Privacy Policy
This document sets out the principles that the Australasian Centre for Corporate Responsibility (ABN 95 102 677 417) (the Organisation or we, us, our) adopts in relation to the protection and handling of personal information.
The Organisation is committed to protecting your personal information, and does so in accordance with the Australian Privacy Principles (APP), which are set out in Schedule 1 of the Privacy Act 1988 (Cth), and any other applicable state or territory legislation.
NOTE: This Policy does not apply to the personal information of employees of the Organisation – if you are an employee, please refer to ACCR’s Human Resources Privacy Policy for more information about your privacy.
What is personal information?
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information is a type of personal information and includes health information, genetics, race, political opinion or membership, religion, philosophical beliefs, union membership, sexual preference and criminal record.
Health information includes information about physical or mental health or a disability an individual has had at any time, an individual’s express wishes about future provision of health services to him or her, any health service that has been or is to be provided to an individual, any personal information collected to provide or in providing a health service, information collected in connection with a donation or intended donation of body parts, organs or body substances, genetic information that is or could be predictive of health at any time of the individual or a relative of the individual and healthcare identifiers.
What kinds of personal information do we collect?
In certain circumstances, we may collect personal information about you, for example when you contact us, become a member, apply for a job or volunteer position, make a donation, participate in our research or advocacy efforts or otherwise interact with us, use our services or join our mailing list. The type of information we collect may include (but is not limited to):
- your name and date of birth;
- your contact details, such as home and email addresses, and telephone number;
- information about your personal circumstances (eg: marital status, gender, job title and relevant information about your partner and children);
- information about your background (eg: ethnicity, languages spoken, medical history, health and disability information);
- information about your shareholdings;
- financial information (e.g. bank or credit card details); and
We may also monitor and record details of our interactions with you (including any contact we have with you in person, by email, online or on the telephone), for dispute resolution and training purposes.
Where we collect sensitive information from you, including health information, we will do so only with your consent, where you provide such information voluntarily or where otherwise authorised by law. You may withdraw your consent for the Organisation to retain this information at any time.
From time to time, we may also receive unsolicited information, being information that we have not taken active steps to collect. Examples include misdirected mail, unsolicited employment applications and promotional flyers containing personal information.
When we receive such information, we will decide within a reasonable period whether we could have collected it pursuant to the requirements in the APP. If we determine that we could not have collected the information, we will destroy or de-identify it as soon as practicable. Alternatively, if we determine that we could not have collected the information and wish to retain it, we will deal with this information in accordance with our obligations under the APP.
How do we use or disclose your personal information?
The primary purposes for which we collect, hold, use and disclose personal information are to:
- provide, administer, improve and personalise our interactions with our members and supporters;
- Process membership payments, grants, donations and payments;
- identify individuals;
- assess employee or volunteer applications;
- conduct surveys and research;
- protect our lawful interests; and
- respond to your queries or concerns.
We may also collect, use and disclose personal information in connection with lawful information requests from courts, government agencies and lawyers and in connection with suspected fraud, misconduct or unlawful activity.
We may exchange your personal information with service providers, including government agencies, who may provide you with assistance or assist us with archival, auditing, accounting, legal, business, banking, payment, delivery, data processing, storage and analysis, research, investigation, website or technology services.
If you are a donor, mailing list registrant or volunteer, we may use your personal information to provide you with ongoing promotional materials and marketing communications about our events, products, services and fundraising initiatives by telephone, email, online or by other means (unless you opt out or we are subject to legal restrictions).
If you are contemplating making a grant or donation and seek a greater level of anonymity, please contact office@accr.org.au.
If you own shares in companies or represent an organisation which itself owns shares, you may choose to register those shareholdings with us. You can do this through our Shareholder Hub by providing the relevant information, including some of the personal information above. We use this information for the purposes of lodging resolutions. If you register in this program the information we collect may be provided:
- as the Corporations Act requires, to the company secretary of a target company. It is impossible for us to control what the company secretary does with this information; and,
- to save overload, other organisations we know are lodging resolutions similar to those lodged by ACCR with similar target companies.
You can learn more about the information we collect and submit to companies when we lodge shareholder resolutions on our Shareholders' Frequently Asked Questions page.If you become a member, we hold a register which will contain your membership information as required by the Associations Incorporation Act 1991 (ACT). Other members may seek to inspect this register. You may seek to restrict access to this register in accordance with that Act by contacting us at office@accr.org.au.
The Organisation will not disclose your personal information to overseas recipients unless that country has similar privacy laws to those in Australia or you have expressly consented to the Australian requirements not applying to that disclosure.
