Privacy Policy

BABY GIVE BACK LIMITED 

ACN 22 616 236 983

1. Introduction

  • In the course of our charitable activities in Australia, there are circumstances where we collect personal information. This privacy policy has been developed to ensure that such information is handled appropriately.

  • As a small not-for-profit organisation in Australia, whilst we are not required to comply with the Privacy Act 1988 (Cth) (Privacy Act), we are committed to working towards compliance with the Privacy Act in relation to all of the personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APP), which set out the way in which personal information must be treated. Personal information held by us will be treated in accordance with those principles.

  • This policy also sets out the broad controls that we have adopted to govern the way we use personal information, the circumstances in which we might disclose personal information to third parties, how persons can access their personal information held by us and what they can do if they are unhappy with our treatment of their personal information.

  • Unless expressly stated otherwise in this privacy policy, a reference to ‘we’, ‘us’, and ‘our’ is a reference to Baby Give Back Limited ACN 616 236 983 and each member of Baby Give Back Limited’s related bodies corporate, officers, employees, agents and contractors of such entities.

  • By providing your details, you consent to us collecting, holding, using and disclosing your personal information in accordance with this policy.

Who does the privacy policy apply to? 

This policy applies to any person for whom we currently hold, or may in the future collect, personal information, including:

  • our employees and volunteers;

  • our donors and supporters; 

  • social services agencies we engage with;

  • clients of social services agencies that we provided charitable services to;

  • other third parties that engage with us.

This policy does not apply to acts and practices relating to ‘employee records’ of our current or former employees, as these are exempt from the Privacy Act.

What information does the privacy policy apply to?

  • This policy applies to personal information (including sensitive information). In broad terms, 'personal information' is information or opinions relating to a particular individual who can be identified.

  • Information is not personal information where the information cannot be linked to an identifiable individual.

  • There are also references in this policy to ‘sensitive information’, which is a subset of personal information, relating to information or opinions about a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record or health or genetic information about an individual that is not otherwise health information.

Anonymity and pseudonymity

  • In limited circumstances, it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you would like to use a pseudonym or remain anonymous you should notify us when making first enquiries. We will use our best endeavours to accommodate your request, subject to our ability to interact with you without having your personal information.

  • In particular, any donors or supporters that would like to request ongoing anonymity, or anonymity in certain instances, should reach out to our privacy officer identified in section 8 for further steps on how to achieve this.

  • You do not have to provide your personal information to us, but if you do not provide the information we request, we may not be able to provide you with our services or otherwise engage with you.

2. How do we manage the personal information we collect?

We manage the personal information we collect in numerous ways, such as by:

  • implementing procedures for identifying and managing privacy risks at each stage of the information lifecycle, including collection, use, disclosure, storage, destruction or de-identification;

  • implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;

  • providing staff and volunteers with training on privacy issues;

  • appropriately supervising staff and volunteers who regularly handle personal information;

  • implementing mechanisms to ensure any agents or contractors who deal with us comply with our privacy policy;

  • implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints; and

  • allowing individuals the option of not identifying themselves, or using a pseudonym, when dealing with us in particular circumstances.

However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.

For any and all personal information and sensitive information that we collect and manage, we will also record the method by which the consent to have such information was obtained.

As with all personal information, we will take reasonable steps to destroy or permanently de-identify personal information if that information is no longer needed for the purposes for which it may be used or disclosed under the APPs.

You may request further information surrounding information security and management from the Privacy Officer identified in section 8 of this policy.

3. What kinds of information do we collect and hold?

We obtain consent to holding information which is received through our products and marketing channels.

The information that we may collect and hold will only be used as long as the person consenting is engaged with our services. Section 8 outlines what steps will be taken if there are concerns or a request for consent to holding personal information to be withdrawn from our databases.

Personal information

The personal information we may collect differs, depending on the nature of our interaction with you.

We may collect and hold personal information about you, which may include:

  • sensitive information (see paragraph 3.5), such as health information, racial or ethnic origin;

  • contact and identification information, including names and email addresses;

  • financial information and bank details;

  • date and place of birth;

  • employment arrangements and history;

  • details of incidences, enquiries or complaints;

  • records of contact and details of conversations, correspondence made or received; and

  • any other personal information required to provide our charitable services or engage with our donors, supporters, staff, volunteers and other third parties that deal with us.

