Certa Cito Foundation Privacy Policy

Principles

The Certa Cito Foundation (the CCF) is committed to ensuring that an individual’s privacy is respected and always maintained. The CCF is committed to comply with Australian privacy laws and obligations[1] and, where appropriate, other privacy laws such as the European Union (EU) General Data Protection Regulation (GDPR)

The CCF will remain careful to only collect, store or use the information and data that is required for the normal business of the Foundation, and where consent has been provided by the person from whom the information and data is being collected.

The CCF has no intention to share or sell people’s information and data, however if this occurs it will only occur with the individuals express recorded permission. Some personal information of board members will be passed to the appropriate regulatory bodies.

This policy explains the types of personal information that we may collect and hold, how that information is used and with whom the information is shared. It also sets out how you can contact us if you have any queries or concerns about our collection, use or disclosure of personal information, or if you believe we have not complied with this Privacy Policy or the intent of the Privacy Act.

Your Consent

By using this Website, CCF service, application and/or site that references this Privacy Policy, or otherwise providing us directly, or through others, with your personal information, you agree with the terms of this Privacy Policy and consent to collection, use, and disclosure of that information in accordance with this Privacy Policy, the Privacy Act and other applicable privacy laws.

Why do we collect personal information?

The CCF collects personal information for a number of purposes connected with our activities and operations, principally to meet the needs and requests of individuals we engage with and to meet our legal obligations. We also collect information to provide and improve our services, for verification purposes and to manage the CCF membership.

What personal information do we collect and how do we collect it?

The types of personal information we collect may include:

• Contact information, (e.g. name, postal address, email address, phone number and other profile information).
• Personal information supporting the accessibility by members of the CFF online presence, (e.g., preferences, user analytics).

The CCF will also collect information to support the selection of board members and the ongoing maintenance of board appointments. This includes biographical information of board members, Directors’ ID’s as well as the board email list. 

The CCF will collect personal information in a number of ways, including directly from you, when you create an account with us, when you provide it to us or our volunteers, provide feedback to us, submit an enquiry, participate in a survey, apply as a volunteer with us, participate in our governance activities, provide services to us, use our Website, or otherwise engage with the CCF.

Personal information may be collected by way of emails, phone conversations, forms filled out by individuals (including via online forms), feedback, enquires, support requests, video conferencing, face-to-face meetings and interviews.

Sometimes our activities may require us to collect sensitive information. For more details, see the section ‘Sensitive information is subject to greater restrictions’, below.

How will the CCF use and disclose your personal information?

The CCF may use and disclose your personal information for the purposes described in this Privacy Policy, or for related purposes which would reasonably be expected by you, or for purposes to which you have consented, and in other circumstances authorised by the Privacy Act or otherwise required or authorised by law.

Generally, the CCF may use and disclose your personal information for a range of purposes, including to:

• provide you and with our services that you have requested with your name;
• respond to your queries or feedback or provide customer service support;
• provide you with any CCF communications or publications;
• facilitate your participation in forums, and social events;
• facilitate participation in our governance forums and activities;
• analyse and improve all aspects of our business including, but not limited to, our services, our on-line presence, our business systems, processes, outcomes, communication, website, engagement, and performance; and
• authenticate users to enable access to CCF systems.

Disclosure of personal information to other parties

The CCF may disclose your personal information to other support organisations where it is in direct relation to either the CCF functions or where it is expressly requested by you. Your personal information may be shared with government, statutory or regulatory bodies, where there is a legal requirement to do so. Some personal information relating to board appointments is also required to be shared with regulatory bodies (ACNC & ASIC[2]) to meet regulatory requirements. 

We do not sell or license your personal information to third parties.

Sending information overseas

The CCF does not send personal information overseas. Should the need arise, we will not send your personal information to a recipient outside Australia without obtaining your consent or otherwise complying with the APPs.

Sensitive information.

‘Sensitive information’ is personal information about an individual's health, racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or membership of a trade union, among other things.  The CCF does not routinely seek or store sensitive information, however some sensitive information may be gathered when provided by you during the provision of services to individuals.  This information will be managed IAW the APP.

Security and management of personal information

The CCF will take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. The ways we do this include:

• limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities);
• only use third-party providers that demonstrate (through evidence such as third-party attestations) that they have acceptable security measures to keep personal information secure; and
• putting in place physical, electronic, and procedural safeguards in line with industry standards.
• If we no longer require your personal information and are not legally required to retain it, the CCF will take reasonable steps to destroy or permanently de-identify the personal information.

Links from our website to other websites.

Our website may contain links to third party websites. We do not operate these websites and therefore are not responsible for the collection or handling of personal information by the operators of these websites.

Information access, correction, and deletion.

All reasonable steps will be taken to ensure any personal data collected, used, or disclosed is up to date and accurate.  In most instances a review will occur on an annual basis as part of the annual membership renewal process. Where a member advises that personal information needs to be corrected the CCF secretary will correct the information as soon as is practicable.

Member’s requiring access to the personal information held on them, are to address their request to the Certa Cito Foundation Secretary in writing (email or handwritten) who will provide the information to them as soon as is practicable. All requests of this nature are to be recorded by the CCF Secretary and advised to the CCF chair on occurrence and to the board on the next board meeting.

Members who request that their personal information is deleted are to do so in writing (email or handwritten). The CCF Secretary will conduct the deletion by either shredding of hardcopy documents and/or deletion of electronic data. All requests of this nature are to be recorded by the CCF Secretary and advised to the CCF chair on occurrence and to the board on the next board meeting.

Policy Updates

This policy will be reviewed following any changes to the Privacy Act or changes to the information management processes used by the CCF. The most up to date CCF Privacy policy will be that hosted on the CCF website.

Complaints

If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may bring a complaint internally through our complaints process or you may decide to make a formal complaint with the Office of the Australian Information Commissioner (www.oaic.gov.au) (which is the regulator responsible for privacy in Australia).

We will deal with complaints as follows:

Step 1: let us know

If you would like to make a complaint, you should let us know by contacting the CFF secretary (see below for contact details).

Step 2: investigation of complaint

Your complaint will be investigated by the CCF secretary and CCF Governance lead.

A response to your complaint will be provided in writing within a reasonable period.

Step 3: Contact OAIC

We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:

Office of the Australian Information Commissioner (OAIC)

Complaints must be made in writing.

1300 363 992
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
www.oaic.gov.au

Contact us

Any complaints or correspondence in relation to this Privacy Policy should be sent to the CCF Secretary at: secretary@certacitofoundation.org.au