Privacy Policy

Introduction

Big Yellow Umbrella is committed to protecting the privacy of personal information which it collects, holds, and administers. Personal information is information which directly or indirectly identifies a person.

Purpose

The purpose of this document is to provide a framework for Big Yellow Umbrella’s staff and volunteers in dealing with privacy considerations.

Policies

Big Yellow Umbrella collects and administers a range of personal information for the purposes of:

  • better understanding client needs
  • knowing who to contact in the event of an emergency
  • being able to work closely with other agencies to determine the best approach to assist a client
  • statutory reporting
  • facilitating funding submissions
  • funding contracts and procurement processes
  • collecting donations
  • managing staff, students and volunteers

Big Yellow Umbrella is committed to protecting the privacy of personal information it collects, holds and administers.

Big Yellow Umbrella recognises the essential right of individuals to have their information administered in ways which they would reasonably expect — protected on one hand and made accessible to them on the other. These privacy values are reflected in and supported by Big Yellow Umbrella’s core values and philosophies and also reflected in this Privacy Policy, which is compliant with the Privacy Act 1988 (Cth).

Big Yellow Umbrella is bound by laws which impose specific obligations when it comes to handling information. Big Yellow Umbrella has adopted the following principles as minimum standards in relation to handling personal information.

Big Yellow Umbrella will:

  • collect only information which it requires for its primary function
  • ensure that stakeholders are informed as to why the information is collected and how Big Yellow Umbrella administers the information gathered
  • use and disclose personal information only for its primary functions or a directly related purpose, or for another purpose with the person’s consent
  • store personal information securely, protecting it from unauthorised access
  • provide stakeholders with access to their own information, and the right to seek its correction

Responsibilities

The Board, Chief Executive Officer and HR Manager are responsible for the implementation and monitoring of all aspects of this Policy and Procedures.

All staff, students and volunteers are responsible for ensuring they fully comply with this Policy and Procedure by observing privacy procedures at all times.

The Chief Executive Officer is responsible for monitoring changes in privacy legislation, and for advising on the need to review or revise this policy as required.

Procedures

Collection

Big Yellow Umbrella will:

  • only collect information that is necessary for the performance and primary function of Big Yellow Umbrella
  • notify stakeholders about why it collects the information and how it is administered
  • collect personal information only by lawful and fair means and not in an unreasonably intrusive way
  • notify stakeholders that this information is accessible to them
  • collect personal information from the person themselves wherever possible
  • if collecting personal information from a third party, be able to advise the person concerned from whom their personal information has been collected
  • collect sensitive information, including health information and information about religious beliefs, race, gender, and others, only with the consent of the person whom the information concerns or if required by law
  • collect sensitive information about an individual if such collection is necessary to prevent or lessen a serious and imminent threat to the life or health of any individual, where the individual whom the information concerns is physically or legally incapable of giving consent to the collection, or physically cannot communicate consent to the collection
  • if Big Yellow Umbrella collects information during the course of the activities of a non-profit organisation, ensure:
    • the information relates solely to the members of the organisation or to individuals who have regular contact with the agency in connection with its activities
    • at or before the time of collecting the information, Big Yellow Umbrella informs the individual who the information concerns that it will not be disclosed without the individual’s consent
    • the collection is necessary for the establishment, exercise or defence of a legal or equitable claim
  • determine, where unsolicited information is received, whether the personal information could have been collected in the usual way, and then if it could have, it will be treated normally. If it could not have been, it must be destroyed, and the person whose personal information has been destroyed will be notified about the receipt and destruction of their personal information

Use and Disclosure

Big Yellow Umbrella will:

