Information (e.g. HSM) to monitor compliance with privacy laws.
When do we destroy or de-identify Personal Information?
HSM will destroy or de-identify your Personal Information when it is no longer required for the purpose for which it was collected, unless the law requires otherwise (for example, financial records may be required to be kept for up to 7 years).
What do we do with unsolicited Personal Information?
If you send us your Personal information when we don’t ask for it (e.g. an application to work for a job with HSM, when we have not sought applicants), we will determine whether or not the information is related to one or more of our activities and seek your permission to retain it for that purpose. If the information is not relevant to any of our activities, we will destroy or de-identify the Personal Information, if it is lawful and reasonable to do so.
How we use your Personal Information
We use your Personal Information to carry out our HSM charitable activities, which may include:
- Retaining your details if you are a current, potential or past member of our Board of Directors, employee, volunteer or intern;
- Processing any donations you send to us
- Sending you information about HSM
- Keeping your informed about our work, research activities, inviting you to events or to contribute information about your experience on DAYBREAK or with other Hello Sunday Morning services and products
- Responding to your queries, complaints, comments or compliments
- Sending you surveys to help us improve our communication, services, events, research, quality assurance or other related activities
- Reporting on our activities, including our Annual Report
We may contact you via phone, email, SMS, social media channels (eg facebook) or DAYBREAK (if you are a Member).
HSM relies on the generosity of our funding partners and donors to carry out our activities and provide services and products, such as DAYBREAK. Therefore, we may use your Personal Information for direct marketing purposes to promote our upcoming events, fundraising appeals, or other related activities. However, where we do use your information for this purpose we will provide you with a simple means to OPT OUT of receiving direct marketing communications.
If you wish to opt-out of communications that we provide in all our digital communications you can click on the unsubscribe link or simply email firstname.lastname@example.org with the subject heading OPT OUT.
Disclosing your Personal Information to third parties
We do not sell your Personal Information to third parties.
HSM will only use and disclose your Personal Information in accordance with the Privacy Act and the Australian Privacy Principles. This may include where use or disclosure is required by law, where we have your consent to the use or disclosure (e.g. to third parties for research) or for the purpose for which it was collected or related purposes that you would reasonably expect HSM to use or disclose that Personal Information. It is our intention however to restrict the disclosure of identifiable information (i.e. Personal Information) and instead use de-identified information.
HSM will not disclose your Personal Information to any individuals or organisations apart from our own hired contractors and service providers that have been engaged on the condition that they treat such information on a confidential basis and comply with similar or equivalent privacy principles to those applicable to HSM.
Accuracy & Deletion of Personal Information
The accuracy of your Personal Information kept by HSM, depends on what information you provide to us. To assist us in keeping any Personal Information about you up to date, please contact us by emailing email@example.com. Even if you don’t contact us, if we are satisfied that having regard to the reasons for which we hold your Personal Information, that it is no longer accurate, irrelevant or misleading, and we are not otherwise required to retain it by law or for legal reasons, we may take reasonable steps to correct or discard the information.
Access, Updating and Correction of Personal Information
You have the right to access, update and correct Personal Information that HSM holds about you. Any such requests should be made by emailing firstname.lastname@example.org; or posting a letter to 3/487 Elizabeth St, Surry Hills NSW 2010. Please note we will need to verify your identity to establish that the Personal Information you wish to access, amend or update is your Personal Information. In the unlikely event that we are unable to comply with such a request in relation to your Personal Information, we will provide you with written reasons for denying access.
Queries and complaints
HSM wants to hear from you. Any enquiries, concerns or complaints about privacy matters should be made in writing to the HSM Privacy Officer at (email@example.com) or 3/487 Elizabeth St, Surry Hills NSW 2010. We will respond to all your enquires as quickly as practicable. In general we will respond to your query or complaint within 30 calendar days (excluding NSW public holidays https://www.nsw.gov.au/about-new-south-wales/public-holidays/), normally much sooner. If you prefer to deal with us anonymously, you can but we may not necessarily be able to deal with your query or complaint if your identity is required to locate the relevant information to respond to your query or complaint.
If you are not satisfied with how we have responded to your query or complaint, you may wish to contact the Office of the Australian Information Commissioner at 1300 363 992.
Please contact us if:
- You want to access, amend, delete or update your Personal Information held by us;
- You have concerns that your privacy has been breached by HSM or you wish to make a complaint.
- You have concerns that there are security vulnerabilities in our systems, and you wish to report it.
You may contact us by:
- Writing to Hello Sunday Morning 3/487 Elizabeth St, Surry Hills NSW 2010
- Emailing our privacy officer: firstname.lastname@example.org
- Telephoning 1300 403 196, [between 9am and 5pm, Monday to Friday, Australian Eastern standard time] and asking for the Privacy Officer.