EDO ACT recognises the importance of, and is committed to protecting and upholding, the privacy and rights of individuals that EDO ACT deals with in relation to their personal information.
EDO ACT will ensure that:
it meets its legal and ethical obligations as an employer and service provider in relation to protecting the privacy of clients and others
clients are provided with information about their rights regarding privacy
clients, staff and others are provided with privacy when they are being interviewed or discussing matters of a personal or sensitive nature, and
all staff, Management Committee members and volunteers understand what is required in meeting these obligations.
EDO ACT is subject to the Privacy Act 1988 (Cth) (including the Australian Privacy Principles under the Privacy Act 1988 (Cth)) and the Information Privacy Act 2014 (ACT). The EDO ACT is also required to comply with privacy obligations under one or more funding agreements. EDO ACT will follow the guidelines of the Australian Privacy Principles in its information management practices.
Personal information in general terms means any information that can be used to personally identify someone. It includes information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable information.
Sensitive information is a subset of personal information and is given a higher level of protection. Sensitive information is defined in the Privacy Act and includes information or an opinion about an individual’s racial or ethnic origin; political opinions; membership of a political association; religious beliefs or affiliations; philosophical beliefs; membership of a professional or trade association; membership of a trade union; sexual preferences or practices; or criminal record.
4. PERSONAL INFORMATION THE EDO ACT COLLECTS AND HOLDS
The type of information collected will depend on the nature of a person’s interaction with EDO ACT, however EDO ACT may collect the following types of personal information:
identification and contact details, such as name, mailing or street address, email address, telephone number, age or birth date
other personal or sensitive information not covered above which be collected as a result of providing a client with legal advice
details of the services a client has requested or enquired about, or services provided, together with any additional information necessary to respond or deliver those services
any additional information relating to a client that a client provides in-person, by telephone, in writing or via email
when you seek legal assistance, we may collect your name, contact details, details of your guardian (if applicable), financial details and information about the matter you are seeking assistance with EDO ACT
when we provide legal assistance to our clients, we may collect your name, organisation and contact details
when you register for a subscription to a EDO ACT publication, we may collect your name, organisation and contact details and details about the information you access in our publications
when you make a donation to EDO ACT, we may collect your name, organisation, contact details, the amount and frequency of your donation and payment details
when you attend a professional development or training program or attend another event, we may collect your name, organisation, contact details, payment details (if applicable) and any dietary and accessibility requirements
when you participate in a survey, we may collect your name, organisation contact details and your survey responses
when you send us an enquiry, we may collect your name, contact details and details of your query
when you make a complaint, we may collect your name, contact details, the details of your complaint, information collected in any investigation of the matter and details of the resolution of the complaint
when you apply for a role at EDO ACT, we may collect the information you include in your application, including your cover letter, resume, contact details and referee reports.
EDO ACT is also required to collect some personal information relevant to the provision of legal advice under legal profession laws.
EDO ACT also logs server addresses, top level domain names, dates and times of visits, pages viewed and documents downloaded, previous sites visited and browser type (for example, Internet Explorer, Firefox) to analyse trends, administer the website and gather broad demographic information. This information is made anonymous and collected automatically.
5. EDO ACT’S COLLECTION OF YOUR PERSONAL INFORMATION
EDO ACT collects personal information directly from an individual unless it is unreasonable or impracticable to do so. This may occur in a range of ways including in person; by letter, fax, email or telephone; on hard copy forms; through the website; from referring or third parties (with consent); and at events or forums.
6. NOTIFICATION OF COLLECTION OF PERSONAL INFORMATION
The nature of EDO ACT’s work is that, generally, it is not possible to provide services or deal with individuals in an anonymous way. For example, if a client does not provide EDO ACT with the personal information described above EDO ACT may not be able to provide legal services to you, or to provide information about services.
7. WHY EDO ACT COLLECTS, HOLDS, USES AND DISCLOSES PERSONAL INFORMATION
EDO ACT collects, holds, uses and discloses personal information for the following purposes:
to assess whether a client is eligible for assistance
to provide legal services, referral or arrangement of non-legal assistance to clients
to answer enquiries and provide information or advice about EDO ACT’s services
to recruit staff, contractors and volunteers
for planning, quality control and for the creation of anonymous case studies
to update records
for use in monitoring and assessing EDO ACT’s services, including as part of peer review of service, and reporting to funding providers
to process and respond to any complaints, and
to comply with any law, rule, regulation, lawful and binding determination
EDO ACT may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are required or authorised by or under law for which the individual has provided their consent.
