CR 000 750 Privacy Policy
1. PURPOSE AND SCOPE
The Adventist Development and Relief Agency Australia Ltd ABN 85 109 435 618 (ADRA) is the humanitarian arm of the Seventh-day Adventist Church. This Privacy policy outlines how ADRA manages and treats private personal (including sensitive) information collected by the organisation in the course of its operations.
This policy describes the kinds of information collected, reasons for collecting it, how it is used and safely stored. It outlines how any person who has provided personal or private information to ADRA can access and correct that information and the privacy complaints process. It also sets out expectations for the behaviour and standards of professional and personal conduct for ADRA Australia’s employees, volunteers, contractors and Company Directors hereinafter referred to as ADRA Australia Personnel, in relation to handling of private information that they may have access to in the course of their engagement with ADRA Australia.
2. POLICY STATEMENT
A. What information do we collect?
ADRA collects personal information about donors, volunteers, employees, service recipients, program participants or clients of ADRA and other individuals connected to ADRA. The kinds of personal information collected vary depending on the interaction with you and may include, but not limited to:
- your name, contact information (e.g., mailing address, telephone number, email address);
- your date of birth;
- your gender;
- your bank account or payment card details and transaction history records concerning ADRA;
- your employment or volunteer information and history, including academic or qualification information;
- information about roles you have within ADRA;
- copies of correspondence with ADRA;
- information about training you have completed and the Codes of Conduct you have agreed to;
- information about your health and medical records;
- information pertaining to whether you are a “person of concern” with Adsafe*[See definition at end of this document].
Some of the information ADRA collects can be deemed “sensitive information” as defined in the Privacy Act 1988 (Cth). For example, if you make an application for employment with ADRA, or to volunteer at an ADRA activity, ADRA may collect sensitive information about you relating to child safeguarding checks, your criminal record history, and your health. ADRA may also collect information about your ethnic and cultural background, language skills and religious affiliation to help us better utilise your attributes with roles and opportunities that suit your skills and profile. ADRA will not collect, hold, use or disclose sensitive information (including health information or criminal records) about you unless you give us your consent to do so, or where required by law.
You have the option of not identifying yourself or using a pseudonym when dealing with us in relation to a particular matter, unless we believe it is impracticable to do so in the circumstances. If you wish to deal with us in this manner, you must tell us in writing so that we can consider if your request is practicable.
B. How do we collect your information?
ADRA collects your details via communications with you, including:
- where you fill out one of our forms,
- if you contact us, either in person or
• by email correspondence, telephone or online;
• via social media;
• when you attend an ADRA event;
• when you make a donation;
• register to become; a volunteer or otherwise be associated with ADRA such as an ADRA Leader or Prayer Warrior; - apply for employment or wish to serve as a volunteer;
- participate in any marketing or fundraising campaigns.
ADRA may also collect personal information about you from third parties, such as:
- nominated referees during job applications;
- schools, churches or youth groups;
- employers;
- family or friends;
- child protection agencies and community support agencies;
- service providers;
- government child safeguarding services.
ADRA could also collect information about you that is publicly available, for example, from:
- public registers
- social media,
- information that is made available to us by third parties.
ADRA utilises ‘cookies’ which enable us to monitor traffic patterns on the ADRA website and to serve you more efficiently if you revisit it. Cookies are not designed to “identify” you, as in your name or your “real-world” identity, but it does identify your computer (including your phone, tablet or other access device). You can set your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it in each instance. As a general rule, however, it is not possible to identify you personally from our use of cookies.
C. What do we use your information for?
The main purpose for collecting your personal information is to enable ADRA to deliver its humanitarian, aid and related programs and services. ADRA may use and disclose your personal information (to the extent permitted by legislation) for the purpose of:
- conducting our activities;
- employing staff and volunteers;
- processing donations;
- to inform you about promotions;
- fundraising and activities which we think you may be interested in;
- marketing, improving, supporting and enhancing our programs and services;
- communicating with you; and
- meeting our legal obligations.
From time to time, ADRA may also compile statistical data from you for fundraising benchmarking and analytics purposes.
If you do not wish to receive information about promotions, fundraising or you can always opt-out by selecting in the communication piece or by contacting us on the details below.
D. Who do we disclose your information to?
ADRA may disclose personal information to our related organisations, such as ADRA offices in other countries and the Seventh-day Adventist Church, which assist us with the provision and functioning of our activities (including through facilitating overseas volunteering opportunities, overseeing our aid and development programs, and assisting with processing applications for employment and volunteering).
ADRA may also disclose your personal information to other companies or individuals who assist us in supplying our programs and services or who perform functions on our behalf, including Adsafe, who assists ADRA with volunteer and employee screening in the assessment and management of Child and Vulnerable Adult Protection risks; and others such as auditors, fundraising and benchmarking analysts; cloud and other IT service providers; where required or authorised by law to do so; and to anyone else whom you authorise us to disclose it.
E. Use, storage and disclosure of personal information overseas
Use, storage and disclosure of personal or sensitive information may be made to or by parties located overseas. This may include in countries to which we provide volunteers for our programs and services, or where there are other ADRA offices, as part of the ADRA global network. Details of the locations where ADRA delivers its programs and services can be found on ADRA’s website, here https://www.adra.org.au/adra-network/. Disclosure of personal or sensitive information to recipients overseas will generally involve disclosure to international recipients as part of the ADRA global network and only to the extent necessary to carry out ADRA programs and services.
