Purpose

At People First we comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). This Policy outlines our privacy practices.

 It explains how:

(a) we collect, manage, use, store and secure your personal information

(b) you may access and request correction of any record containing your personal information

(c) you may make a complaint about a breach of privacy.

Scope

The Policy applies to our staff, volunteers, contractors and suppliers who handle personal information

collected by People First and any related entities. It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). By providing your personal information to us, you consent to the use, storage and disclosure of the

personal information you provide to us as described in this Policy.

How we manage your Personal Information

We will:

  • take all reasonable steps to ensure we are open and transparent about the way we manage your personal information
  • maintain adequate security of personal information to seek to protect it from misuse, interference and loss from unauthorised access, modification or disclosure
  • conduct risk assessment for all new and significant business projects which consider privacy impacts
  • provide an option for you to use a pseudonym or otherwise be anonymous unless it is impermissible, impractical or inhibits the adequacy or quality of service provided to you
  • provide this Policy free of charge and in an appropriate form for public access
  • periodically review this Policy as well as the privacy practices, procedures and systems across our organisation to ensure that they remain appropriate to the changing environment we operate in.

Personal Information we collect and hold

Kinds of Personal Information

We will only collect information about you that is reasonably necessary for our functions or activities. Consent will be requested for all personal information that is used. This may include:

  • your name, address, contact and bank and credit card details for clients, volunteers, suppliers and donors
  • your image, video and sound recordings
  • sensitive information about you that may include your gender, health, disability,
  • mental health, racial or ethnic origin, criminal convictions, religious affiliation, and
  • other particulars required as part of our funding obligations and/or that are relevant for the proper
  • provision of the services that we provide
  • survey and questionnaire responses

How we collect and hold Personal Information

Where possible, personal information is collected directly from you with your consent at the time of your

interaction with us. In some services, personal information is:

  • received from third parties where you are transferred or referred to us for the services that we provide
  • received from third parties who obtain your personal information from publicly available sources; or transferred between our own services provided it relates to the primary purpose for which it was collected.

Where consent to collection is sought, it is sought voluntarily from you and we will inform you of what

you are consenting to. We will not collect sensitive information about you unless you have consented; it is required by law.

Purposes for which we collect, use and disclose Personal Information

We collect, hold and use personal information only for the primary purposes for which it was collected or

as set out below including:

  • to provide services which may include, housing support, employment services,
  • counselling, and fundraising. Personal information may be shared between more than one legal entity to provide, expand or improve the services we provide to you or to enable a faster delivery of services.
  • to comply with the requirements of funding bodies as part of a funding agreement with us
  • to operate fundraising and charitable activity in support of our objectives
  • to facilitate proper governance processes such as risk management
  • to gather feedback from you and other individuals about the quality of services that we provide so that the services we provide can be continuously improved
  • to undertake marketing, fundraising and promotional activities, including activities to better identify donor sources, events and conferences organised and held by us
  • to satisfy legal obligations, comply with applicable laws and meet the requirements of bodies   which regulate the services we provide
  • to understand, through aggregated information, trends and patterns which we use for research and advocacy
  • to fulfil other purposes which you have consented to.

Disclosure to third parties

We will not disclose your personal information to other external organisations except:

  • as required by funding agreements
  • as required by law
  • for transfer to another service provider in accordance with funding agreements
  • where we have your consent to do so through your acceptance of this Policy and the disclosure
  • relates to the goods or services we provide to you
  • for a purpose permitted by this Policy; or
  • if you request us to do so.

Examples of organisations and/or third parties that your personal information may be provided to

include:

  • third party service providers who assist us with the delivery of services or who provide services to or
  • partner with us to enable us to deliver services including by providing IT services, or in undertaking
  • quality assurance of our services, some of which may be overseas
  • third party service providers who assist us with our ctivities or strategy
  • third parties who assist us with co-ordination of volunteers, community activities and advocacy
  • government or non-government agencies where we have a reasonable concern regarding your safety or wellbeing
  • third parties who collate and/or analyse information for the purposes of research and advocacy
  • third parties for the electronic storage of information, some of which may be overseas

Whilst we seek to ensure through our contracts with external parties that they comply with the Act

regarding the use of your personal information, we have limited control around how some external

parties (for example, government agencies) use your personal information.

How you can access and correct your Personal Information

Access

You are entitled to request access to the personal information held by us about you. This is generally

provided upon your request subject to completion of verification and to access restrictions imposed or permitted by law. Requests are made to the same point of contact to whom you provided your personal information.

Correction

Where you inform us that information held by us about you is inaccurate, out-of-date, incomplete,

irrelevant or misleading, we will correct it where we agree with you. Notices by you to us to amend

information held about you are made to the same point of contact to whom you provided your personal

information. If, having received and considered an application from you to amend your information, we do not consider that the information should be amended, we will not amend it but we will include a note with

the information that you consider that it should be amended, and advise you accordingly.

Retention of personal information

We will retain your personal information in accordance with applicable laws or requirements of any

government or other funding body’s record-keeping requirements.

Mandatory Notifiable Data Breaches

We will comply with the notification and other requirements of the Act where your personal information

held by us has been inadvertently lost or disclosed or improperly accessed and that loss, disclosure or

access may result in serious harm to you.

What to do if you have a privacy enquiry or complaint

If you have an enquiry or a complaint concerning collection, use or management of your personal

information, please direct your enquiry or complaint to the staff member who is your ordinary contact.