Privacy Policy
Privacy policy
Policy statement
The Board of Disability Sport & Recreation (DSR Board) is committed to protecting the privacy of personal information which the organisation collects, holds and administers. Personal information is information which directly or indirectly identifies a person.
Purpose
The purpose of this document is to provide a framework for Disability Sport & Recreation in dealing with privacy considerations.
Policy
Disability Sport & Recreation collects and administers a range of personal information for the purposes of membership management, sporting and recreation programs and fundraising. The organisation is committed to protecting the privacy of personal information it collects, holds and administers.
Disability Sport & Recreation recognises the essential right of individuals to have their information administered in ways which they would reasonably expect – protected on one hand and made accessible to them on the other.
These privacy values are reflected in and supported by our core values and philosophies and also reflected in our Privacy Policy, which is compliant with the Privacy Act 1988 (Cth).
Disability Sport & Recreation is bound by laws which impose specific obligations when it comes to handling information. The organisation has adopted the following principles contained as minimum standards in relation to handling personal information.
General
Disability Sport & Recreation (DSR, we, our) is committed to protecting the privacy of the personal information and sensitive information which it holds and collects.
This policy sets out how we collect, use and manage personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and other privacy laws (including the Health Records Act 2001 (Vic) (Health Records Act)).
This privacy policy sets out how we comply with our obligations under the applicable privacy legislation regarding the collection, use, disclosure, storage, security and access of the personal information of users of websites owned and operated by DSR, consumers, customers, students, donors, members, volunteers, job applicants and staff.
Definitions
In this policy, the following definitions apply:
‘health information’ means:
- information or an opinion about:
- the physical, mental or psychological health (at any time) of an individual
- a disability (at any time) of an individual, or
- an individual’s expressed wishes about the future provision of health services to him or her
- a health service provided, or to be provided, to an individual, and
- any other information which is defined as ‘health information’ in the Health Records Act.
‘personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not, and
- whether the information or opinion is recorded in a material form or not.
‘sensitive information’ is:
- personal information or an opinion about and individual’s:
- racial or ethnic origins
- political opinions or political associations
- philosophical beliefs or religious beliefs or affiliations
- membership of a professional or trade association or a trade union
- sexual preferences or practices, or
- criminal record
- health information about an individual
- biometric information or templates, or
- genetic information about an individual that is not otherwise health information.
‘you’ and ‘your’ refer to each and every individual whose personal information we may handle from time to time.
Consent
By electing to use DSR’s website and services, you will be deemed to consent to us using your personal information and health information in a manner consistent with this privacy policy.
Collection of personal information
We will only collect personal information that is reasonably necessary to deliver our services and conduct one or more of our functions or activities.
We may collect the following types of personal information:
- your name, address and contact details (for example phone, email and fax)
- details for next of kin or emergency contact
- details of your social and familial relationships
- health information
- donor number
- photographs, video recordings and audio records of you
- payment details (for example credit card details)
- incisive data relating to your activities on our website (including IP addresses) via tracking technologies such as cookies, web beacons and measurement software, and
- any other information relevant to the relationship of the individual with DSR.
Where possible and practicable, you have the option to deal with us anonymously or use a pseudonym. If you choose to deal with us anonymously or the personal information you provide to us is incomplete or inaccurate, we may not be able to provide our services to you effectively.
For our employees and volunteers, we may collect additional relevant information including:
- information contained in resumes
- educational details, academic and other transcripts
- employment history, skills and background checks
- references from past employers and referees
- information collected during the interview or assessment
- process, and
- personal information required to make payments, such as bank account details, tax file number and superannuation details.
If you are an employee, contractor or representative of an organisation or educational institution that we deal with, we may also collect:
- your job title or details of your role within the organisation
- your contact details at the organisation (such as your office phone number or email address), and
- any other information necessary to manage and administer our relationship with you as a representative of your organisation or institution.
Collection of sensitive information
We only collect your sensitive information (including health information) with your express consent and to the extent that information is reasonably necessary for one or more of our functions or activities.
This information includes:
- details of a complaint, and
- health and wellbeing information where relevant to the services or the performance of the duties sought by the individual.
For our employees, contractors and volunteers, we may collect sensitive information such as:
- membership of a political, professional or trade association or trade union
- criminal record, and
- health information (such as medical history, dietary requirements, allergies, medication requirements, medical diagnoses, medical plans (such as for asthma, epilepsy or anaphylaxis), your Medicare number, Health Care Card details, private health insurance details and ambulance membership.
Methods of collecting personal information
Our preference is to collect your personal information directly from you unless it is unreasonable or impracticable for us to do so.
Personal information will generally be collected from the following sources:
- the provision of our goods and services
- your use of any websites owned and operated by DSR
- any member intake forms we provide to you
- donations to DSR through our websites (for example through online donation forms) or personnel (for example donation envelopes)
- subscriptions to our newsletters and email correspondence
- contact with us or our service providers for any reason including, but not limited to, reporting a problem with our websites, requesting further information or seeking our assistance
- interactions with our personnel and contractors (including via the phone or internet or face-to-face), and
- though our campaigns and purchased lists.
We will only collect your personal information from third parties (such as authorised representatives, relatives, organisations or health service providers) where:
- you have consented to such collection
- collection is necessary to provide you with appropriate health care services, or
- it is legally permissible for us to do.
Information collected on our website
In common with many websites, we may collect aggregated information which tells us about visitors to the DSR website but not the identity of those visitors. For example, we may collect information about the date, time and duration of visits and which pages of the DSR website are most commonly accessed.
This information is used by us to help to administer and improve the DSR website.
The DSR website may use ‘cookies’. A cookie is a packet of information placed on a user’s computer by a website for record keeping purposes.