Sensitive information

‘Sensitive information’ is a subset of personal information under the Privacy Act and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.

We generally do not collect sensitive information but on occasion we may collect this information if it is relevant to the delivery of our products or services.

In any case, we will not collect sensitive information without the consent of the individual to whom the information relates unless permitted under the Privacy Act.

Web-generated information

Our website may also automatically collect hardware and software information about your computer or device, including but not limited to:

  • information provided when you interact with our website ;

  • your IP address;

  • your browser type;

  • the types of devices you are using to access our website;

  • the language and operating system of the device being used;

  • domain names, access times and referring website addresses;

  • information about pages, content or advertisements you have browsed or clicked on; and

  • page clicks, time spent and other automatically collected meta-data.

4. How and when do we collect information?

How do we collect personal information?

Our usual approach to collecting personal information is to collect it directly from you or from service providers that are assisting you by engaging with us, such as social services agencies, via (for example) email, telephone calls, meetings or online forms, surveys and questionnaires.

We may also collect personal information in other ways, sometimes from a third party, in the course of conducting our operations, which may include:

  • your representatives and advisers;

  • through referrals from individuals or other entities;

  • through marketing and business development events;

  • government bodies (such as relevant departments, regulatory authorities etc.);

  • from competitions and fundraising activities; and

  • via our website and other online profiles such as social media platforms.

Where reasonable and practicable, we will collect personal information directly from you and inform you that this is being done.

How do we collect sensitive information?

We will not collect sensitive information without the consent of the person to whom it relates unless the collection is required by law, is necessary to prevent or lessen a serious and imminent threat to the person’s (or another person’s) wellbeing or is necessary in relation to legal proceedings (current, anticipated, or potential).

5. How do we hold personal information?

Our usual approach to holding personal information includes storing it:

physically:

  • at our premises; and

  • off-site, by third party physical storage providers;

electronically:

  • on online servers;

  • on a private cloud;

  • by a third party data storage provider; and

  • on our website.

We implement and maintain processes and security measures to protect the personal information which we hold from misuse, interference or loss, and from unauthorised access, modification or disclosure. Some of these processes and systems include:

  • using unique usernames, passwords and other protections on systems that can access personal information;

  • holding certain sensitive documents and personal information securely;

  • where appropriate, de-identifying or destroying documents containing personal information;

  • arranging for our employees to complete training about information security; and

  • monitoring and reviewing our policies.

If an individual ceases to be involved with, or unsubscribes from our services, we will remove all personal information and sensitive information associated with that individual from our records. If an individual later wants to resubscribe, that individual will be required to go through the proper process as we will be unable to restore that personal information which has previously been removed.

6. Why do we collect, hold, use or disclose personal information?

Our use of personal information depends on the reason for which it was collected. We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it.

The primary purpose for which information is collected varies but is generally as follows:

  • provide charitable services to you, via support service agencies, and manage our relationship with you;

  • comply with our legal obligations; or

  • engage with you as a donor, supporter, volunteer, employee or third-party service provider.

In the case of potential employees and volunteers, the primary purpose that the information is collected for is to assess the individual’s suitability for the relevant role.

Personal information may also be collected, held, used or disclosed by us for secondary purposes that are within your reasonable expectations and that are related to the primary purpose of collection.

For example, we may collect and use your personal information to:

  • ask you to support or donate to us;

  • provide you with updates and alerts that are relevant to our activities; and

  • invite you to events.

We may disclose personal information to:

  • our external auditors, legal and other advisers;

  • government bodies (such as relevant departments, regulatory authorities etc.);

  • other service providers to assist our functions or activities (such as businesses that help us with our marketing and promotion, assist us to improve and manage our services and professional advisers we engage);

  • our third-party technology providers such as our data storage providers and email filter providers; and

  • other third parties as we determine appropriate.

In circumstances where a disclosure is necessary to a third party, we will require that the third party undertake to treat the personal information in accordance with the APP.