8. WHO MAY EDO ACT DISCLOSE YOUR INFORMATION TO
EDO ACT may disclose your personal information to:
employees, volunteers, contractors or service providers for the purposes of providing legal services, fulfilling requests by clients, and to otherwise provide services to individuals including IT systems administrators, couriers, data entry service providers, electronic network administrators, and professional advisors such as accountants, solicitors, barristers and consultants, or provide services to EDO ACT, including managing EDO ACT’s computer network, website, databases, accounts or sending communications from EDO ACT, or on behalf of and as an agent for EDO ACT. In that circumstance at all times the EDO ACT will maintain effective control over the use of your personal information and ensure that it is used only in accordance with this policy.
any organisation for any authorised purpose with the individual’s express consent
other third parties where required by law
EDO ACT does not direct market, or provide personal information to other organisations for the purposes of direct marketing.
EDO ACT does not disclose personal information to anyone outside Australia
9. ACCESSING AND CORRECTING PERSONAL INFORMATION
An individual may request access to any personal information EDO ACT holds about them at any time by contacting EDO ACT (see the details below). Where EDO ACT holds information that an individual is entitled to access, we will try to provide the information in the manner requested (for example, photocopies or by viewing a file) and in a timely way.
There may be instances where EDO ACT cannot grant access to the personal information held. For example, EDO ACT may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, EDO ACT will provide written notice outlining the reasons for the decision and available complaint mechanisms.
If an individual believes that personal information EDO ACT holds about them is incorrect, incomplete or inaccurate, then they may request us to amend it. EDO ACT will then consider if the information requires amendment. If we agree that it requires amendment we will take reasonable steps to correct that information. If EDO ACT does not agree that there are grounds for amendment then the individual may request that EDO ACT add a note to the personal information stating that the relevant individual disagrees with the information and EDO ACT will take reasonable steps to do so.
If EDO ACT corrects personal information about an individual and has previously disclosed that information to another agency or organisation that is subject to the Privacy Act, the individual may ask EDO ACT to notify that other entity and EDO ACT will take reasonable steps to do so, unless this would be impracticable or unlawful.
In addition to above, in circumstances where a client requests access to personal information held by EDO ACT, the Principal Solicitor will view the file and approve any copies of material to be given to the client prior to client access. A copy of the relevant part of the file will be made available to the client as soon as practicable after this.
10. WEBSITE PRIVACY
What personal information is collected by EDO ACT and when is it collected?
EDO ACT only collects personal information that that has been voluntarily provided to us. You can access and browse the EDO ACT website without disclosing any personal information. Instances in which we collect information from users include: a) Responding to inquiries made through our website b) Subscription to our newsletters and other alerts c) Donations to the EDO ACT through our website (Nationbuilder), Givenow.com.au or Everyday Heroes d) Application for membership, or renewal of membership e) purchase of publications or other resources f) Registration for workshops, legal education sessions, conferences and seminars
EDO ACT web site uses the IP (Internet Protocol) addresses of visitors to the site to administer the site, track users’ movements, and to gather broad demographic information. These addresses are not linked to personally identifiable information and therefore the information and statistics does not enable individual users to be identified.
Does EDO ACT use users’ personal information?
We use personal information for the purpose in which it was provided to EDO ACT. EDO ACT will record your email address if you send us a message. It will not be added to a mailing list, unless expressly requested by you. We will also use the information collected to notify you about any changes to our website and services. You can email firstname.lastname@example.org to remove your email address from our mailing lists.
Does EDO ACT share user information?
The only time when a third party will have access to your personally identifiable information is where that third party is managing and/or maintaining the EDO ACT’s computer network, website or databases. In that circumstance at all times the EDO ACT will maintain effective control over the use of your personal information and ensure that it is used only in accordance with this policy. EDO ACT donations are collected through our website (Nation Builder), the GiveNow.com.au website and Everyday Heros. For information on how your personal data will be managed, see their respect privacy policies.
Does this policy cover sites EDO ACT links to?
What other security precautions should users take?
No data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect users’ personal information, EDO ACT cannot ensure or warrant the security of any information transmitted to it or from its online products or services, and users do so at their own risk. Once EDO ACT receives your transmission, we will make every effort to utilise appropriate technologies and security methods to store the information collected and prevent unauthorised access and improper use of the information.
Questions regarding this policy and any changes or updates to personal information we hold should be sent to email@example.com
If an individual believes that their privacy has been breached, please contact our Chief Executive Officer in writing.
EDO ACT treats all complaints confidentially. Upon receipt of a complaint, EDO ACT will try to resolve all complaints in a timely, fair and reasonable way, by providing a response within 30 days.
If an individual is not satisfied with EDO ACT’s response, a complaint can be made to the Office of the Australian Information Commissioner (by telephone: 1300 363 992, by email firstname.lastname@example.org or by post: GPO Box 5218 Sydney NSW 2001).
12. SECURITY AND INTEGRITY OF PERSONAL INFORMATION
EDO ACT takes reasonable steps to ensure that personal information we collect, use and disclose is accurate, up-to-date and complete and relevant. EDO ACT also takes reasonable steps to ensure personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.
13. CONTACTING EDO ACT
14. CHANGES TO THE POLICY