  • only use or disclose information for the primary purpose for which it was collected or a directly related secondary purpose
  • for other uses, obtain consent from the affected person
  • in relation to a secondary purpose, use or disclose the personal information only where:
    • a secondary purpose is related to the primary purpose and the individual would reasonably have expected Big Yellow Umbrella to use it for those purposes, or
    • the person has consented, or
    • certain other legal reasons exist, or disclosure is required to prevent serious and imminent threat to life, health, or safety
  • in relation to personal information which has been collected from a person, use the personal information for direct marketing, where that person would reasonably expect it to be used for this purpose, and Big Yellow Umbrella has provided an opt out and the opt out has not been taken up
  • ensure each written direct marketing communication with the individual sets out Big Yellow Umbrella’s business address and telephone number and an address at which the organisation can be directly contacted electronically, and that a wish not to receive any further direct marketing communication is prominently displayed at all times
  • in relation to personal information which has been collected other than from the person themselves, only use the personal information for direct marketing if the person whose personal information has been collected has consented (and they have not taken up the opt-out)
  • provide all individuals access to their personal information except where it is a threat to life or health or it is authorised by law to refuse and, if a person is able to establish that the personal information is not accurate, then Big Yellow Umbrella must take steps to correct it
  • allow a person to attach a statement to their information if Big Yellow Umbrella disagrees it is inaccurate
  • where for a legal or other reason Big Yellow Umbrella is not required to provide a person with access to the information, consider whether a mutually agreed intermediary would allow sufficient access to meet the needs of both parties
  • make no charge for making a request for personal information, correcting the information, or associating a statement regarding accuracy with the personal information
  • if the disclosure of sensitive information is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety and it is impractical for Big Yellow Umbrella to seek the individuals’ consent, and the disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A, make such a disclosure
  • if Big Yellow Umbrella has sufficient reasons to believe that an unlawful activity has been, is being or may be engaged in, and the disclosure of personal information becomes a necessary part of the investigation, make such disclosures
  • further disclose personal information if its disclosure is mandated by an enforcement body or is required for:
    • the prevention, detection, investigation, prosecution or punishment of criminal offences, breaches of a law imposing a penalty or sanction or breaches of a prescribed law
    • the enforcement of laws relating to the confiscation of the proceeds of crime
    • the protection of public revenue
    • the prevention, detection, investigation or remedying of seriously improper conduct or prescribed conduct

Storage

Big Yellow Umbrella will:

  • implement and maintain steps to ensure that personal information is protected from misuse and loss, unauthorised access, interference, unauthorised modification, or disclosure
  • before disclosing any personal information to an overseas recipient including a provider of IT services such as servers or cloud services, establish that they are privacy compliant
  • have systems which provide sufficient security including cyber security protection
  • ensure that Big Yellow Umbrella’s data is up to date, accurate and complete

Destruction and De-identification

Big Yellow Umbrella will:

  • destroy personal information once it is not required to be kept for the purpose for which it was collected, including from decommissioned laptops and mobile phones
  • change information to a pseudonym or treat it anonymously if required by the person whose information Big Yellow Umbrella holds and will not use any government related identifiers unless they are reasonably necessary for its functions
  • notify the person where personal information is provided and stored in relation to data collection required by the funder, and whether it is deidentified or not, and seek consent to hold this information

Data Quality

Big Yellow Umbrella will:

  • take reasonable steps to ensure the information Big Yellow Umbrella collects is accurate, complete, up to date, and relevant to the functions it performs

Data Security and Retention

Big Yellow Umbrella will:

  • only destroy records in accordance with its Records Management Policies and Procedures

Openness

Big Yellow Umbrella will:

  • ensure stakeholders are aware of Big Yellow Umbrella’s Privacy Policies and Procedures and its purposes
  • make this information freely available in relevant publications and on Big Yellow Umbrella’s website

Access and Correction

Big Yellow Umbrella will:

  • ensure individuals have a right to seek access to information held about them and to correct it if it is inaccurate, incomplete, misleading, or not up to date

Big Yellow Umbrella can withhold the access of an individual to his / her information if:

  • providing access would pose a serious and imminent threat to the life or health of an individual
  • providing access would have an unreasonable impact upon the privacy of other individuals
  • the request for access is frivolous or vexatious
  • the information relates to existing or anticipated legal proceedings between the organisation and the individual, and the information would not be accessible by the process of discovery in those proceedings
  • providing access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations
  • providing access would be unlawful
  • providing access would be likely to prejudice an investigation of possible unlawful activity

Anonymity

Big Yellow Umbrella will:

  • allow people from whom the personal information is being collected to not identify themselves or use a pseudonym unless it is impracticable to deal with them on this basis

Making information available to other organisations

Big Yellow Umbrella can:

  • release information to third parties where it is requested by the person concerned
  • release information where it has been instructed to do so by law, such as Section 16A of the Child Protection Act

Related Documents

  • Confidentiality Policies and Procedures
  • Records Management Policies and Procedures
  • Big Yellow Umbrella’s Confidentiality Agreement
  • Privacy Act 1988

Please read our Governance and Policies Page for more information.