Otherwise, we will only disclose personal information to third parties without your consent if the disclosure is:

  • necessary to protect or enforce our legal rights or interests or to defend any claims;

  • necessary to prevent or lessen a serious threat to a persons’ health or safety; or

  • required or authorised by law.

Under no circumstances will we sell or rent your personal information to anyone, including other charitable organisations, without your consent.

If you do not provide us with your personal information, we may not be able to provide you with our services, communicate with you or respond to your enquiries.

Do we use your personal information for marketing?

Based on the nature of our charitable services, individuals who engage with us would reasonably expect their personal information to be used for the purpose of direct marketing. We will use your personal information to offer products or services we believe may interest you but will not do so if you opt-out.

When you receive electronic marketing communications from us, you may opt-out of receiving further marketing communications by following the opt-out instructions provided in the communication.

Use of cookies

Our website may use ‘cookies’, a text file that is placed on your hard disk by a webpage server. Cookies are uniquely assigned to you.

The use of cookie technology allows us to collect information such as browser type and geographical location as well as to identify and understand the navigation of visitors to our website.

Cookies allows us to:

  • maximise the efficiency of a website visit by delivering customised content and advertising;

  • gauge the effectiveness of the site’s customised marketing materials; and

  • investigate or take action regarding any unlawful activities.

We do not use cookies to collect personally identifiable information about a person. However, a person can choose to reject or block the cookies set out by us by changing the browser settings. Please note that most browsers automatically accept cookies. To ensure cookies are not used, the user needs to actively delete or block the cookies. This may affect your ability to access all parts of the website.

7. Will we disclose personal information outside Australia?

We do not directly disclose personal information outside of Australia. However, we may utilise a cloud or other outsourced IT services which may result in personal information being stored overseas.

We may also use services from time to time to manage and improve our services and the third party service providers we engaged may be located, or have their IT services, located overseas.

We will not set out to transfer personal information overseas to a third party, unless:

  • we have the consent of the person to whom the information relates to do so;

  • the receiving party provides commitments to privacy and confidentiality that are at least equal to the APP; or

  • the receiving party is under privacy protection laws that offer at least the same level of protection as required under the Privacy Act in Australia.

8. How do you make complaints and access and correct your personal information?

It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.

Access to information and correcting personal information

You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.

If you request access to the personal information held by us, we will abide by the steps set out below when responding to such requests.

We will grant you access to your personal information as soon as possible within a reasonable timeframe, subject to the request circumstances.

In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without first obtaining proof of identity.

  • We may deny access to personal information if:

  • the request is unreasonable, frivolous or vexatious;

  • providing access would have an unreasonable impact on the privacy of another person;

  • providing access would pose a serious and imminent threat to the life or health of any person;

  • providing access would compromise our ethical or other obligations;

  • providing access would prejudice our legal rights; or

  • there are other legal grounds to deny the request.

If we refuse to give access to personal information due to one of the reasons set out in section 8.7 above, we will provide you with a written notice that sets out:

  • the reasons for the refusal; and

  • the mechanisms available to complain about the refusal.

We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.

If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.

Notification of rights and how to exercise them

As part of our commitment to providing access to what information we collect, as well as notifying you of your rights and how to exercise them, we provide directly linked access to our privacy policy across all platforms that allow individuals to sign up to receive our newsletters, including:

  • our website, https://www.babygiveback.org/;

  • our MailChimp sign up form, https://mailchi.mp/babygiveback/bgbsignup;

  • email requests (including in signatures and on ‘thank you’s’ via Raisely and Salesforce);

  • on Raisely donation pages; and

  • volunteer registration.

Complaints

If you wish to complain about an interference with your privacy, then you must follow the following process:

  • the complaint must be first made to us in writing and send it to us using the contact details in this section. We will have a reasonable time to respond to the complaint.

  • If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.

Who to contact

If there are any questions regarding the privacy policy or the way we manage personal information, or if there are any concerns about our treatment of personal information, we can be contacted using the below details.

A person may also make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:

Privacy Officer: Carly Fradgley, Chief Executive Officer

Postal Address: Unit 10/15 John Duncan Ct, Varsity Lakes QLD 4227

Telephone number: 0406 301 329

Email address: carly@babygiveback.org

9. Changes to the policy

We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.