To facilitate donations and marketing activities, the Organisation uses donorbox.org and Mailchimp respectively. These companies are located in California, USA, and are subject to the California Consumer Privacy Act.
How do we hold and secure your personal information?
The Organisation handles personal information electronically with the assistance of our service providers. A range of measures are implemented to protect the security of that personal information. We also take reasonable steps to destroy or permanently de-identify personal information where it is no longer needed for a permitted purpose.
How do we treat information disclosed through our websites?
Using our websites
We use a website analytics provider, Simple Analytics (https://simpleanalytics.com/), that respects your privacy and collects only the minimal data available to help us understand how people use our website so that we can improve it. Simple Analytics does not use cookies or collect any personal information about you or track your data on other websites like other analytics providers. For a clear account of what information we collect and why, see https://docs.simpleanalytics.com/what-we-collect.
We use services provided by Google to assist us in providing you with a better service. These services may include Google Ads and Conversion Tracking, amongst other Google services from time to time. Google may use cookies to collect personal information about you when you use our website. For a clear account of what information is collected and why, see https://policies.google.com/privacy?hl=en.
Third party websites
Our website may contain links to other websites that are not owned or controlled by us. We are not responsible for the privacy practices or policies of those websites.
Cookies
We use performance cookies to provide a better experience. We also use analytics to ensure our web service is working correctly. You can manage your cookie privacy settings.
Notice for residents of the European Economic Area and United Kingdom
Why we collect information about you
We will use one of the permitted grounds under the General Data Protection Regulation (including as such law forms part of the law of the United Kingdom) (GDPR) or other applicable law to process your information. Such grounds include instances where you have given your consent and cases where your consent is not required under applicable law, such as where we are required to comply with a legal obligation, or where we, or a third party, determine that it is necessary for our legitimate interests to collect and use your personal information.
The legitimate interests to collect your personal information may include any of the purposes identified above and any other purpose where we or a third party have determined that you have a reasonable expectation for us or a third party to collect or use your personal information for such purpose. You have the right to object to the use of your personal data for direct marketing purposes.
The types of personal data we may collect and use
The categories of personal data we may collect will depend on the nature of our relationship with you and the purpose for which information is being collected. Such personal data may include sensitive information, such as certain special categories of personal data (including, in some circumstances, information about a person’s health).
Do we use automated decision-making processes?
No
Transfers of personal information to countries outside of the European Economic Area or United Kingdom
Due to the international nature of our business, your personal data will be transferred to countries outside of the European Economic Area or United Kingdom, such as to jurisdictions where we or our clients conduct business or have a service provider, including countries that may not have the same level of data protection as that afforded by GDPR or other data protection rules applicable to us (collectively, Data Protection Law).
In these circumstances, we take steps to ensure that the recipient agrees to keep your information confidential and that it is held securely in accordance with the requirements of Data Protection Law, such as by requesting appropriate contractual undertakings in our legal agreements with recipients.
Reviewing personal information records
We will, from time to time, review the purpose for which we have collected information about you and decide whether to retain it, update it, or securely delete it, if the information is no longer required.
What are your rights?
You have certain rights under Data Protection Law in respect of the personal data we hold about you and which you may exercise. These rights are:
- to request access to your information;
- to request rectification of inaccurate or incomplete information;
- to request erasure of your information (a “right to be forgotten”);
- to restrict the processing of your information in certain circumstances;
- to object to our use of your information, such as where we have considered such use to be necessary for our legitimate interests (e.g. in the case of direct marketing activities);
- where relevant, to request the portability of your information;
- where you have given consent to the processing of your data, to withdraw your consent; and
- to lodge a complaint with the competent supervisory authority.
How can you request access or amendments to your personal information or make a complaint?
Please contact us using the details set out below if you have any queries or concerns about privacy or wish to access or correct any personal information we may hold about you. We may need to verify your identity.
If you are making an access or correction request, please provide details of the particular information you seek, to help us to locate it. If we deny any request for access or correction, we will provide our reasons. Where we decide not to make a requested correction to your personal information and you disagree, you may ask us to make a note of your requested correction with the information.
The Organisation takes your privacy concerns very seriously. Where you express any concerns that we have interfered with your privacy, we will respond to let you know who will be handling your matter and when you can expect a further response.
Contact: Elisabeth Baraka, Chief Operations Officer
Email: office@accr.org.au
Address: Australasian Centre for Corporate Responsibility, GPO Box 1596, Canberra, ACT 2600, Australia
For information about privacy generally, or if your concerns are not resolved to your satisfaction, you may contact the Office of the Australian Information Commissioner at www.oaic.gov.au and on 1300 363 992.