Cookies are generally used on DSR websites to:
- access online services – if you visit a DSR website and log into our secure areas we will use cookies to enable us to authorise your access and save your preferences, and
- monitor traffic – we use Google analytics to gather anonymous information about how people are using the DSR website. This information includes times of visit, pages visited, and some system information about the type of computer you are using. We use this information to enhance the content and services offered on the site.
You can configure your browsers to accept all cookies, reject all cookies, or notify you when a cookie is sent. Each browser is different, so check the ‘help’ menu of your browser to learn how to change your cookie preferences.
If you disable the use of cookies on your web browser or remove or reject specific cookies from DSR website or linked sites, then you may not be able to gain access to all of the content and facilities on those websites.
Purposes of collection
Purposes for which we may collect personal information include, but are not
limited to:
- providing our services
- promoting, marketing and advertising our services
- educating individuals on the benefits that disabled people can gain from sport and recreation
- collecting and processing funding and donations for our various activities
- investigating and responding to an enquiry or complaint, and
- optimising and tailoring our services to your specific needs.
Use of personal information
We may use or disclose your personal information for purposes connected with the primary purpose of collection, or a reasonably related secondary purpose (or a directly related secondary purpose in the case of health information and sensitive information) which we believe you should reasonably expect.
Secondary purposes might include disclosure to third party contractors (including outsourced and cloud service providers) who may be unable to avoid accessing personal information in the course of providing technical or other support services to us.
We may disclose your personal information to the following third parties for the purposes described in this policy:
- service providers, contractors and suppliers who provide services on our behalf
- allied sporting and recreational entities
- entities that we have partnered with to provide our services
- medical and health care professionals, and
- journalists, reporters or other media professionals with whom we are working to promote specific programs, services or activities.
We may also disclose your personal information with your consent or where required or authorised by law.
Direct marketing
We will not use or disclose your personal information for the purposes of direct marketing to you unless:
- you have consented to receive direct marketing materials
- you would reasonably expect us to use your personal information for this purpose, or
- we believe you may be interested in the material but it is impractical for us to obtain your consent.
In every instance, we will ensure that our direct marketing material incorporates an option for you to elect to no longer receive such communications (i.e. opt-out provision).
Security of personal information
We will take reasonable steps to protect personal information from misuse, interference and loss, unauthorised access, modification or disclosure.
Personal information held by us is stored electronically in secure databases, or where retention of hard copy documents is required, in secure filing systems.
Only authorised DSR personnel are provided with access to an individual’s personal information.
Where personal information is no longer required by us, or where required by law, we will securely destroy or de-identify information in accordance with legal requirements for retention and disposal.
When using our website you should be aware that no data transmission over the Internet can be guaranteed as totally secure. Although we strive to protect such information, we do not warrant the security of any information that you transmit to us over the Internet and you do so at your own risk.
Openness
From time to time, we may change our policy on how we handle personal information or the types of personal information which we hold.
Any changes to our policy will be published on our website.
You may obtain a copy of our current policy from our website or by contacting us on the details below. It is your responsibility to check the website from time to time in order to determine whether there have been any changes.
Access and corrections
We will take reasonable steps to ensure that the personal information which we collect remains accurate, up to date and complete.
Individuals may request access to the personal information we hold about them. Where reasonable and practicable to do so, and in accordance with the provisions of the Privacy Act, we will provide supervised access to an individual’s personal information.
Requests to access personal information must be made in writing, either by email or hard copy. Corrections or updates to personal information supplied by consumers or their authorised representatives must be made by the individual or their authorised representative.
In all cases, our staff must be satisfied changes are authorised by the individual in question. Requests to change personal information supplied by consumers or their authorised representative will be actioned as a priority.
There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in actually providing you with access.
We will respond to all requests for access and/or correction within a reasonable time.
Use, adoption or disclosure of government related identifiers
We will not use, adopt or disclose an identifier assigned to an individual by a Commonwealth agency unless required to by law or where reasonably necessary and in accordance with the Privacy Act.
Notification
When collecting personal information directly from an individual, we will take reasonable steps to notify, or otherwise ensure that the individual is aware that this privacy policy provides information about how to access and seek correction of the personal information, and about how to lodge a complaint.
If we collect personal information from someone other than the individual, or the individual may not be aware that the organisation has collected the personal information, reasonable steps will be taken to notify the individual, or otherwise ensure that the individual is aware that we collect or have collected the information of the circumstances of the collection.
This includes:
- from whom the information was collected, and
- the law under which we collected the information, and
- to whom we may disclose the information, and of the consequence of us not collecting the information.
Complaints and enquiries
We take all complaints seriously. If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should advise us via the contact details below.
Contact information
33-37 Hotham Street
Collingwood, VIC, 3066
Telephone: (03) 9473 0133
Email: info@dsr.org.au
If you remain unsatisfied with the way in which we have handled a privacy issue, we suggest you approach an independent advisor or contact the Office of the Australian Information Commissioner for guidance on alternative courses of action which may be available.
We will provide our full cooperation in the event that you elect to pursue this course of action.
Enquiries and privacy complaints
If you would like further information about the way Disability Sport & Recreation manages the personal information it holds, please contact the Privacy Officer.
If you have any concerns, complaints or you think there has been a breach of privacy, then also please contact the Privacy Officer who will first deal with you usually over the phone.
If we then have not dealt satisfactorily with your concerns, we will meet with you to discuss further.
If you are not satisfied with our response to your complaint within 30 days from this meeting then you can refer your complaint to the Office of the Australian Information Commissioner.
Contact information
Email: enquiries@oaic.gov.au
Telephone: 1300 363 992
Fax: (02) 9284 966
Legislation and industrial instruments
The following legislation is relevant to this Policy:
- Privacy Act 1988 (Cth)
- Health Records Act 2001 (Vic)