Public Privacy Policy
1. POLICY STATEMENT
ALWS is committed to respecting the privacy of all individuals and protecting the confidentiality of personal information in alignment with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the ACFID Quality Assurance Framework.
2. OVERVIEW
This policy explains how ALWS manages personal information throughout its lifecycle, covering aspects such as collection, storage, disclosure, and disposal. It establishes practices that are compliant with the Privacy Act 1988 and internationally recognised standards.
3. GOAL
The purpose of this policy is to outline ALWS’s practices for managing personal and sensitive information in compliance with legal standards, while respecting individuals’ rights to privacy.
4. GUIDING PRINCIPLES
- Minimal Data Collection: We only collect the personal information that we need to achieve our agency objectives.
- Transparency: We secure informed consent before recording personal information, we only use personal information for the purpose it was collected, and we allow individuals to access, correct, or delete their personal information upon request.
- Trustworthiness: We ensure that personal information is securely stored and accessible only to authorised personnel and that all data transfers, especially cross-border, meet privacy compliance standards. We notify individuals promptly in the event of a data breach likely to result in serious harm.
5. SCOPE
This policy applies to all personal information collected, used, stored, and disclosed by ALWS, including but not limited to donors, volunteers, employees, and partners.
6. DEFINITIONS
Personal Information refers to information or an opinion about an identified individual or an individual who is reasonably identifiable, whether recorded in material form or not. Examples of personal information include names, addresses, email addresses and a persons image.
Sensitive Information is a subset of personal information including racial or ethnic origin, political opinions, religious beliefs, health information, or other sensitive attributes that require additional protection.
7. IMPLEMENTATION
Data Collection
ALWS collects personal information directly from individuals or authorised third parties, as relevant to our operational needs.
We collect personal information for purposes such as:
- Conducting humanitarian and development activities.
- Managing employment, volunteer, and donor relations.
- Processing transactions and improving donor engagement.
- Facilitating events
- Fundraising and marketing
- Complying with legal, regulatory, and ACFID standards.
ALWS seeks informed consent when collecting sensitive information, and we use this data only for clearly defined purposes or as required by law.
Data Use and Disclosure
ALWS uses personal information solely for its intended purpose, unless authorised for a secondary use by the individual or as legally required. We disclose information to third-party service providers as necessary, ensuring each complies with equivalent data protection standards.
Data Security
ALWS employs comprehensive technical and organisational measures to safeguard personal data, including:
- Data encryption, password management, and multi-factor authentication.
- Secure physical storage and digital access protocols, including role-based access controls.
- Regular audits and staff training to ensure adherence to security protocols.
Data Breach Response
ALWS is committed to promptly addressing data breaches in compliance with the Notifiable Data Breaches scheme under the Privacy Act.
In the event of a breach likely to cause serious harm, we notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) promptly. Our response plan includes steps to assess, contain, and prevent further breaches, ensuring compliance and transparency.
Cross-border Data Transfer
ALWS may transfer personal information internationally to trusted partners for programmatic or operational purposes. Such transfers are done in alignment with APP 8, and ALWS takes reasonable steps to ensure that international recipients handle data according to Australian privacy standards.
Use of Digital Identifiers
Our websites utilise cookies to enhance user experience and collect analytics. Users can manage their cookie preferences through browser settings.
Individual Rights
Individuals have the right to access, correct, or request deletion of their personal information, subject to legal requirements.
Requests can be submitted to ALWS’s Privacy Officer, who will ensure a timely response, typically within 30 days.
Complaints Process
Individuals who believe their privacy rights have been breached may contact the ALWS Privacy Officer by phone 1300 763 407 or email complaints @alws.org.au to make a complaint.
Complaints are handled confidentially and according to our Complaints Handling Policy. Should the outcome be unsatisfactory, individuals may escalate the complaint to the OAIC.
8. RESPONSIBILITIES
Management is Responsible For:
- Ensuring the privacy policy is implemented and complied with organisation-wide.
- Developing a culture of trust and respect for the personal information entrusted to ALWS.
- Tracking compliance related to this policy, and responding to any concerns that may arise.
- Raising awareness and fostering continuous learning on handling of personal information.
The Board is Responsible For:
- Approving and monitoring compliance with the privacy policy.
The Privacy Officer is Responsible For:
- Addressing privacy-related inquiries and complaints, and overseeing data breach response actions.
All Personnel are Responsible For:
- Following privacy practices, completing required training, and reporting any privacy concerns promptly.
9. RELATED DOCUMENTS
Internal
- Data Breach Response Plan
- ALWS Complaints Policy
- ALWS Code of Conduct
External
- Australian Privacy Act 1988
- Australian Privacy Principles (APPs)
- ACFID Code of Conduct – https://acfid.asn.au/code-of-conduct/
10. REVIEW
This policy will be reviewed at least every three years, with adjustments made to remain aligned with technological advancements and best practices.
11. POLICY CONTROL
- Approval Date: December 2024
- Next Review Date: December 2027
- Responsibility: Community Engagement Manager
- Approved by: ALWS Board