Before we send your personal information overseas, we will take reasonable steps to ensure that the recipient will not breach the Australian Privacy Principles. Depending on ADRA’s relationship with the recipient (including whether it is part of the ADRA global network or of the Seventh-day Adventist Church), the reasonable steps taken may include contractual obligations to treat your personal information in substantially the same way as required under the Australian Privacy Principles.
For any other circumstances where we need to disclose your personal information overseas, we will expressly inform you of the disclosure and obtain your consent.
When you agree to our Privacy Policy, you consent to us disclosing your personal information, including sensitive information, outside Australia. You understand that by giving us this consent, you may not be able to seek redress in the overseas jurisdiction if the overseas recipient handles information in breach of the Australian Privacy Principles. Your consent does not in any way lessen our commitment and the measures we take to safeguard your privacy, but it may exclude us from liability under Australian Privacy Principle 8.1 for any breach of the Australian Privacy Principles by such overseas recipients.
F. Keeping your information secure
ADRA holds your personal information securely through physical and electronic means.
ADRA Australia may store your personal information in different ways, including:
- in our electronic database (with password protection);
- in paper files (in locked storage);
- on our IT file server (with password protection);
- in cloud storage (with password protection and encryption);
- within our local activities if applicable (accessible only by authorised personnel).
Generally, personal information is maintained on a secure database and in hard copy files located in Australia. Storage of personal information of staff and volunteers may also be undertaken on our behalf by the Seventh-day Adventist Church.
ADRA takes precautionary and reasonable steps to protect your information from risks such as misuse, interference and loss, and from unauthorised access, modification or disclosure. These reasonable steps include:
- training and reminding our staff of their obligations with regard to personal information;
- implementing strong password protection strategies and raising staff awareness about the importance of protecting access credentials;
- using software which encrypts information (where a lock symbol appears on the browser window);
- utilising passwords, firewalls and virus scanning tools, and protection in buildings where personal information is stored, to prevent against unauthorised access to our systems;
- complying with the Payment Card Industry Data Security Standard (PCI DSS) to ensure all donor credit card information is securely transmitted, processed and stored;
- keeping abreast of developments in security and encryption technologies; and
- restricting staff and volunteers that have access to the databases that store user information and to personal files.
Unfortunately, no data transmission over the internet can be guaranteed as secure. Accordingly, although we strive to protect your information, we cannot ensure or warrant the security of any information you transmit to us or from our online products or services and you do so at your own risk. However, once we receive your transmission, we will take all reasonable steps to preserve the security of the information in our own systems.
If we no longer require your personal information, ADRA will take reasonable steps to destroy or de-identify it.
G. Accessing and correcting your information
ADRA seeks to ensure that all personal information collected and stored in its files and database systems is correct and accurate. Individuals may at any time request access to, or correction of, the personal information ADRA holds by contacting us on the details set out below. Before providing access to or correcting your personal information, we may also require you to verify your identity. ADRA will endeavour to meet or advise of the outcome of such a request within 30 days of receipt of that request.
H. Enquiries and complaints
For any privacy enquiries, issues or concerns, including a complaint that ADRA has breached the Australian Privacy Principles, contact us via the details set out below:
Mail: The Privacy Officer, ADRA Australia, PO Box 129, Wahroonga, NSW 2076
Phone: +61 2 9489 5488
Email: adra.info@adra.org.au
If anonymous: https://www.surveymonkey.com/r/ContactAnon
Any privacy enquiries must be in writing. Upon receipt of your privacy enquiry or complaint, ADRA will notify you of the making of a decision in as soon as is practicable.
If you are not satisfied with how ADRA handled your complaint or the outcome, you may make a complaint to the Australian Information Commissioner.
You may wish to visit the Office of the Australian Information Commissioner (www.oaic.gov.au) for more information about enquiries, complaints and use of anonymity and use of pseudonyms.
If you would prefer to deal with us anonymously, you are not required to provide your personal information to us. However, ADRA may not be able to investigate and resolve your particular complaint if it is required or authorised by or under an Australian law, or a court/tribunal order, to deal with persons who have identified themselves, or where it is impracticable for ADRA to deal with your complaint unless you provide your name or similar information.
I. How we comply with the Notifiable Data Breaches Scheme
We will notify you in the event your personal (including sensitive) information is involved in a data breach that is likely to result in serious harm.
This notification will include recommendations about the steps you should take in response to the breach. We will also notify The Australian Information Commissioner of eligible data breaches.
Each suspected data breach reported to us will be assessed to determine whether it is likely to result in serious harm, and as a result require notification.
J. Policy updates
Policy revision is done every five years or as needed when legislation changes. The latest version of the Privacy Policy is available on ADRA’s website at https://www.adra.org.au/key-policies/.
*Adsafe – Within the Seventh-day Adventist Church, Adsafe has been assigned the responsibility by the wider church to develop, implement and improve appropriate responses to the risk of Child and Vulnerable Person abuse in the church communities. Adsafe then is a partner in assisting each organisation to minimise and hopefully eliminate abuse in the Church and its entities.
Modified By: A Young/D Grellmann Jun24, McMahon Fearnley Aug 24. Document Version: 2024/1 Legally Reviewed by McMahon Fearnley. Effective Date: 10 Sep 24. Approving Committee: ADRA Board of Directors. Previous IO20440/DB: 2017/1.1. Revision Date: 2029.